azure-sdk-for-go: github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight Index | Files | Directories

package securityinsight

import "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight"

Package securityinsight implements the Azure ARM Securityinsight service API version 2019-01-01-preview.

API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

Index

Package Files

actions.go alertrules.go alertruletemplates.go bookmarks.go casecomments.go cases.go casesaggregations.go client.go comments.go dataconnectors.go entities.go entityqueries.go models.go officeconsents.go operations.go productsettings.go version.go

Constants

const (
    // DefaultBaseURI is the default URI used for the service Securityinsight
    DefaultBaseURI = "https://management.azure.com"
)

func UserAgent Uses

func UserAgent() string

UserAgent returns the UserAgent string to use when sending http.Requests.

func Version Uses

func Version() string

Version returns the semantic version (see http://semver.org) of the client.

type AADDataConnector Uses

type AADDataConnector struct {
    // AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties.
    *AADDataConnectorProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Etag - Etag of the data connector.
    Etag *string `json:"etag,omitempty"`
    // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection'
    Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AADDataConnector represents AAD (Azure Active Directory) data connector.

func (AADDataConnector) AsAADDataConnector Uses

func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAATPDataConnector Uses

func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsASCDataConnector Uses

func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAwsCloudTrailDataConnector Uses

func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsBasicDataConnector Uses

func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsDataConnector Uses

func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMCASDataConnector Uses

func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMDATPDataConnector Uses

func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsOfficeDataConnector Uses

func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsTIDataConnector Uses

func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) MarshalJSON Uses

func (adc AADDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AADDataConnector.

func (*AADDataConnector) UnmarshalJSON Uses

func (adc *AADDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AADDataConnector struct.

type AADDataConnectorProperties Uses

type AADDataConnectorProperties struct {
    // TenantID - The tenant id to connect to, and get the data from.
    TenantID *string `json:"tenantId,omitempty"`
    // DataTypes - The available data types for the connector.
    DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AADDataConnectorProperties AAD (Azure Active Directory) data connector properties.

type AATPDataConnector Uses

type AATPDataConnector struct {
    // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties.
    *AATPDataConnectorProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Etag - Etag of the data connector.
    Etag *string `json:"etag,omitempty"`
    // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection'
    Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector.

func (AATPDataConnector) AsAADDataConnector Uses

func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAATPDataConnector Uses

func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsASCDataConnector Uses

func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAwsCloudTrailDataConnector Uses

func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsBasicDataConnector Uses

func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsDataConnector Uses

func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMCASDataConnector Uses

func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMDATPDataConnector Uses

func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsOfficeDataConnector Uses

func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsTIDataConnector Uses

func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) MarshalJSON Uses

func (adc AATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AATPDataConnector.

func (*AATPDataConnector) UnmarshalJSON Uses

func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct.

type AATPDataConnectorProperties Uses

type AATPDataConnectorProperties struct {
    // TenantID - The tenant id to connect to, and get the data from.
    TenantID *string `json:"tenantId,omitempty"`
    // DataTypes - The available data types for the connector.
    DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties.

type ASCDataConnector Uses

type ASCDataConnector struct {
    // ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties.
    *ASCDataConnectorProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Etag - Etag of the data connector.
    Etag *string `json:"etag,omitempty"`
    // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection'
    Kind KindBasicDataConnector `json:"kind,omitempty"`
}

ASCDataConnector represents ASC (Azure Security Center) data connector.

func (ASCDataConnector) AsAADDataConnector Uses

func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAATPDataConnector Uses

func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsASCDataConnector Uses

func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAwsCloudTrailDataConnector Uses

func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsBasicDataConnector Uses

func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsDataConnector Uses

func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMCASDataConnector Uses

func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMDATPDataConnector Uses

func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsOfficeDataConnector Uses

func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsTIDataConnector Uses

func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) MarshalJSON Uses

func (adc ASCDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ASCDataConnector.

func (*ASCDataConnector) UnmarshalJSON Uses

func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ASCDataConnector struct.

type ASCDataConnectorProperties Uses

type ASCDataConnectorProperties struct {
    // SubscriptionID - The subscription id to connect to, and get the data from.
    SubscriptionID *string `json:"subscriptionId,omitempty"`
    // DataTypes - The available data types for the connector.
    DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

ASCDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties.

type AccountEntity Uses

type AccountEntity struct {
    // AccountEntityProperties - Account entity properties
    *AccountEntityProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL'
    Kind KindBasicEntity `json:"kind,omitempty"`
}

AccountEntity represents an account entity.

func (AccountEntity) AsAccountEntity Uses

func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsAzureResourceEntity Uses

func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsBasicEntity Uses

func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsCloudApplicationEntity Uses

func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsDNSEntity Uses

func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsEntity Uses

func (ae AccountEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsFileEntity Uses

func (ae AccountEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsFileHashEntity Uses

func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsHostEntity Uses

func (ae AccountEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsIPEntity Uses

func (ae AccountEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsMalwareEntity Uses

func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsProcessEntity Uses

func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsRegistryKeyEntity Uses

func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsRegistryValueEntity Uses

func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSecurityAlert Uses

func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSecurityGroupEntity Uses

func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsURLEntity Uses

func (ae AccountEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) MarshalJSON Uses

func (ae AccountEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AccountEntity.

func (*AccountEntity) UnmarshalJSON Uses

func (ae *AccountEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AccountEntity struct.

type AccountEntityProperties Uses

type AccountEntityProperties struct {
    // AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.
    AccountName *string `json:"accountName,omitempty"`
    // NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY.
    NtDomain *string `json:"ntDomain,omitempty"`
    // UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.
    UpnSuffix *string `json:"upnSuffix,omitempty"`
    // Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18.
    Sid *string `json:"sid,omitempty"`
    // AadTenantID - READ-ONLY; The Azure Active Directory tenant id.
    AadTenantID *string `json:"aadTenantId,omitempty"`
    // AadUserID - READ-ONLY; The Azure Active Directory user id.
    AadUserID *string `json:"aadUserId,omitempty"`
    // Puid - READ-ONLY; The Azure Active Directory Passport User ID.
    Puid *string `json:"puid,omitempty"`
    // IsDomainJoined - READ-ONLY; Determines whether this is a domain account.
    IsDomainJoined *bool `json:"isDomainJoined,omitempty"`
    // DisplayName - READ-ONLY; The display name of the account.
    DisplayName *string `json:"displayName,omitempty"`
    // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.
    ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"`
    // HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined)
    HostEntityID *string `json:"hostEntityId,omitempty"`
    // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
    FriendlyName *string `json:"friendlyName,omitempty"`
    // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
    AdditionalData map[string]interface{} `json:"additionalData"`
}

AccountEntityProperties account entity property bag.

func (AccountEntityProperties) MarshalJSON Uses

func (aep AccountEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AccountEntityProperties.

type Action Uses

type Action struct {
    autorest.Response `json:"-"`
    // Etag - Etag of the action.
    Etag *string `json:"etag,omitempty"`
    // ActionProperties - Action properties
    *ActionProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
}

Action action for alert rule.

func (Action) MarshalJSON Uses

func (a Action) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Action.

func (*Action) UnmarshalJSON Uses

func (a *Action) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Action struct.

type ActionProperties Uses

type ActionProperties struct {
    // TriggerURI - The uri for the action to trigger.
    TriggerURI *string `json:"triggerUri,omitempty"`
}

ActionProperties action property bag.

type ActionsClient Uses

type ActionsClient struct {
    BaseClient
}

ActionsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewActionsClient Uses

func NewActionsClient(subscriptionID string) ActionsClient

NewActionsClient creates an instance of the ActionsClient client.

func NewActionsClientWithBaseURI Uses

func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient

NewActionsClientWithBaseURI creates an instance of the ActionsClient client.

func (ActionsClient) ListByAlertRule Uses

func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListPage, err error)

ListByAlertRule gets all actions of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (ActionsClient) ListByAlertRuleComplete Uses

func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListIterator, err error)

ListByAlertRuleComplete enumerates all values, automatically crossing page boundaries as required.

func (ActionsClient) ListByAlertRulePreparer Uses

func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

ListByAlertRulePreparer prepares the ListByAlertRule request.

func (ActionsClient) ListByAlertRuleResponder Uses

func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error)

ListByAlertRuleResponder handles the response to the ListByAlertRule request. The method always closes the http.Response Body.

func (ActionsClient) ListByAlertRuleSender Uses

func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error)

ListByAlertRuleSender sends the ListByAlertRule request. The method will close the http.Response Body if it receives an error.

type ActionsList Uses

type ActionsList struct {
    autorest.Response `json:"-"`
    // NextLink - READ-ONLY; URL to fetch the next set of actions.
    NextLink *string `json:"nextLink,omitempty"`
    // Value - Array of actions.
    Value *[]Action `json:"value,omitempty"`
}

ActionsList list all the actions.

func (ActionsList) IsEmpty Uses

func (al ActionsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type ActionsListIterator Uses

type ActionsListIterator struct {
    // contains filtered or unexported fields
}

ActionsListIterator provides access to a complete listing of Action values.

func NewActionsListIterator Uses

func NewActionsListIterator(page ActionsListPage) ActionsListIterator

Creates a new instance of the ActionsListIterator type.

func (*ActionsListIterator) Next Uses

func (iter *ActionsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListIterator) NextWithContext Uses

func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (ActionsListIterator) NotDone Uses

func (iter ActionsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (ActionsListIterator) Response Uses

func (iter ActionsListIterator) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListIterator) Value Uses

func (iter ActionsListIterator) Value() Action

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type ActionsListPage Uses

type ActionsListPage struct {
    // contains filtered or unexported fields
}

ActionsListPage contains a page of Action values.

func NewActionsListPage Uses

func NewActionsListPage(getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage

Creates a new instance of the ActionsListPage type.

func (*ActionsListPage) Next Uses

func (page *ActionsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListPage) NextWithContext Uses

func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (ActionsListPage) NotDone Uses

func (page ActionsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (ActionsListPage) Response Uses

func (page ActionsListPage) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListPage) Values Uses

func (page ActionsListPage) Values() []Action

Values returns the slice of values for the current page or nil if there are no values.

type Aggregations Uses

type Aggregations struct {
    autorest.Response `json:"-"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation'
    Kind KindBasicAggregations `json:"kind,omitempty"`
}

Aggregations the aggregation.

func (Aggregations) AsAggregations Uses

func (a Aggregations) AsAggregations() (*Aggregations, bool)

AsAggregations is the BasicAggregations implementation for Aggregations.

func (Aggregations) AsBasicAggregations Uses

func (a Aggregations) AsBasicAggregations() (BasicAggregations, bool)

AsBasicAggregations is the BasicAggregations implementation for Aggregations.

func (Aggregations) AsCasesAggregation Uses

func (a Aggregations) AsCasesAggregation() (*CasesAggregation, bool)

AsCasesAggregation is the BasicAggregations implementation for Aggregations.

func (Aggregations) MarshalJSON Uses

func (a Aggregations) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Aggregations.

type AggregationsKind Uses

type AggregationsKind string

AggregationsKind enumerates the values for aggregations kind.

const (
    // AggregationsKindCasesAggregation ...
    AggregationsKindCasesAggregation AggregationsKind = "CasesAggregation"
)

func PossibleAggregationsKindValues Uses

func PossibleAggregationsKindValues() []AggregationsKind

PossibleAggregationsKindValues returns an array of possible values for the AggregationsKind const type.

type AggregationsKind1 Uses

type AggregationsKind1 struct {
    // Kind - The kind of the setting. Possible values include: 'AggregationsKindCasesAggregation'
    Kind AggregationsKind `json:"kind,omitempty"`
}

AggregationsKind1 describes an Azure resource with kind.

type AggregationsModel Uses

type AggregationsModel struct {
    autorest.Response `json:"-"`
    Value             BasicAggregations `json:"value,omitempty"`
}

AggregationsModel ...

func (*AggregationsModel) UnmarshalJSON Uses

func (am *AggregationsModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AggregationsModel struct.

type AlertRule Uses

type AlertRule struct {
    autorest.Response `json:"-"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Etag - Etag of the alert rule.
    Etag *string `json:"etag,omitempty"`
    // Kind - Possible values include: 'KindAlertRule', 'KindScheduled'
    Kind Kind `json:"kind,omitempty"`
}

AlertRule alert rule.

func (AlertRule) AsAlertRule Uses

func (ar AlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsBasicAlertRule Uses

func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsScheduledAlertRule Uses

func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) MarshalJSON Uses

func (ar AlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRule.

type AlertRuleKind Uses

type AlertRuleKind string

AlertRuleKind enumerates the values for alert rule kind.

const (
    // Filter ...
    Filter AlertRuleKind = "Filter"
    // Fusion ...
    Fusion AlertRuleKind = "Fusion"
    // Scheduled ...
    Scheduled AlertRuleKind = "Scheduled"
)

func PossibleAlertRuleKindValues Uses

func PossibleAlertRuleKindValues() []AlertRuleKind

PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type.

type AlertRuleKind1 Uses

type AlertRuleKind1 struct {
    // Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'Filter', 'Fusion'
    Kind AlertRuleKind `json:"kind,omitempty"`
}

AlertRuleKind1 describes an Azure resource with kind.

type AlertRuleModel Uses

type AlertRuleModel struct {
    autorest.Response `json:"-"`
    Value             BasicAlertRule `json:"value,omitempty"`
}

AlertRuleModel ...

func (*AlertRuleModel) UnmarshalJSON Uses

func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleModel struct.

type AlertRuleTemplate Uses

type AlertRuleTemplate struct {
    autorest.Response `json:"-"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Etag - Etag of the alert rule.
    Etag *string `json:"etag,omitempty"`
    // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion'
    Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

AlertRuleTemplate alert rule template.

func (AlertRuleTemplate) AsAlertRuleTemplate Uses

func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsBasicAlertRuleTemplate Uses

func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsFilterAlertRuleTemplate Uses

func (art AlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool)

AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsFusionAlertRuleTemplate Uses

func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsScheduledAlertRuleTemplate Uses

func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) MarshalJSON Uses

func (art AlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplate.

type AlertRuleTemplateModel Uses

type AlertRuleTemplateModel struct {
    autorest.Response `json:"-"`
    Value             BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplateModel ...

func (*AlertRuleTemplateModel) UnmarshalJSON Uses

func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct.

type AlertRuleTemplatesClient Uses

type AlertRuleTemplatesClient struct {
    BaseClient
}

AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRuleTemplatesClient Uses

func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client.

func NewAlertRuleTemplatesClientWithBaseURI Uses

func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client.

func (AlertRuleTemplatesClient) Get Uses

func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error)

Get gets the alert rule template. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. alertRuleTemplateID - alert rule template ID

func (AlertRuleTemplatesClient) GetPreparer Uses

func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRuleTemplatesClient) GetResponder Uses

func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) GetSender Uses

func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRuleTemplatesClient) List Uses

func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListPage, err error)

List gets all alert rule templates. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (AlertRuleTemplatesClient) ListComplete Uses

func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRuleTemplatesClient) ListPreparer Uses

func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRuleTemplatesClient) ListResponder Uses

func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) ListSender Uses

func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRuleTemplatesList Uses

type AlertRuleTemplatesList struct {
    autorest.Response `json:"-"`
    // NextLink - READ-ONLY; URL to fetch the next set of alert rule templates.
    NextLink *string `json:"nextLink,omitempty"`
    // Value - Array of alert rule templates.
    Value *[]BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplatesList list all the alert rule templates.

func (AlertRuleTemplatesList) IsEmpty Uses

func (artl AlertRuleTemplatesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (*AlertRuleTemplatesList) UnmarshalJSON Uses

func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct.

type AlertRuleTemplatesListIterator Uses

type AlertRuleTemplatesListIterator struct {
    // contains filtered or unexported fields
}

AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values.

func NewAlertRuleTemplatesListIterator Uses

func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator

Creates a new instance of the AlertRuleTemplatesListIterator type.

func (*AlertRuleTemplatesListIterator) Next Uses

func (iter *AlertRuleTemplatesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListIterator) NextWithContext Uses

func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRuleTemplatesListIterator) NotDone Uses

func (iter AlertRuleTemplatesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListIterator) Response Uses

func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListIterator) Value Uses

func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRuleTemplatesListPage Uses

type AlertRuleTemplatesListPage struct {
    // contains filtered or unexported fields
}

AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values.

func NewAlertRuleTemplatesListPage Uses

func NewAlertRuleTemplatesListPage(getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage

Creates a new instance of the AlertRuleTemplatesListPage type.

func (*AlertRuleTemplatesListPage) Next Uses

func (page *AlertRuleTemplatesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListPage) NextWithContext Uses

func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRuleTemplatesListPage) NotDone Uses

func (page AlertRuleTemplatesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListPage) Response Uses

func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListPage) Values Uses

func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate

Values returns the slice of values for the current page or nil if there are no values.

type AlertRulesClient Uses

type AlertRulesClient struct {
    BaseClient
}

AlertRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRulesClient Uses

func NewAlertRulesClient(subscriptionID string) AlertRulesClient

NewAlertRulesClient creates an instance of the AlertRulesClient client.

func NewAlertRulesClientWithBaseURI Uses

func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient

NewAlertRulesClientWithBaseURI creates an instance of the AlertRulesClient client.

func (AlertRulesClient) CreateOrUpdate Uses

func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (result AlertRuleModel, err error)

CreateOrUpdate creates or updates the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID alertRule - the alert rule

func (AlertRulesClient) CreateOrUpdateAction Uses

func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action Action) (result Action, err error)

CreateOrUpdateAction creates or updates the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID action - the action

func (AlertRulesClient) CreateOrUpdateActionPreparer Uses

func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action Action) (*http.Request, error)

CreateOrUpdateActionPreparer prepares the CreateOrUpdateAction request.

func (AlertRulesClient) CreateOrUpdateActionResponder Uses

func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result Action, err error)

CreateOrUpdateActionResponder handles the response to the CreateOrUpdateAction request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateActionSender Uses

func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error)

CreateOrUpdateActionSender sends the CreateOrUpdateAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) CreateOrUpdatePreparer Uses

func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (AlertRulesClient) CreateOrUpdateResponder Uses

func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateSender Uses

func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Delete Uses

func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result autorest.Response, err error)

Delete delete the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) DeleteAction Uses

func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error)

DeleteAction delete the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (AlertRulesClient) DeleteActionPreparer Uses

func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

DeleteActionPreparer prepares the DeleteAction request.

func (AlertRulesClient) DeleteActionResponder Uses

func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error)

DeleteActionResponder handles the response to the DeleteAction request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteActionSender Uses

func (client AlertRulesClient) DeleteActionSender(req *http.Request) (*http.Response, error)

DeleteActionSender sends the DeleteAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) DeletePreparer Uses

func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (AlertRulesClient) DeleteResponder Uses

func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteSender Uses

func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Get Uses

func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result AlertRuleModel, err error)

Get gets the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) GetAction Uses

func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result Action, err error)

GetAction gets the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (AlertRulesClient) GetActionPreparer Uses

func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

GetActionPreparer prepares the GetAction request.

func (AlertRulesClient) GetActionResponder Uses

func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result Action, err error)

GetActionResponder handles the response to the GetAction request. The method always closes the http.Response Body.

func (AlertRulesClient) GetActionSender Uses

func (client AlertRulesClient) GetActionSender(req *http.Request) (*http.Response, error)

GetActionSender sends the GetAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) GetPreparer Uses

func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRulesClient) GetResponder Uses

func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRulesClient) GetSender Uses

func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) List Uses

func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListPage, err error)

List gets all alert rules. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (AlertRulesClient) ListComplete Uses

func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRulesClient) ListPreparer Uses

func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRulesClient) ListResponder Uses

func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRulesClient) ListSender Uses

func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRulesList Uses

type AlertRulesList struct {
    autorest.Response `json:"-"`
    // NextLink - READ-ONLY; URL to fetch the next set of alert rules.
    NextLink *string `json:"nextLink,omitempty"`
    // Value - Array of alert rules.
    Value *[]BasicAlertRule `json:"value,omitempty"`
}

AlertRulesList list all the alert rules.

func (AlertRulesList) IsEmpty Uses

func (arl AlertRulesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (*AlertRulesList) UnmarshalJSON Uses

func (arl *AlertRulesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRulesList struct.

type AlertRulesListIterator Uses

type AlertRulesListIterator struct {
    // contains filtered or unexported fields
}

AlertRulesListIterator provides access to a complete listing of AlertRule values.

func NewAlertRulesListIterator Uses

func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator

Creates a new instance of the AlertRulesListIterator type.

func (*AlertRulesListIterator) Next Uses

func (iter *AlertRulesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListIterator) NextWithContext Uses

func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRulesListIterator) NotDone Uses

func (iter AlertRulesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRulesListIterator) Response Uses

func (iter AlertRulesListIterator) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListIterator) Value Uses

func (iter AlertRulesListIterator) Value() BasicAlertRule

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRulesListPage Uses

type AlertRulesListPage struct {
    // contains filtered or unexported fields
}

AlertRulesListPage contains a page of BasicAlertRule values.

func NewAlertRulesListPage Uses

func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage

Creates a new instance of the AlertRulesListPage type.

func (*AlertRulesListPage) Next Uses

func (page *AlertRulesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListPage) NextWithContext Uses

func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRulesListPage) NotDone Uses

func (page AlertRulesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRulesListPage) Response Uses

func (page AlertRulesListPage) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListPage) Values Uses

func (page AlertRulesListPage) Values() []BasicAlertRule

Values returns the slice of values for the current page or nil if there are no values.

type AlertSeverity Uses

type AlertSeverity string

AlertSeverity enumerates the values for alert severity.

const (
    // High High severity
    High AlertSeverity = "High"
    // Informational Informational severity
    Informational AlertSeverity = "Informational"
    // Low Low severity
    Low AlertSeverity = "Low"
    // Medium Medium severity
    Medium AlertSeverity = "Medium"
)

func PossibleAlertSeverityValues Uses

func PossibleAlertSeverityValues() []AlertSeverity

PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type.

type AlertStatus Uses

type AlertStatus string

AlertStatus enumerates the values for alert status.

const (
    // AlertStatusDismissed Alert dismissed as false positive
    AlertStatusDismissed AlertStatus = "Dismissed"
    // AlertStatusInProgress Alert is being handled
    AlertStatusInProgress AlertStatus = "InProgress"
    // AlertStatusNew New alert
    AlertStatusNew AlertStatus = "New"
    // AlertStatusResolved Alert closed after handling
    AlertStatusResolved AlertStatus = "Resolved"
    // AlertStatusUnknown Unknown value
    AlertStatusUnknown AlertStatus = "Unknown"
)

func PossibleAlertStatusValues Uses

func PossibleAlertStatusValues() []AlertStatus

PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type.

type AlertsDataTypeOfDataConnector Uses

type AlertsDataTypeOfDataConnector struct {
    // Alerts - Alerts data type connection.
    Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"`
}

AlertsDataTypeOfDataConnector alerts data type for data connectors.

type AlertsDataTypeOfDataConnectorAlerts Uses

type AlertsDataTypeOfDataConnectorAlerts struct {
    // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
    State DataTypeState `json:"state,omitempty"`
}

AlertsDataTypeOfDataConnectorAlerts alerts data type connection.

type AttackTactic Uses

type AttackTactic string

AttackTactic enumerates the values for attack tactic.

const (
    // Collection ...
    Collection AttackTactic = "Collection"
    // CommandAndControl ...
    CommandAndControl AttackTactic = "CommandAndControl"
    // CredentialAccess ...
    CredentialAccess AttackTactic = "CredentialAccess"
    // DefenseEvasion ...
    DefenseEvasion AttackTactic = "DefenseEvasion"
    // Discovery ...
    Discovery AttackTactic = "Discovery"
    // Execution ...
    Execution AttackTactic = "Execution"
    // Exfiltration ...
    Exfiltration AttackTactic = "Exfiltration"
    // InitialAccess ...
    InitialAccess AttackTactic = "InitialAccess"
    // LateralMovement ...
    LateralMovement AttackTactic = "LateralMovement"
    // Persistence ...
    Persistence AttackTactic = "Persistence"
    // PrivilegeEscalation ...
    PrivilegeEscalation AttackTactic = "PrivilegeEscalation"
)

func PossibleAttackTacticValues Uses

func PossibleAttackTacticValues() []AttackTactic

PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type.

type AwsCloudTrailDataConnector Uses

type AwsCloudTrailDataConnector struct {
    // AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.
    *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Etag - Etag of the data connector.
    Etag *string `json:"etag,omitempty"`
    // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection'
    Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector.

func (AwsCloudTrailDataConnector) AsAADDataConnector Uses

func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAATPDataConnector Uses

func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsASCDataConnector Uses

func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector Uses

func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsBasicDataConnector Uses

func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsDataConnector Uses

func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMCASDataConnector Uses

func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMDATPDataConnector Uses

func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsOfficeDataConnector Uses

func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsTIDataConnector Uses

func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) MarshalJSON Uses

func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector.

func (*AwsCloudTrailDataConnector) UnmarshalJSON Uses

func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct.

type AwsCloudTrailDataConnectorDataTypes Uses

type AwsCloudTrailDataConnectorDataTypes struct {
    // Logs - Logs data type.
    Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data connector.

type AwsCloudTrailDataConnectorDataTypesLogs Uses

type AwsCloudTrailDataConnectorDataTypesLogs struct {
    // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
    State DataTypeState `json:"state,omitempty"`
}

AwsCloudTrailDataConnectorDataTypesLogs logs data type.

type AwsCloudTrailDataConnectorProperties Uses

type AwsCloudTrailDataConnectorProperties struct {
    // AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
    AwsRoleArn *string `json:"awsRoleArn,omitempty"`
    // DataTypes - The available data types for the connector.
    DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"`
}

AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties.

type AzureResourceEntity Uses

type AzureResourceEntity struct {
    // AzureResourceEntityProperties - AzureResource entity properties
    *AzureResourceEntityProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL'
    Kind KindBasicEntity `json:"kind,omitempty"`
}

AzureResourceEntity represents an azure resource entity.

func (AzureResourceEntity) AsAccountEntity Uses

func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsAzureResourceEntity Uses

func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsBasicEntity Uses

func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsCloudApplicationEntity Uses

func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsDNSEntity Uses

func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsEntity Uses

func (are AzureResourceEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsFileEntity Uses

func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsFileHashEntity Uses

func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsHostEntity Uses

func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsIPEntity Uses

func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsMalwareEntity Uses

func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsProcessEntity Uses

func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsRegistryKeyEntity Uses

func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsRegistryValueEntity Uses

func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSecurityAlert Uses

func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSecurityGroupEntity Uses

func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsURLEntity Uses

func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) MarshalJSON Uses

func (are AzureResourceEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureResourceEntity.

func (*AzureResourceEntity) UnmarshalJSON Uses

func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct.

type AzureResourceEntityProperties Uses

type AzureResourceEntityProperties struct {
    // ResourceID - READ-ONLY; The azure resource id of the resource
    ResourceID *string `json:"resourceId,omitempty"`
    // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
    FriendlyName *string `json:"friendlyName,omitempty"`
    // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
    AdditionalData map[string]interface{} `json:"additionalData"`
}

AzureResourceEntityProperties azureResource entity property bag.

func (AzureResourceEntityProperties) MarshalJSON Uses

func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureResourceEntityProperties.

type BaseAlertRuleTemplateProperties Uses

type BaseAlertRuleTemplateProperties struct {
    // DisplayName - The display name for alert rule template.
    DisplayName *string `json:"displayName,omitempty"`
    // Description - The description of the alert rule template.
    Description *string `json:"description,omitempty"`
    // Tactics - The tactics of the alert rule template
    Tactics *[]AttackTactic `json:"tactics,omitempty"`
    // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
    CreatedDateUTC *string `json:"createdDateUTC,omitempty"`
    // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
    Status TemplateStatus `json:"status,omitempty"`
    // RequiredDataConnectors - The required data connectors for this template
    RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"`
    // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
    AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
}

BaseAlertRuleTemplateProperties base alert rule template property bag.

type BaseClient Uses

type BaseClient struct {
    autorest.Client
    BaseURI        string
    SubscriptionID string
}

BaseClient is the base client for Securityinsight.

func New Uses

func New(subscriptionID string) BaseClient

New creates an instance of the BaseClient client.

func NewWithBaseURI Uses

func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient

NewWithBaseURI creates an instance of the BaseClient client.

type BasicAggregations Uses

type BasicAggregations interface {
    AsCasesAggregation() (*CasesAggregation, bool)
    AsAggregations() (*Aggregations, bool)
}

BasicAggregations the aggregation.

type BasicAlertRule Uses

type BasicAlertRule interface {
    AsScheduledAlertRule() (*ScheduledAlertRule, bool)
    AsAlertRule() (*AlertRule, bool)
}

BasicAlertRule alert rule.

type BasicAlertRuleTemplate Uses

type BasicAlertRuleTemplate interface {
    AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
    AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool)
    AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
    AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
}

BasicAlertRuleTemplate alert rule template.

type BasicDataConnector Uses

type BasicDataConnector interface {
    AsOfficeDataConnector() (*OfficeDataConnector, bool)
    AsTIDataConnector() (*TIDataConnector, bool)
    AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
    AsAADDataConnector() (*AADDataConnector, bool)
    AsASCDataConnector() (*ASCDataConnector, bool)
    AsMCASDataConnector() (*MCASDataConnector, bool)
    AsAATPDataConnector() (*AATPDataConnector, bool)
    AsMDATPDataConnector() (*MDATPDataConnector, bool)
    AsDataConnector() (*DataConnector, bool)
}

BasicDataConnector data connector.

type BasicEntity Uses

type BasicEntity interface {
    AsAccountEntity() (*AccountEntity, bool)
    AsHostEntity() (*HostEntity, bool)
    AsFileEntity() (*FileEntity, bool)
    AsSecurityAlert() (*SecurityAlert, bool)
    AsFileHashEntity() (*FileHashEntity, bool)
    AsMalwareEntity() (*MalwareEntity, bool)
    AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
    AsAzureResourceEntity() (*AzureResourceEntity, bool)
    AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
    AsProcessEntity() (*ProcessEntity, bool)
    AsDNSEntity() (*DNSEntity, bool)
    AsIPEntity() (*IPEntity, bool)
    AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
    AsRegistryValueEntity() (*RegistryValueEntity, bool)
    AsURLEntity() (*URLEntity, bool)
    AsEntity() (*Entity, bool)
}

BasicEntity specific entity.

type BasicSettings Uses

type BasicSettings interface {
    AsUebaSettings() (*UebaSettings, bool)
    AsToggleSettings() (*ToggleSettings, bool)
    AsSettings() (*Settings, bool)
}

BasicSettings the Setting.

type Bookmark Uses

type Bookmark struct {
    autorest.Response `json:"-"`
    // Etag - Etag of the bookmark.
    Etag *string `json:"etag,omitempty"`
    // BookmarkProperties - Bookmark properties
    *BookmarkProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
}

Bookmark represents a bookmark in Azure Security Insights.

func (Bookmark) MarshalJSON Uses

func (b Bookmark) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Bookmark.

func (*Bookmark) UnmarshalJSON Uses

func (b *Bookmark) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Bookmark struct.

type BookmarkList Uses

type BookmarkList struct {
    autorest.Response `json:"-"`
    // NextLink - READ-ONLY; URL to fetch the next set of cases.
    NextLink *string `json:"nextLink,omitempty"`
    // Value - Array of bookmarks.
    Value *[]Bookmark `json:"value,omitempty"`
}

BookmarkList list all the bookmarks.

func (BookmarkList) IsEmpty Uses

func (bl BookmarkList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type BookmarkListIterator Uses

type BookmarkListIterator struct {
    // contains filtered or unexported fields
}

BookmarkListIterator provides access to a complete listing of Bookmark values.

func NewBookmarkListIterator Uses

func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator

Creates a new instance of the BookmarkListIterator type.

func (*BookmarkListIterator) Next Uses

func (iter *BookmarkListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListIterator) NextWithContext Uses

func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (BookmarkListIterator) NotDone Uses

func (iter BookmarkListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (BookmarkListIterator) Response Uses

func (iter BookmarkListIterator) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListIterator) Value Uses

func (iter BookmarkListIterator) Value() Bookmark

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type BookmarkListPage Uses

type BookmarkListPage struct {
    // contains filtered or unexported fields
}

BookmarkListPage contains a page of Bookmark values.

func NewBookmarkListPage Uses

func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage

Creates a new instance of the BookmarkListPage type.

func (*BookmarkListPage) Next Uses

func (page *BookmarkListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListPage) NextWithContext Uses

func (page *BookmarkListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (BookmarkListPage) NotDone Uses

func (page BookmarkListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (BookmarkListPage) Response Uses

func (page BookmarkListPage) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListPage) Values Uses

func (page BookmarkListPage) Values() []Bookmark

Values returns the slice of values for the current page or nil if there are no values.

type BookmarkProperties Uses

type BookmarkProperties struct {
    // DisplayName - The display name of the bookmark
    DisplayName *string `json:"displayName,omitempty"`
    // Updated - The last time the bookmark was updated
    Updated *date.Time `json:"updated,omitempty"`
    // Created - The time the bookmark was created
    Created *date.Time `json:"created,omitempty"`
    // CreatedBy - Describes a user that created the bookmark
    CreatedBy *UserInfo `json:"createdBy,omitempty"`
    // UpdatedBy - Describes a user that updated the bookmark
    UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
    // Notes - The notes of the bookmark
    Notes *string `json:"notes,omitempty"`
    // Labels - List of labels relevant to this bookmark
    Labels *[]string `json:"labels,omitempty"`
    // Query - The query of the bookmark.
    Query *string `json:"query,omitempty"`
    // QueryResult - The query result of the bookmark.
    QueryResult *string `json:"queryResult,omitempty"`
}

BookmarkProperties describes bookmark properties

type BookmarksClient Uses

type BookmarksClient struct {
    BaseClient
}

BookmarksClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarksClient Uses

func NewBookmarksClient(subscriptionID string) BookmarksClient

NewBookmarksClient creates an instance of the BookmarksClient client.

func NewBookmarksClientWithBaseURI Uses

func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient

NewBookmarksClientWithBaseURI creates an instance of the BookmarksClient client.

func (BookmarksClient) CreateOrUpdate Uses

func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (result Bookmark, err error)

CreateOrUpdate creates or updates the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID bookmark - the bookmark

func (BookmarksClient) CreateOrUpdatePreparer Uses

func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (BookmarksClient) CreateOrUpdateResponder Uses

func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (BookmarksClient) CreateOrUpdateSender Uses

func (client BookmarksClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Delete Uses

func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result autorest.Response, err error)

Delete delete the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) DeletePreparer Uses

func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (BookmarksClient) DeleteResponder Uses

func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (BookmarksClient) DeleteSender Uses

func (client BookmarksClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Get Uses

func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result Bookmark, err error)

Get gets a bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) GetPreparer Uses

func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (BookmarksClient) GetResponder Uses

func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (BookmarksClient) GetSender Uses

func (client BookmarksClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) List Uses

func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListPage, err error)

List gets all bookmarks. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (BookmarksClient) ListComplete Uses

func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (BookmarksClient) ListPreparer Uses

func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (BookmarksClient) ListResponder Uses

func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (BookmarksClient) ListSender Uses

func (client BookmarksClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type Case Uses

type Case struct {
    autorest.Response `json:"-"`
    // Etag - Etag of the alert rule.
    Etag *string `json:"etag,omitempty"`
    // CaseProperties - Case properties
    *CaseProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
}

Case represents a case in Azure Security Insights.

func (Case) MarshalJSON Uses

func (c Case) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Case.

func (*Case) UnmarshalJSON Uses

func (c *Case) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Case struct.

type CaseComment Uses

type CaseComment struct {
    autorest.Response `json:"-"`
    // CaseCommentProperties - Case comment properties
    *CaseCommentProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
}

CaseComment represents a case comment

func (CaseComment) MarshalJSON Uses

func (cc CaseComment) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseComment.

func (*CaseComment) UnmarshalJSON Uses

func (cc *CaseComment) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CaseComment struct.

type CaseCommentList Uses

type CaseCommentList struct {
    autorest.Response `json:"-"`
    // NextLink - READ-ONLY; URL to fetch the next set of comments.
    NextLink *string `json:"nextLink,omitempty"`
    // Value - Array of comments.
    Value *[]CaseComment `json:"value,omitempty"`
}

CaseCommentList list of case comments.

func (CaseCommentList) IsEmpty Uses

func (ccl CaseCommentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type CaseCommentListIterator Uses

type CaseCommentListIterator struct {
    // contains filtered or unexported fields
}

CaseCommentListIterator provides access to a complete listing of CaseComment values.

func NewCaseCommentListIterator Uses

func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator

Creates a new instance of the CaseCommentListIterator type.

func (*CaseCommentListIterator) Next Uses

func (iter *CaseCommentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseCommentListIterator) NextWithContext Uses

func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseCommentListIterator) NotDone Uses

func (iter CaseCommentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseCommentListIterator) Response Uses

func (iter CaseCommentListIterator) Response() CaseCommentList

Response returns the raw server response from the last page request.

func (CaseCommentListIterator) Value Uses

func (iter CaseCommentListIterator) Value() CaseComment

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseCommentListPage Uses

type CaseCommentListPage struct {
    // contains filtered or unexported fields
}

CaseCommentListPage contains a page of CaseComment values.

func NewCaseCommentListPage Uses

func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage

Creates a new instance of the CaseCommentListPage type.

func (*CaseCommentListPage) Next Uses

func (page *CaseCommentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseCommentListPage) NextWithContext Uses

func (page *CaseCommentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseCommentListPage) NotDone Uses

func (page CaseCommentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseCommentListPage) Response Uses

func (page CaseCommentListPage) Response() CaseCommentList

Response returns the raw server response from the last page request.

func (CaseCommentListPage) Values Uses

func (page CaseCommentListPage) Values() []CaseComment

Values returns the slice of values for the current page or nil if there are no values.

type CaseCommentProperties Uses

type CaseCommentProperties struct {
    // Message - The comment message
    Message *string `json:"message,omitempty"`
    // CreatedTimeUtc - READ-ONLY; The time the comment was created
    CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
    // UserInfo - READ-ONLY; Describes the user that created the comment
    UserInfo *UserInfo `json:"userInfo,omitempty"`
}

CaseCommentProperties case comment property bag.

type CaseCommentsClient Uses

type CaseCommentsClient struct {
    BaseClient
}

CaseCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCaseCommentsClient Uses

func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient

NewCaseCommentsClient creates an instance of the CaseCommentsClient client.

func NewCaseCommentsClientWithBaseURI Uses

func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient

NewCaseCommentsClientWithBaseURI creates an instance of the CaseCommentsClient client.

func (CaseCommentsClient) CreateComment Uses

func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (result CaseComment, err error)

CreateComment creates the case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID caseComment - the case comment

func (CaseCommentsClient) CreateCommentPreparer Uses

func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (*http.Request, error)

CreateCommentPreparer prepares the CreateComment request.

func (CaseCommentsClient) CreateCommentResponder Uses

func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error)

CreateCommentResponder handles the response to the CreateComment request. The method always closes the http.Response Body.

func (CaseCommentsClient) CreateCommentSender Uses

func (client CaseCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error)

CreateCommentSender sends the CreateComment request. The method will close the http.Response Body if it receives an error.

type CaseList Uses

type CaseList struct {
    autorest.Response `json:"-"`
    // NextLink - READ-ONLY; URL to fetch the next set of cases.
    NextLink *string `json:"nextLink,omitempty"`
    // Value - Array of cases.
    Value *[]Case `json:"value,omitempty"`
}

CaseList list all the cases.

func (CaseList) IsEmpty Uses

func (cl CaseList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type CaseListIterator Uses

type CaseListIterator struct {
    // contains filtered or unexported fields
}

CaseListIterator provides access to a complete listing of Case values.

func NewCaseListIterator Uses

func NewCaseListIterator(page CaseListPage) CaseListIterator

Creates a new instance of the CaseListIterator type.

func (*CaseListIterator) Next Uses

func (iter *CaseListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseListIterator) NextWithContext Uses

func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseListIterator) NotDone Uses

func (iter CaseListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseListIterator) Response Uses

func (iter CaseListIterator) Response() CaseList

Response returns the raw server response from the last page request.

func (CaseListIterator) Value Uses

func (iter CaseListIterator) Value() Case

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseListPage Uses

type CaseListPage struct {
    // contains filtered or unexported fields
}

CaseListPage contains a page of Case values.

func NewCaseListPage Uses

func NewCaseListPage(getNextPage func(context.Context, CaseList) (CaseList, error)) CaseListPage

Creates a new instance of the CaseListPage type.

func (*CaseListPage) Next Uses

func (page *CaseListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseListPage) NextWithContext Uses

func (page *CaseListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseListPage) NotDone Uses

func (page CaseListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseListPage) Response Uses

func (page CaseListPage) Response() CaseList

Response returns the raw server response from the last page request.

func (CaseListPage) Values Uses

func (page CaseListPage) Values() []Case

Values returns the slice of values for the current page or nil if there are no values.

type CaseProperties Uses

type CaseProperties struct {
    // LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated
    LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"`
    // CreatedTimeUtc - READ-ONLY; The time the case was created
    CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
    // EndTimeUtc - The end time of the case
    EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
    // StartTimeUtc - The start time of the case
    StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
    // Labels - List of labels relevant to this case
    Labels *[]string `json:"labels,omitempty"`
    // Description - The description of the case
    Description *string `json:"description,omitempty"`
    // Title - The title of the case
    Title *string `json:"title,omitempty"`
    // Owner - Describes a user that the case is assigned to
    Owner *UserInfo `json:"owner,omitempty"`
    // Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational'
    Severity CaseSeverity `json:"severity,omitempty"`
    // Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed'
    Status CaseStatus `json:"status,omitempty"`
    // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other'
    CloseReason CloseReason `json:"closeReason,omitempty"`
    // ClosedReasonText - the case close reason details
    ClosedReasonText *string `json:"closedReasonText,omitempty"`
    // RelatedAlertIds - READ-ONLY; List of related alert identifiers
    RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"`
    // CaseNumber - READ-ONLY; a sequential number
    CaseNumber *int32 `json:"caseNumber,omitempty"`
    // LastComment - READ-ONLY; the last comment in the case
    LastComment *string `json:"lastComment,omitempty"`
    // TotalComments - READ-ONLY; the number of total comments in the case
    TotalComments *int32 `json:"totalComments,omitempty"`
}

CaseProperties describes case properties

type CaseSeverity Uses

type CaseSeverity string

CaseSeverity enumerates the values for case severity.

const (
    // CaseSeverityCritical Critical severity
    CaseSeverityCritical CaseSeverity = "Critical"
    // CaseSeverityHigh High severity
    CaseSeverityHigh CaseSeverity = "High"
    // CaseSeverityInformational Informational severity
    CaseSeverityInformational CaseSeverity = "Informational"
    // CaseSeverityLow Low severity
    CaseSeverityLow CaseSeverity = "Low"
    // CaseSeverityMedium Medium severity
    CaseSeverityMedium CaseSeverity = "Medium"
)

func PossibleCaseSeverityValues Uses

func PossibleCaseSeverityValues() []CaseSeverity

PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type.

type CaseStatus Uses

type CaseStatus string

CaseStatus enumerates the values for case status.

const (
    // CaseStatusClosed A non active case
    CaseStatusClosed CaseStatus = "Closed"
    // CaseStatusDraft Case that wasn't promoted yet to active
    CaseStatusDraft CaseStatus = "Draft"
    // CaseStatusInProgress An active case which is handled
    CaseStatusInProgress CaseStatus = "InProgress"
    // CaseStatusNew An active case which isn't handled currently
    CaseStatusNew CaseStatus = "New"
)

func PossibleCaseStatusValues Uses

func PossibleCaseStatusValues() []CaseStatus

PossibleCaseStatusValues returns an array of possible values for the CaseStatus const type.

type CasesAggregation Uses

type CasesAggregation struct {
    // CasesAggregationProperties - Properties of aggregations results of cases.
    *CasesAggregationProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation'
    Kind KindBasicAggregations `json:"kind,omitempty"`
}

CasesAggregation represents aggregations results for cases.

func (CasesAggregation) AsAggregations Uses

func (ca CasesAggregation) AsAggregations() (*Aggregations, bool)

AsAggregations is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) AsBasicAggregations Uses

func (ca CasesAggregation) AsBasicAggregations() (BasicAggregations, bool)

AsBasicAggregations is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) AsCasesAggregation Uses

func (ca CasesAggregation) AsCasesAggregation() (*CasesAggregation, bool)

AsCasesAggregation is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) MarshalJSON Uses

func (ca CasesAggregation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CasesAggregation.

func (*CasesAggregation) UnmarshalJSON Uses

func (ca *CasesAggregation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CasesAggregation struct.

type CasesAggregationBySeverityProperties Uses

type CasesAggregationBySeverityProperties struct {
    // TotalCriticalSeverity - READ-ONLY; Total amount of open cases with severity Critical
    TotalCriticalSeverity *int32 `json:"totalCriticalSeverity,omitempty"`
    // TotalHighSeverity - READ-ONLY; Total amount of open cases with severity High
    TotalHighSeverity *int32 `json:"totalHighSeverity,omitempty"`
    // TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium
    TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"`
    // TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low
    TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"`
    // TotalInformationalSeverity - READ-ONLY; Total amount of open cases with severity Informational
    TotalInformationalSeverity *int32 `json:"totalInformationalSeverity,omitempty"`
}

CasesAggregationBySeverityProperties aggregative results of cases by severity property bag.

type CasesAggregationByStatusProperties Uses

type CasesAggregationByStatusProperties struct {
    // TotalNewStatus - READ-ONLY; Total amount of open cases with status New
    TotalNewStatus *int32 `json:"totalNewStatus,omitempty"`
    // TotalInProgressStatus - READ-ONLY; Total amount of open cases with status InProgress
    TotalInProgressStatus *int32 `json:"totalInProgressStatus,omitempty"`
    // TotalResolvedStatus - READ-ONLY; Total amount of open cases with status Resolved
    TotalResolvedStatus *int32 `json:"totalResolvedStatus,omitempty"`
    // TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed
    TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"`
}

CasesAggregationByStatusProperties aggregative results of cases by status property bag.

type CasesAggregationProperties Uses

type CasesAggregationProperties struct {
    // AggregationBySeverity - Aggregations results by case severity.
    AggregationBySeverity *CasesAggregationBySeverityProperties `json:"aggregationBySeverity,omitempty"`
    // AggregationByStatus - Aggregations results by case status.
    AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"`
}

CasesAggregationProperties aggregative results of cases property bag.

type CasesAggregationsClient Uses

type CasesAggregationsClient struct {
    BaseClient
}

CasesAggregationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCasesAggregationsClient Uses

func NewCasesAggregationsClient(subscriptionID string) CasesAggregationsClient

NewCasesAggregationsClient creates an instance of the CasesAggregationsClient client.

func NewCasesAggregationsClientWithBaseURI Uses

func NewCasesAggregationsClientWithBaseURI(baseURI string, subscriptionID string) CasesAggregationsClient

NewCasesAggregationsClientWithBaseURI creates an instance of the CasesAggregationsClient client.

func (CasesAggregationsClient) Get Uses

func (client CasesAggregationsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (result AggregationsModel, err error)

Get get aggregative result for the given resources under the defined workspace Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. aggregationsName - the aggregation name. Supports - Cases

func (CasesAggregationsClient) GetPreparer Uses

func (client CasesAggregationsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (CasesAggregationsClient) GetResponder Uses

func (client CasesAggregationsClient) GetResponder(resp *http.Response) (result AggregationsModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (CasesAggregationsClient) GetSender Uses

func (client CasesAggregationsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

type CasesClient Uses

type CasesClient struct {
    BaseClient
}

CasesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCasesClient Uses

func NewCasesClient(subscriptionID string) CasesClient

NewCasesClient creates an instance of the CasesClient client.

func NewCasesClientWithBaseURI Uses

func NewCasesClientWithBaseURI(baseURI string, subscriptionID string) CasesClient

NewCasesClientWithBaseURI creates an instance of the CasesClient client.

func (CasesClient) CreateOrUpdate Uses

func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (result Case, err error)

CreateOrUpdate creates or updates the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseParameter - the case

func (CasesClient) CreateOrUpdatePreparer Uses

func (client CasesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (CasesClient) CreateOrUpdateResponder Uses

func (client CasesClient) CreateOrUpdateResponder(resp *http.Response) (result Case, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (CasesClient) CreateOrUpdateSender Uses

func (client CasesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (CasesClient) Delete Uses

func (client CasesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result autorest.Response, err error)

Delete delete the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID

func (CasesClient) DeletePreparer Uses

func (client CasesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (CasesClient) DeleteResponder Uses

func (client CasesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (CasesClient) DeleteSender Uses

func (client CasesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (CasesClient) Get Uses

func (client CasesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result Case, err error)

Get gets a case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID

func (CasesClient) GetComment Uses

func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result CaseComment, err error)

GetComment gets a case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID

func (CasesClient) GetCommentPreparer Uses

func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (*http.Request, error)

GetCommentPreparer prepares the GetComment request.

func (CasesClient) GetCommentResponder Uses

func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error)

GetCommentResponder handles the response to the GetComment request. The method always closes the http.Response Body.

func (CasesClient) GetCommentSender Uses

func (client CasesClient) GetCommentSender(req *http.Request) (*http.Response, error)

GetCommentSender sends the GetComment request. The method will close the http.Response Body if it receives an error.

func (CasesClient) GetPreparer Uses

func (client CasesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (CasesClient) GetResponder Uses

func (client CasesClient) GetResponder(resp *http.Response) (result Case, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (CasesClient) GetSender Uses

func (client CasesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (CasesClient) List Uses

func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListPage, err error)

List gets all cases. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CasesClient) ListComplete Uses

func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (CasesClient) ListPreparer Uses

func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (CasesClient) ListResponder Uses

func (client CasesClient) ListResponder(resp *http.Response) (result CaseList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (CasesClient) ListSender Uses

func (client CasesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type CloseReason Uses

type CloseReason string

CloseReason enumerates the values for close reason.

const (
    // Dismissed Case was dismissed
    Dismissed CloseReason = "Dismissed"
    // FalsePositive Case was false positive
    FalsePositive CloseReason = "FalsePositive"
    // Other Case was closed for another reason
    Other CloseReason = "Other"
    // Resolved Case was resolved
    Resolved CloseReason = "Resolved"
    // TruePositive Case was true positive
    TruePositive CloseReason = "TruePositive"
)

func PossibleCloseReasonValues Uses

func PossibleCloseReasonValues() []CloseReason

PossibleCloseReasonValues returns an array of possible values for the CloseReason const type.

type CloudApplicationEntity Uses

type CloudApplicationEntity struct {
    // CloudApplicationEntityProperties - CloudApplication entity properties
    *CloudApplicationEntityProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL'
    Kind KindBasicEntity `json:"kind,omitempty"`
}

CloudApplicationEntity represents a cloud application entity.

func (CloudApplicationEntity) AsAccountEntity Uses

func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsAzureResourceEntity Uses

func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsBasicEntity Uses

func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsCloudApplicationEntity Uses

func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsDNSEntity Uses

func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsEntity Uses

func (cae CloudApplicationEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsFileEntity Uses

func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsFileHashEntity Uses

func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsHostEntity Uses

func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsIPEntity Uses

func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsMalwareEntity Uses

func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsProcessEntity Uses

func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsRegistryKeyEntity Uses

func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsRegistryValueEntity Uses

func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSecurityAlert Uses

func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSecurityGroupEntity Uses

func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsURLEntity Uses

func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) MarshalJSON Uses

func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudApplicationEntity.

func (*CloudApplicationEntity) UnmarshalJSON Uses

func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct.

type CloudApplicationEntityProperties Uses

type CloudApplicationEntityProperties struct {
    // AppID - READ-ONLY; The technical identifier of the application.
    AppID *int32 `json:"appId,omitempty"`
    // AppName - READ-ONLY; The name of the related cloud application.
    AppName *string `json:"appName,omitempty"`
    // InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.
    InstanceName *string `json:"instanceName,omitempty"`
    // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
    FriendlyName *string `json:"friendlyName,omitempty"`
    // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
    AdditionalData map[string]interface{} `json:"additionalData"`
}

CloudApplicationEntityProperties cloudApplication entity property bag.

func (CloudApplicationEntityProperties) MarshalJSON Uses

func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudApplicationEntityProperties.

type CloudError Uses

type CloudError struct {
    // CloudErrorBody - Error data
    *CloudErrorBody `json:"error,omitempty"`
}

CloudError error response structure.

func (CloudError) MarshalJSON Uses

func (ce CloudError) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudError.

func (*CloudError) UnmarshalJSON Uses

func (ce *CloudError) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CloudError struct.

type CloudErrorBody Uses

type CloudErrorBody struct {
    // Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
    Code *string `json:"code,omitempty"`
    // Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface.
    Message *string `json:"message,omitempty"`
}

CloudErrorBody error details.

type CommentsClient Uses

type CommentsClient struct {
    BaseClient
}

CommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCommentsClient Uses

func NewCommentsClient(subscriptionID string) CommentsClient

NewCommentsClient creates an instance of the CommentsClient client.

func NewCommentsClientWithBaseURI Uses

func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient

NewCommentsClientWithBaseURI creates an instance of the CommentsClient client.

func (CommentsClient) ListByCase Uses

func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListPage, err error)

ListByCase gets all case comments. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CommentsClient) ListByCaseComplete Uses

func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListIterator, err error)

ListByCaseComplete enumerates all values, automatically crossing page boundaries as required.

func (CommentsClient) ListByCasePreparer Uses

func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListByCasePreparer prepares the ListByCase request.

func (CommentsClient) ListByCaseResponder Uses

func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error)

ListByCaseResponder handles the response to the ListByCase request. The method always closes the http.Response Body.

func (CommentsClient) ListByCaseSender Uses

func (client CommentsClient) ListByCaseSender(req *http.Request) (*http.Response, error)

ListByCaseSender sends the ListByCase request. The method will close the http.Response Body if it receives an error.

type ConfidenceLevel Uses

type ConfidenceLevel string

ConfidenceLevel enumerates the values for confidence level.

const (
    // ConfidenceLevelHigh High confidence that the alert is true positive malicious
    ConfidenceLevelHigh ConfidenceLevel = "High"
    // ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an
    // attack
    ConfidenceLevelLow ConfidenceLevel = "Low"
    // ConfidenceLevelUnknown Unknown confidence, the is the default value
    ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)

func PossibleConfidenceLevelValues Uses

func PossibleConfidenceLevelValues() []ConfidenceLevel

PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type.

type ConfidenceScoreStatus Uses

type ConfidenceScoreStatus string

ConfidenceScoreStatus enumerates the values for confidence score status.

const (
    // Final Final score was calculated and available
    Final ConfidenceScoreStatus = "Final"
    // InProcess No score was set yet and calculation is in progress
    InProcess ConfidenceScoreStatus = "InProcess"
    // NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst
    NotApplicable ConfidenceScoreStatus = "NotApplicable"
    // NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time
    // following the processing of additional data
    NotFinal ConfidenceScoreStatus = "NotFinal"
)

func PossibleConfidenceScoreStatusValues Uses

func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus

PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type.

type DNSEntity Uses

type DNSEntity struct {
    // DNSEntityProperties - Dns entity properties
    *DNSEntityProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL'
    Kind KindBasicEntity `json:"kind,omitempty"`
}

DNSEntity represents a dns entity.

func (DNSEntity) AsAccountEntity Uses

func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsAzureResourceEntity Uses

func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsBasicEntity Uses

func (de DNSEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsCloudApplicationEntity Uses

func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsDNSEntity Uses

func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsEntity Uses

func (de DNSEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsFileEntity Uses

func (de DNSEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsFileHashEntity Uses

func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsHostEntity Uses

func (de DNSEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsIPEntity Uses

func (de DNSEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsMalwareEntity Uses

func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsProcessEntity Uses

func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsRegistryKeyEntity Uses

func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsRegistryValueEntity Uses

func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSecurityAlert Uses

func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSecurityGroupEntity Uses

func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsURLEntity Uses

func (de DNSEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) MarshalJSON Uses

func (de DNSEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DNSEntity.

func (*DNSEntity) UnmarshalJSON Uses

func (de *DNSEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DNSEntity struct.

type DNSEntityProperties Uses

type DNSEntityProperties struct {
    // DomainName - READ-ONLY; The name of the dns record associated with the alert
    DomainName *string `json:"domainName,omitempty"`
    // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address.
    IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"`
    // DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request
    DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"`
    // HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client
    HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"`
    // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
    FriendlyName *string `json:"friendlyName,omitempty"`
    // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
    AdditionalData map[string]interface{} `json:"additionalData"`
}

DNSEntityProperties dns entity property bag.

func (DNSEntityProperties) MarshalJSON Uses

func (dep DNSEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DNSEntityProperties.

type DataConnector Uses

type DataConnector struct {
    autorest.Response `json:"-"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Etag - Etag of the data connector.
    Etag *string `json:"etag,omitempty"`
    // Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity', 'KindAzureAdvancedThreatProtection', 'KindMicrosoftDefenderAdvancedThreatProtection'
    Kind KindBasicDataConnector `json:"kind,omitempty"`
}

DataConnector data connector.

func (DataConnector) AsAADDataConnector Uses

func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAATPDataConnector Uses

func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsASCDataConnector Uses

func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAwsCloudTrailDataConnector Uses

func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsBasicDataConnector Uses

func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsDataConnector Uses

func (dc DataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMCASDataConnector Uses

func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMDATPDataConnector Uses

func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsOfficeDataConnector Uses

func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsTIDataConnector Uses

func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) MarshalJSON Uses

func (dc DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnector.

type DataConnectorDataTypeCommon Uses

type DataConnectorDataTypeCommon struct {
    // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
    State DataTypeState `json:"state,omitempty"`
}

DataConnectorDataTypeCommon common field for data type in data connectors.

type DataConnectorKind Uses

type DataConnectorKind string

DataConnectorKind enumerates the values for data connector kind.

const (
    // DataConnectorKindAmazonWebServicesCloudTrail ...
    DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail"
    // DataConnectorKindAzureActiveDirectory ...
    DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory"
    // DataConnectorKindAzureAdvancedThreatProtection ...
    DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection"
    // DataConnectorKindAzureSecurityCenter ...
    DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter"
    // DataConnectorKindMicrosoftCloudAppSecurity ...
    DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity"
    // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ...
    DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
    // DataConnectorKindOffice365 ...
    DataConnectorKindOffice365 DataConnectorKind = "Office365"
    // DataConnectorKindThreatIntelligence ...
    DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence"
)

func PossibleDataConnectorKindValues Uses

func PossibleDataConnectorKindValues() []DataConnectorKind

PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.

type DataConnectorKind1 Uses

type DataConnectorKind1 struct {
    // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection'
    Kind DataConnectorKind `json:"kind,omitempty"`
}

DataConnectorKind1 describes an Azure resource with kind.

type DataConnectorList Uses

type DataConnectorList struct {
    autorest.Response `json:"-"`
    // NextLink - READ-ONLY; URL to fetch the next set of data connectors.
    NextLink *string `json:"nextLink,omitempty"`
    // Value - Array of data connectors.
    Value *[]BasicDataConnector `json:"value,omitempty"`
}

DataConnectorList list all the data connectors.

func (DataConnectorList) IsEmpty Uses

func (dcl DataConnectorList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (*DataConnectorList) UnmarshalJSON Uses

func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorList struct.

type DataConnectorListIterator Uses

type DataConnectorListIterator struct {
    // contains filtered or unexported fields
}

DataConnectorListIterator provides access to a complete listing of DataConnector values.

func NewDataConnectorListIterator Uses

func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator

Creates a new instance of the DataConnectorListIterator type.

func (*DataConnectorListIterator) Next Uses

func (iter *DataConnectorListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListIterator) NextWithContext Uses

func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (DataConnectorListIterator) NotDone Uses

func (iter DataConnectorListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (DataConnectorListIterator) Response Uses

func (iter DataConnectorListIterator) Response() DataConnectorList

Response returns the raw server response from the last page request.

func (DataConnectorListIterator) Value Uses

func (iter DataConnectorListIterator) Value() BasicDataConnector

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type DataConnectorListPage Uses

type DataConnectorListPage struct {
    // contains filtered or unexported fields
}

DataConnectorListPage contains a page of BasicDataConnector values.

func NewDataConnectorListPage Uses

func NewDataConnectorListPage(getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage

Creates a new instance of the DataConnectorListPage type.

func (*DataConnectorListPage) Next Uses

func (page *DataConnectorListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListPage) NextWithContext Uses

func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (DataConnectorListPage) NotDone Uses

func (page DataConnectorListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (DataConnectorListPage) Response Uses

func (page DataConnectorListPage) Response() DataConnectorList

Response returns the raw server response from the last page request.

func (DataConnectorListPage) Values Uses

func (page DataConnectorListPage) Values() []BasicDataConnector

Values returns the slice of values for the current page or nil if there are no values.

type DataConnectorModel Uses

type DataConnectorModel struct {
    autorest.Response `json:"-"`
    Value             BasicDataConnector `json:"value,omitempty"`
}

DataConnectorModel ...

func (*DataConnectorModel) UnmarshalJSON Uses

func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorModel struct.

type DataConnectorStatus Uses

type DataConnectorStatus struct {
    // ConnectorID - the connector id
    ConnectorID *string `json:"connectorId,omitempty"`
    // DataTypes - The data types availability map
    DataTypes map[string]*DataTypeStatus `json:"dataTypes"`
}

DataConnectorStatus alert rule template data connector status

func (DataConnectorStatus) MarshalJSON Uses

func (dcs DataConnectorStatus) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnectorStatus.

type DataConnectorTenantID Uses

type DataConnectorTenantID struct {
    // TenantID - The tenant id to connect to, and get the data from.
    TenantID *string `json:"tenantId,omitempty"`
}

DataConnectorTenantID properties data connector on tenant level.

type DataConnectorWithAlertsProperties Uses

type DataConnectorWithAlertsProperties struct {
    // DataTypes - The available data types for the connector.
    DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

DataConnectorWithAlertsProperties data connector properties.

type DataConnectorsClient Uses

type DataConnectorsClient struct {
    BaseClient
}

DataConnectorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewDataConnectorsClient Uses

func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient

NewDataConnectorsClient creates an instance of the DataConnectorsClient client.

func NewDataConnectorsClientWithBaseURI Uses

func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient

NewDataConnectorsClientWithBaseURI creates an instance of the DataConnectorsClient client.

func (DataConnectorsClient) CreateOrUpdate Uses

func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (result DataConnectorModel, err error)

CreateOrUpdate creates or updates the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID dataConnector - the data connector

func (DataConnectorsClient) CreateOrUpdatePreparer Uses

func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (DataConnectorsClient) CreateOrUpdateResponder Uses

func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (DataConnectorsClient) CreateOrUpdateSender Uses

func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Delete Uses

func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result autorest.Response, err error)

Delete delete the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) DeletePreparer Uses

func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (DataConnectorsClient) DeleteResponder Uses

func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (DataConnectorsClient) DeleteSender Uses

func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Get Uses

func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result DataConnectorModel, err error)

Get gets a data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) GetPreparer Uses

func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (DataConnectorsClient) GetResponder Uses

func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (DataConnectorsClient) GetSender Uses

func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) List Uses

func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListPage, err error)

List gets all data connectors. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (DataConnectorsClient) ListComplete Uses

func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (DataConnectorsClient) ListPreparer Uses

func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (DataConnectorsClient) ListResponder Uses

func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (DataConnectorsClient) ListSender Uses

func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type DataTypeState Uses

type DataTypeState string

DataTypeState enumerates the values for data type state.

const (
    // Disabled ...
    Disabled DataTypeState = "Disabled"
    // Enabled ...
    Enabled DataTypeState = "Enabled"
)

func PossibleDataTypeStateValues Uses

func PossibleDataTypeStateValues() []DataTypeState

PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type.

type DataTypeStatus Uses

type DataTypeStatus string

DataTypeStatus enumerates the values for data type status.

const (
    // Exist ...
    Exist DataTypeStatus = "Exist"
    // NotExist ...
    NotExist DataTypeStatus = "NotExist"
)

func PossibleDataTypeStatusValues Uses

func PossibleDataTypeStatusValues() []DataTypeStatus

PossibleDataTypeStatusValues returns an array of possible values for the DataTypeStatus const type.

type ElevationToken Uses

type ElevationToken string

ElevationToken enumerates the values for elevation token.

const (
    // Default Default elevation token
    Default ElevationToken = "Default"
    // Full Full elevation token
    Full ElevationToken = "Full"
    // Limited Limited elevation token
    Limited ElevationToken = "Limited"
)

func PossibleElevationTokenValues Uses

func PossibleElevationTokenValues() []ElevationToken

PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type.

type EntitiesClient Uses

type EntitiesClient struct {
    BaseClient
}

EntitiesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesClient Uses

func NewEntitiesClient(subscriptionID string) EntitiesClient

NewEntitiesClient creates an instance of the EntitiesClient client.

func NewEntitiesClientWithBaseURI Uses

func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) EntitiesClient

NewEntitiesClientWithBaseURI creates an instance of the EntitiesClient client.

func (EntitiesClient) Expand Uses

func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error)

Expand expands an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an expand operation on the given entity.

func (EntitiesClient) ExpandPreparer Uses

func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error)

ExpandPreparer prepares the Expand request.

func (EntitiesClient) ExpandResponder Uses

func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error)

ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.

func (EntitiesClient) ExpandSender Uses

func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error)

ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) Get Uses

func (client EntitiesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (result EntityModel, err error)

Get gets an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID

func (EntitiesClient) GetPreparer Uses

func (client EntitiesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntitiesClient) GetResponder Uses

func (client EntitiesClient) GetResponder(resp *http.Response) (result EntityModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntitiesClient) GetSender Uses

func (client EntitiesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) List Uses

func (client EntitiesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListPage, err error)

List gets all entities. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (EntitiesClient) ListComplete Uses

func (client EntitiesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntitiesClient) ListPreparer Uses

func (client EntitiesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesClient) ListResponder Uses

func (client EntitiesClient) ListResponder(resp *http.Response) (result EntityList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesClient) ListSender Uses

func (client EntitiesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type Entity Uses

type Entity struct {
    autorest.Response `json:"-"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL'
    Kind KindBasicEntity `json:"kind,omitempty"`
}

Entity specific entity.

func (Entity) AsAccountEntity Uses

func (e Entity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for Entity.

func (Entity) AsAzureResourceEntity Uses

func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for Entity.

func (Entity) AsBasicEntity Uses

func (e Entity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for Entity.

func (Entity) AsCloudApplicationEntity Uses

func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for Entity.

func (Entity) AsDNSEntity Uses

func (e Entity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for Entity.

func (Entity) AsEntity Uses

func (e Entity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for Entity.

func (Entity) AsFileEntity Uses

func (e Entity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for Entity.

func (Entity) AsFileHashEntity Uses

func (e Entity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for Entity.

func (Entity) AsHostEntity Uses

func (e Entity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for Entity.

func (Entity) AsIPEntity Uses

func (e Entity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for Entity.

func (Entity) AsMalwareEntity Uses

func (e Entity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for Entity.

func (Entity) AsProcessEntity Uses

func (e Entity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for Entity.

func (Entity) AsRegistryKeyEntity Uses

func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for Entity.

func (Entity) AsRegistryValueEntity Uses

func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for Entity.

func (Entity) AsSecurityAlert Uses

func (e Entity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for Entity.

func (Entity) AsSecurityGroupEntity Uses

func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for Entity.

func (Entity) AsURLEntity Uses

func (e Entity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for Entity.

func (Entity) MarshalJSON Uses

func (e Entity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Entity.

type EntityCommonProperties Uses

type EntityCommonProperties struct {
    // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
    FriendlyName *string `json:"friendlyName,omitempty"`
    // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
    AdditionalData map[string]interface{} `json:"additionalData"`
}

EntityCommonProperties entity common property bag.

func (EntityCommonProperties) MarshalJSON Uses

func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityCommonProperties.

type EntityExpandParameters Uses

type EntityExpandParameters struct {
    // ExpansionID - The Id of the expansion to perform.
    ExpansionID *uuid.UUID `json:"expansionId,omitempty"`
    // StartTime - The start date filter, so the only expansion results returned are after this date.
    StartTime *date.Time `json:"startTime,omitempty"`
    // EndTime - The end date filter, so the only expansion results returned are before this date.
    EndTime *date.Time `json:"endTime,omitempty"`
}

EntityExpandParameters the parameters required to execute an expand operation on the given entity.

type EntityExpandResponse Uses

type EntityExpandResponse struct {
    autorest.Response `json:"-"`
    // Value - The expansion result values.
    Value *EntityExpandResponseValue `json:"value,omitempty"`
    // MetaData - The metadata from the expansion operation results.
    MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`
}

EntityExpandResponse the entity expansion result operation response.

type EntityExpandResponseValue Uses

type EntityExpandResponseValue struct {
    // Entities - Array of the expansion result entities.
    Entities *[]BasicEntity `json:"entities,omitempty"`
}

EntityExpandResponseValue the expansion result values.

func (*EntityExpandResponseValue) UnmarshalJSON Uses

func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct.

type EntityKind Uses

type EntityKind string

EntityKind enumerates the values for entity kind.

const (
    // EntityKindAccount Entity represents account in the system.
    EntityKindAccount EntityKind = "Account"
    // EntityKindAzureResource Entity represents azure resource in the system.
    EntityKindAzureResource EntityKind = "AzureResource"
    // EntityKindBookmark Entity represents bookmark in the system.
    EntityKindBookmark EntityKind = "Bookmark"
    // EntityKindCloudApplication Entity represents cloud application in the system.
    EntityKindCloudApplication EntityKind = "CloudApplication"
    // EntityKindDNSResolution Entity represents dns resolution in the system.
    EntityKindDNSResolution EntityKind = "DnsResolution"
    // EntityKindFile Entity represents file in the system.
    EntityKindFile EntityKind = "File"
    // EntityKindFileHash Entity represents file hash in the system.
    EntityKindFileHash EntityKind = "FileHash"
    // EntityKindHost Entity represents host in the system.
    EntityKindHost EntityKind = "Host"
    // EntityKindIP Entity represents ip in the system.
    EntityKindIP EntityKind = "Ip"
    // EntityKindMalware Entity represents malware in the system.
    EntityKindMalware EntityKind = "Malware"
    // EntityKindProcess Entity represents process in the system.
    EntityKindProcess EntityKind = "Process"
    // EntityKindRegistryKey Entity represents registry key in the system.
    EntityKindRegistryKey EntityKind = "RegistryKey"
    // EntityKindRegistryValue Entity represents registry value in the system.
    EntityKindRegistryValue EntityKind = "RegistryValue"
    // EntityKindSecurityAlert Entity represents security alert in the system.
    EntityKindSecurityAlert EntityKind = "SecurityAlert"
    // EntityKindSecurityGroup Entity represents security group in the system.
    EntityKindSecurityGroup EntityKind = "SecurityGroup"
    // EntityKindURL Entity represents url in the system.
    EntityKindURL EntityKind = "Url"
)

func PossibleEntityKindValues Uses

func PossibleEntityKindValues() []EntityKind

PossibleEntityKindValues returns an array of possible values for the EntityKind const type.

type EntityKind1 Uses

type EntityKind1 struct {
    // Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark'
    Kind EntityKind `json:"kind,omitempty"`
}

EntityKind1 describes an entity with kind.

type EntityList Uses

type EntityList struct {
    autorest.Response `json:"-"`
    // NextLink - READ-ONLY; URL to fetch the next set of entities.
    NextLink *string `json:"nextLink,omitempty"`
    // Value - Array of entities.
    Value *[]BasicEntity `json:"value,omitempty"`
}

EntityList list of all the entities.

func (EntityList) IsEmpty Uses

func (el EntityList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (*EntityList) UnmarshalJSON Uses

func (el *EntityList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityList struct.

type EntityListIterator Uses

type EntityListIterator struct {
    // contains filtered or unexported fields
}

EntityListIterator provides access to a complete listing of Entity values.

func NewEntityListIterator Uses

func NewEntityListIterator(page EntityListPage) EntityListIterator

Creates a new instance of the EntityListIterator type.

func (*EntityListIterator) Next Uses

func (iter *EntityListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityListIterator) NextWithContext Uses

func (iter *EntityListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityListIterator) NotDone Uses

func (iter EntityListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityListIterator) Response Uses

func (iter EntityListIterator) Response() EntityList

Response returns the raw server response from the last page request.

func (EntityListIterator) Value Uses

func (iter EntityListIterator) Value() BasicEntity

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityListPage Uses

type EntityListPage struct {
    // contains filtered or unexported fields
}

EntityListPage contains a page of BasicEntity values.

func NewEntityListPage Uses

func NewEntityListPage(getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage

Creates a new instance of the EntityListPage type.

func (*EntityListPage) Next Uses

func (page *EntityListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityListPage) NextWithContext Uses

func (page *EntityListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityListPage) NotDone Uses

func (page EntityListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityListPage) Response Uses

func (page EntityListPage) Response() EntityList

Response returns the raw server response from the last page request.

func (EntityListPage) Values Uses

func (page EntityListPage) Values() []BasicEntity

Values returns the slice of values for the current page or nil if there are no values.

type EntityModel Uses

type EntityModel struct {
    autorest.Response `json:"-"`
    Value             BasicEntity `json:"value,omitempty"`
}

EntityModel ...

func (*EntityModel) UnmarshalJSON Uses

func (em *EntityModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityModel struct.

type EntityQueriesClient Uses

type EntityQueriesClient struct {
    BaseClient
}

EntityQueriesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntityQueriesClient Uses

func NewEntityQueriesClient(subscriptionID string) EntityQueriesClient

NewEntityQueriesClient creates an instance of the EntityQueriesClient client.

func NewEntityQueriesClientWithBaseURI Uses

func NewEntityQueriesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueriesClient

NewEntityQueriesClientWithBaseURI creates an instance of the EntityQueriesClient client.

func (EntityQueriesClient) Get Uses

func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (result EntityQuery, err error)

Get gets an entity query. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityQueryID - entity query ID

func (EntityQueriesClient) GetPreparer Uses

func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntityQueriesClient) GetResponder Uses

func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQuery, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntityQueriesClient) GetSender Uses

func (client EntityQueriesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntityQueriesClient) List Uses

func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListPage, err error)

List gets all entity queries. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (EntityQueriesClient) ListComplete Uses

func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntityQueriesClient) ListPreparer Uses

func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntityQueriesClient) ListResponder Uses

func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntityQueriesClient) ListSender Uses

func (client EntityQueriesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntityQuery Uses

type EntityQuery struct {
    autorest.Response `json:"-"`
    // EntityQueryProperties - Entity query properties
    *EntityQueryProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
}

EntityQuery specific entity query.

func (EntityQuery) MarshalJSON Uses

func (eq EntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQuery.

func (*EntityQuery) UnmarshalJSON Uses

func (eq *EntityQuery) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityQuery struct.

type EntityQueryList Uses

type EntityQueryList struct {
    autorest.Response `json:"-"`
    // NextLink - READ-ONLY; URL to fetch the next set of entity queries.
    NextLink *string `json:"nextLink,omitempty"`
    // Value - Array of entity queries.
    Value *[]EntityQuery `json:"value,omitempty"`
}

EntityQueryList list of all the entity queries.

func (EntityQueryList) IsEmpty Uses

func (eql EntityQueryList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type EntityQueryListIterator Uses

type EntityQueryListIterator struct {
    // contains filtered or unexported fields
}

EntityQueryListIterator provides access to a complete listing of EntityQuery values.

func NewEntityQueryListIterator Uses

func NewEntityQueryListIterator(page EntityQueryListPage) EntityQueryListIterator

Creates a new instance of the EntityQueryListIterator type.

func (*EntityQueryListIterator) Next Uses

func (iter *EntityQueryListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryListIterator) NextWithContext Uses

func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityQueryListIterator) NotDone Uses

func (iter EntityQueryListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityQueryListIterator) Response Uses

func (iter EntityQueryListIterator) Response() EntityQueryList

Response returns the raw server response from the last page request.

func (EntityQueryListIterator) Value Uses

func (iter EntityQueryListIterator) Value() EntityQuery

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityQueryListPage Uses

type EntityQueryListPage struct {
    // contains filtered or unexported fields
}

EntityQueryListPage contains a page of EntityQuery values.

func NewEntityQueryListPage Uses

func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage

Creates a new instance of the EntityQueryListPage type.

func (*EntityQueryListPage) Next Uses

func (page *EntityQueryListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryListPage) NextWithContext Uses

func (page *EntityQueryListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityQueryListPage) NotDone Uses

func (page EntityQueryListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityQueryListPage) Response Uses

func (page EntityQueryListPage) Response() EntityQueryList

Response returns the raw server response from the last page request.

func (EntityQueryListPage) Values Uses

func (page EntityQueryListPage) Values() []EntityQuery

Values returns the slice of values for the current page or nil if there are no values.

type EntityQueryProperties Uses

type EntityQueryProperties struct {
    // QueryTemplate - The template query string to be parsed and formatted
    QueryTemplate *string `json:"queryTemplate,omitempty"`
    // InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark'
    InputEntityType EntityType `json:"inputEntityType,omitempty"`
    // InputFields - List of the fields of the source entity that are required to run the query
    InputFields *[]string `json:"inputFields,omitempty"`
    // OutputEntityTypes - List of the desired output types to be constructed from the result
    OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"`
    // DataSources - List of the data sources that are required to run the query
    DataSources *[]string `json:"dataSources,omitempty"`
    // DisplayName - The query display name
    DisplayName *string `json:"displayName,omitempty"`
}

EntityQueryProperties describes entity query properties

type EntityType Uses

type EntityType string

EntityType enumerates the values for entity type.

const (
    // EntityTypeAccount Entity represents account in the system.
    EntityTypeAccount EntityType = "Account"
    // EntityTypeAzureResource Entity represents azure resource in the system.
    EntityTypeAzureResource EntityType = "AzureResource"
    // EntityTypeCloudApplication Entity represents cloud application in the system.
    EntityTypeCloudApplication EntityType = "CloudApplication"
    // EntityTypeDNS Entity represents dns in the system.
    EntityTypeDNS EntityType = "DNS"
    // EntityTypeFile Entity represents file in the system.
    EntityTypeFile EntityType = "File"
    // EntityTypeFileHash Entity represents file hash in the system.
    EntityTypeFileHash EntityType = "FileHash"
    // EntityTypeHost Entity represents host in the system.
    EntityTypeHost EntityType = "Host"
    // EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system.
    EntityTypeHuntingBookmark EntityType = "HuntingBookmark"
    // EntityTypeIP Entity represents ip in the system.
    EntityTypeIP EntityType = "IP"
    // EntityTypeMalware Entity represents malware in the system.
    EntityTypeMalware EntityType = "Malware"
    // EntityTypeProcess Entity represents process in the system.
    EntityTypeProcess EntityType = "Process"
    // EntityTypeRegistryKey Entity represents registry key in the system.
    EntityTypeRegistryKey EntityType = "RegistryKey"
    // EntityTypeRegistryValue Entity represents registry value in the system.
    EntityTypeRegistryValue EntityType = "RegistryValue"
    // EntityTypeSecurityAlert Entity represents security alert in the system.
    EntityTypeSecurityAlert EntityType = "SecurityAlert"
    // EntityTypeSecurityGroup Entity represents security group in the system.
    EntityTypeSecurityGroup EntityType = "SecurityGroup"
    // EntityTypeURL Entity represents url in the system.
    EntityTypeURL EntityType = "URL"
)

func PossibleEntityTypeValues Uses

func PossibleEntityTypeValues() []EntityType

PossibleEntityTypeValues returns an array of possible values for the EntityType const type.

type ExpansionResultAggregation Uses

type ExpansionResultAggregation struct {
    // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark'
    EntityKind EntityKind `json:"entityKind,omitempty"`
    // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.
    Count *int32 `json:"count,omitempty"`
    // AggregationType - The common type of the aggregation. (for e.g. entity field name)
    AggregationType *string `json:"aggregationType,omitempty"`
    // DisplayName - The display name of the aggregation by type.
    DisplayName *string `json:"displayName,omitempty"`
}

ExpansionResultAggregation information of a specific aggregation in the expansion result.

type ExpansionResultsMetadata Uses

type ExpansionResultsMetadata struct {
    // Aggregations - Information of the aggregated nodes in the expansion result.
    Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"`
}

ExpansionResultsMetadata expansion result metadata.

type FileEntity Uses

type FileEntity struct {
    // FileEntityProperties - File entity properties
    *FileEntityProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL'
    Kind KindBasicEntity `json:"kind,omitempty"`
}

FileEntity represents a file entity.

func (FileEntity) AsAccountEntity Uses

func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsAzureResourceEntity Uses

func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsBasicEntity Uses

func (fe FileEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsCloudApplicationEntity Uses

func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsDNSEntity Uses

func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsEntity Uses

func (fe FileEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsFileEntity Uses

func (fe FileEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsFileHashEntity Uses

func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsHostEntity Uses

func (fe FileEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsIPEntity Uses

func (fe FileEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsMalwareEntity Uses

func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsProcessEntity Uses

func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsRegistryKeyEntity Uses

func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsRegistryValueEntity Uses

func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSecurityAlert Uses

func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSecurityGroupEntity Uses

func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsURLEntity Uses

func (fe FileEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) MarshalJSON Uses

func (fe FileEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileEntity.

func (*FileEntity) UnmarshalJSON Uses

func (fe *FileEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FileEntity struct.

type FileEntityProperties Uses

type FileEntityProperties struct {
    // Directory - READ-ONLY; The full path to the file.
    Directory *string `json:"directory,omitempty"`
    // FileName - READ-ONLY; The file name without path (some alerts might not include path).
    FileName *string `json:"fileName,omitempty"`
    // HostEntityID - READ-ONLY; The Host entity id which the file belongs to
    HostEntityID *string `json:"hostEntityId,omitempty"`
    // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file
    FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"`
    // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
    FriendlyName *string `json:"friendlyName,omitempty"`
    // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
    AdditionalData map[string]interface{} `json:"additionalData"`
}

FileEntityProperties file entity property bag.

func (FileEntityProperties) MarshalJSON Uses

func (fep FileEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileEntityProperties.

type FileHashAlgorithm Uses

type FileHashAlgorithm string

FileHashAlgorithm enumerates the values for file hash algorithm.

const (
    // MD5 MD5 hash type
    MD5 FileHashAlgorithm = "MD5"
    // SHA1 SHA1 hash type
    SHA1 FileHashAlgorithm = "SHA1"
    // SHA256 SHA256 hash type
    SHA256 FileHashAlgorithm = "SHA256"
    // SHA256AC SHA256 Authenticode hash type
    SHA256AC FileHashAlgorithm = "SHA256AC"
    // Unknown Unknown hash algorithm
    Unknown FileHashAlgorithm = "Unknown"
)

func PossibleFileHashAlgorithmValues Uses

func PossibleFileHashAlgorithmValues() []FileHashAlgorithm

PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type.

type FileHashEntity Uses

type FileHashEntity struct {
    // FileHashEntityProperties - FileHash entity properties
    *FileHashEntityProperties `json:"properties,omitempty"`
    // ID - READ-ONLY; Azure resource Id
    ID  *string `json:"id,omitempty"`
    // Type - READ-ONLY; Azure resource type
    Type *string `json:"type,omitempty"`
    // Name - READ-ONLY; Azure resource name
    Name *string `json:"name,omitempty"`
    // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindHost', 'KindFile', 'KindSecurityAlert', 'KindFileHash', 'KindMalware', 'KindSecurityGroup', 'KindAzureResource', 'KindCloudApplication', 'KindProcess', 'KindDNSResolution', 'KindIP', 'KindRegistryKey', 'KindRegistryValue', 'KindURL'
    Kind KindBasicEntity `json:"kind,omitempty"`
}

FileHashEntity represents a file hash entity.

func (FileHashEntity) AsAccountEntity Uses

func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsAzureResourceEntity Uses

func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsBasicEntity Uses

func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsCloudApplicationEntity Uses

func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsDNSEntity Uses

func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsEntity Uses

func (fhe FileHashEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsFileEntity Uses

func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsFileHashEntity Uses

func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsHostEntity Uses

func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsIPEntity Uses

func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsMalwareEntity Uses

func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsProcessEntity