securityinsight

package
v56.3.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 19, 2021 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package securityinsight implements the Azure ARM Securityinsight service API version 2020-01-01.

API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

Index

Constants

View Source 
const (
	// DefaultBaseURI is the default URI used for the service Securityinsight
	DefaultBaseURI = "https://management.azure.com"
)

Variables

This section is empty.

Functions

func UserAgent 

func UserAgent() string

UserAgent returns the UserAgent string to use when sending http.Requests.

func Version 

func Version() string

Version returns the semantic version (see http://semver.org) of the client.

Types

type AADDataConnector 

type AADDataConnector struct {
	// AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties.
	*AADDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AADDataConnector represents AAD (Azure Active Directory) data connector.

func (AADDataConnector) AsAADDataConnector 

func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAATPDataConnector 

func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsASCDataConnector 

func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAwsCloudTrailDataConnector 

func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsBasicDataConnector 

func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsDataConnector 

func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMCASDataConnector 

func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMDATPDataConnector 

func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsOfficeDataConnector 

func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsTIDataConnector 

func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) MarshalJSON 

func (adc AADDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AADDataConnector.

func (*AADDataConnector) UnmarshalJSON 

func (adc *AADDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AADDataConnector struct.

type AADDataConnectorProperties 

type AADDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AADDataConnectorProperties AAD (Azure Active Directory) data connector properties.

type AATPDataConnector 

type AATPDataConnector struct {
	// AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties.
	*AATPDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector.

func (AATPDataConnector) AsAADDataConnector 

func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAATPDataConnector 

func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsASCDataConnector 

func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAwsCloudTrailDataConnector 

func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsBasicDataConnector 

func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsDataConnector 

func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMCASDataConnector 

func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMDATPDataConnector 

func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsOfficeDataConnector 

func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsTIDataConnector 

func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) MarshalJSON 

func (adc AATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AATPDataConnector.

func (*AATPDataConnector) UnmarshalJSON 

func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct.

type AATPDataConnectorProperties 

type AATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties.

type ASCDataConnector 

type ASCDataConnector struct {
	// ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties.
	*ASCDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ASCDataConnector represents ASC (Azure Security Center) data connector.

func (ASCDataConnector) AsAADDataConnector 

func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAATPDataConnector 

func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsASCDataConnector 

func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAwsCloudTrailDataConnector 

func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsBasicDataConnector 

func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsDataConnector 

func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMCASDataConnector 

func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMDATPDataConnector 

func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsOfficeDataConnector 

func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsTIDataConnector 

func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) MarshalJSON 

func (adc ASCDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ASCDataConnector.

func (*ASCDataConnector) UnmarshalJSON 

func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ASCDataConnector struct.

type ASCDataConnectorProperties 

type ASCDataConnectorProperties struct {
	// SubscriptionID - The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

ASCDataConnectorProperties ASC (Azure Security Center) data connector properties.

type ActionPropertiesBase 

type ActionPropertiesBase struct {
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionPropertiesBase action property bag base.

type ActionRequest 

type ActionRequest struct {
	// ActionRequestProperties - Action properties for put request
	*ActionRequestProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ActionRequest action for alert rule.

func (ActionRequest) MarshalJSON 

func (ar ActionRequest) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionRequest.

func (*ActionRequest) UnmarshalJSON 

func (ar *ActionRequest) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActionRequest struct.

type ActionRequestProperties 

type ActionRequestProperties struct {
	// TriggerURI - Logic App Callback URL for this specific workflow.
	TriggerURI *string `json:"triggerUri,omitempty"`
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionRequestProperties action property bag.

type ActionResponse 

type ActionResponse struct {
	autorest.Response `json:"-"`
	// Etag - Etag of the action.
	Etag *string `json:"etag,omitempty"`
	// ActionResponseProperties - Action properties for get request
	*ActionResponseProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

ActionResponse action for alert rule.

func (ActionResponse) MarshalJSON 

func (ar ActionResponse) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionResponse.

func (*ActionResponse) UnmarshalJSON 

func (ar *ActionResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActionResponse struct.

type ActionResponseProperties 

type ActionResponseProperties struct {
	// WorkflowID - The name of the logic app's workflow.
	WorkflowID *string `json:"workflowId,omitempty"`
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionResponseProperties action property bag.

type ActionsClient 

type ActionsClient struct {
	BaseClient
}

ActionsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewActionsClient 

func NewActionsClient(subscriptionID string) ActionsClient

NewActionsClient creates an instance of the ActionsClient client.

func NewActionsClientWithBaseURI 

func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient

NewActionsClientWithBaseURI creates an instance of the ActionsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ActionsClient) ListByAlertRule 

func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result ActionsListPage, err error)

ListByAlertRule gets all actions of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID

func (ActionsClient) ListByAlertRuleComplete 

func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result ActionsListIterator, err error)

ListByAlertRuleComplete enumerates all values, automatically crossing page boundaries as required.

func (ActionsClient) ListByAlertRulePreparer 

func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error)

ListByAlertRulePreparer prepares the ListByAlertRule request.

func (ActionsClient) ListByAlertRuleResponder 

func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error)

ListByAlertRuleResponder handles the response to the ListByAlertRule request. The method always closes the http.Response Body.

func (ActionsClient) ListByAlertRuleSender 

func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error)

ListByAlertRuleSender sends the ListByAlertRule request. The method will close the http.Response Body if it receives an error.

type ActionsList 

type ActionsList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of actions.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of actions.
	Value *[]ActionResponse `json:"value,omitempty"`
}

ActionsList list all the actions.

func (ActionsList) IsEmpty 

func (al ActionsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (ActionsList) MarshalJSON 

func (al ActionsList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionsList.

type ActionsListIterator 

type ActionsListIterator struct {
	// contains filtered or unexported fields
}

ActionsListIterator provides access to a complete listing of ActionResponse values.

func NewActionsListIterator 

func NewActionsListIterator(page ActionsListPage) ActionsListIterator

Creates a new instance of the ActionsListIterator type.

func (*ActionsListIterator) Next 

func (iter *ActionsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListIterator) NextWithContext 

func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (ActionsListIterator) NotDone 

func (iter ActionsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (ActionsListIterator) Response 

func (iter ActionsListIterator) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListIterator) Value 

func (iter ActionsListIterator) Value() ActionResponse

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type ActionsListPage 

type ActionsListPage struct {
	// contains filtered or unexported fields
}

ActionsListPage contains a page of ActionResponse values.

func NewActionsListPage 

func NewActionsListPage(cur ActionsList, getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage

Creates a new instance of the ActionsListPage type.

func (*ActionsListPage) Next 

func (page *ActionsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListPage) NextWithContext 

func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (ActionsListPage) NotDone 

func (page ActionsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (ActionsListPage) Response 

func (page ActionsListPage) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListPage) Values 

func (page ActionsListPage) Values() []ActionResponse

Values returns the slice of values for the current page or nil if there are no values.

type AlertRule 

type AlertRule struct {
	autorest.Response `json:"-"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind Kind `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

AlertRule alert rule.

func (AlertRule) AsAlertRule 

func (ar AlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsBasicAlertRule 

func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsFusionAlertRule 

func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsScheduledAlertRule 

func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) MarshalJSON 

func (ar AlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRule.

type AlertRuleKind 

type AlertRuleKind string

AlertRuleKind enumerates the values for alert rule kind. 

const (
	// Fusion ...
	Fusion AlertRuleKind = "Fusion"
	// MicrosoftSecurityIncidentCreation ...
	MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation"
	// Scheduled ...
	Scheduled AlertRuleKind = "Scheduled"
)

func PossibleAlertRuleKindValues 

func PossibleAlertRuleKindValues() []AlertRuleKind

PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type.

type AlertRuleModel 

type AlertRuleModel struct {
	autorest.Response `json:"-"`
	Value             BasicAlertRule `json:"value,omitempty"`
}

AlertRuleModel ...

func (*AlertRuleModel) UnmarshalJSON 

func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleModel struct.

type AlertRuleTemplate 

type AlertRuleTemplate struct {
	autorest.Response `json:"-"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

AlertRuleTemplate alert rule template.

func (AlertRuleTemplate) AsAlertRuleTemplate 

func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsBasicAlertRuleTemplate 

func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsFusionAlertRuleTemplate 

func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) MarshalJSON 

func (art AlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplate.

type AlertRuleTemplateDataSource 

type AlertRuleTemplateDataSource struct {
	// ConnectorID - The connector id that provides the following data types
	ConnectorID *string `json:"connectorId,omitempty"`
	// DataTypes - The data types used by the alert rule template
	DataTypes *[]string `json:"dataTypes,omitempty"`
}

AlertRuleTemplateDataSource alert rule template data sources

type AlertRuleTemplateModel 

type AlertRuleTemplateModel struct {
	autorest.Response `json:"-"`
	Value             BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplateModel ...

func (*AlertRuleTemplateModel) UnmarshalJSON 

func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct.

type AlertRuleTemplatesClient 

type AlertRuleTemplatesClient struct {
	BaseClient
}

AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRuleTemplatesClient 

func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client.

func NewAlertRuleTemplatesClientWithBaseURI 

func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (AlertRuleTemplatesClient) Get 

func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error)

Get gets the alert rule template. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. alertRuleTemplateID - alert rule template ID

func (AlertRuleTemplatesClient) GetPreparer 

func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRuleTemplatesClient) GetResponder 

func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) GetSender 

func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRuleTemplatesClient) List 

func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRuleTemplatesListPage, err error)

List gets all alert rule templates. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace.

func (AlertRuleTemplatesClient) ListComplete 

func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRuleTemplatesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRuleTemplatesClient) ListPreparer 

func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRuleTemplatesClient) ListResponder 

func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) ListSender 

func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRuleTemplatesList 

type AlertRuleTemplatesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of alert rule templates.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of alert rule templates.
	Value *[]BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplatesList list all the alert rule templates.

func (AlertRuleTemplatesList) IsEmpty 

func (artl AlertRuleTemplatesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (AlertRuleTemplatesList) MarshalJSON 

func (artl AlertRuleTemplatesList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplatesList.

func (*AlertRuleTemplatesList) UnmarshalJSON 

func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct.

type AlertRuleTemplatesListIterator 

type AlertRuleTemplatesListIterator struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values.

func NewAlertRuleTemplatesListIterator 

func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator

Creates a new instance of the AlertRuleTemplatesListIterator type.

func (*AlertRuleTemplatesListIterator) Next 

func (iter *AlertRuleTemplatesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListIterator) NextWithContext 

func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRuleTemplatesListIterator) NotDone 

func (iter AlertRuleTemplatesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListIterator) Response 

func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListIterator) Value 

func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRuleTemplatesListPage 

type AlertRuleTemplatesListPage struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values.

func NewAlertRuleTemplatesListPage 

func NewAlertRuleTemplatesListPage(cur AlertRuleTemplatesList, getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage

Creates a new instance of the AlertRuleTemplatesListPage type.

func (*AlertRuleTemplatesListPage) Next 

func (page *AlertRuleTemplatesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListPage) NextWithContext 

func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRuleTemplatesListPage) NotDone 

func (page AlertRuleTemplatesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListPage) Response 

func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListPage) Values 

func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate

Values returns the slice of values for the current page or nil if there are no values.

type AlertRulesClient 

type AlertRulesClient struct {
	BaseClient
}

AlertRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRulesClient 

func NewAlertRulesClient(subscriptionID string) AlertRulesClient

NewAlertRulesClient creates an instance of the AlertRulesClient client.

func NewAlertRulesClientWithBaseURI 

func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient

NewAlertRulesClientWithBaseURI creates an instance of the AlertRulesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (AlertRulesClient) CreateOrUpdate 

func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule BasicAlertRule) (result AlertRuleModel, err error)

CreateOrUpdate creates or updates the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID alertRule - the alert rule

func (AlertRulesClient) CreateOrUpdateAction 

func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest) (result ActionResponse, err error)

CreateOrUpdateAction creates or updates the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID action - the action

func (AlertRulesClient) CreateOrUpdateActionPreparer 

func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest) (*http.Request, error)

CreateOrUpdateActionPreparer prepares the CreateOrUpdateAction request.

func (AlertRulesClient) CreateOrUpdateActionResponder 

func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error)

CreateOrUpdateActionResponder handles the response to the CreateOrUpdateAction request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateActionSender 

func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error)

CreateOrUpdateActionSender sends the CreateOrUpdateAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) CreateOrUpdatePreparer 

func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule BasicAlertRule) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (AlertRulesClient) CreateOrUpdateResponder 

func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateSender 

func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Delete 

func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result autorest.Response, err error)

Delete delete the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) DeleteAction 

func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error)

DeleteAction delete the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (AlertRulesClient) DeleteActionPreparer 

func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

DeleteActionPreparer prepares the DeleteAction request.

func (AlertRulesClient) DeleteActionResponder 

func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error)

DeleteActionResponder handles the response to the DeleteAction request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteActionSender 

func (client AlertRulesClient) DeleteActionSender(req *http.Request) (*http.Response, error)

DeleteActionSender sends the DeleteAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) DeletePreparer 

func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (AlertRulesClient) DeleteResponder 

func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteSender 

func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Get 

func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result AlertRuleModel, err error)

Get gets the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) GetAction 

func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (result ActionResponse, err error)

GetAction gets the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (AlertRulesClient) GetActionPreparer 

func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

GetActionPreparer prepares the GetAction request.

func (AlertRulesClient) GetActionResponder 

func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error)

GetActionResponder handles the response to the GetAction request. The method always closes the http.Response Body.

func (AlertRulesClient) GetActionSender 

func (client AlertRulesClient) GetActionSender(req *http.Request) (*http.Response, error)

GetActionSender sends the GetAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) GetPreparer 

func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRulesClient) GetResponder 

func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRulesClient) GetSender 

func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) List 

func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRulesListPage, err error)

List gets all alert rules. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace.

func (AlertRulesClient) ListComplete 

func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRulesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRulesClient) ListPreparer 

func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRulesClient) ListResponder 

func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRulesClient) ListSender 

func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRulesList 

type AlertRulesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of alert rules.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of alert rules.
	Value *[]BasicAlertRule `json:"value,omitempty"`
}

AlertRulesList list all the alert rules.

func (AlertRulesList) IsEmpty 

func (arl AlertRulesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (AlertRulesList) MarshalJSON 

func (arl AlertRulesList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRulesList.

func (*AlertRulesList) UnmarshalJSON 

func (arl *AlertRulesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRulesList struct.

type AlertRulesListIterator 

type AlertRulesListIterator struct {
	// contains filtered or unexported fields
}

AlertRulesListIterator provides access to a complete listing of AlertRule values.

func NewAlertRulesListIterator 

func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator

Creates a new instance of the AlertRulesListIterator type.

func (*AlertRulesListIterator) Next 

func (iter *AlertRulesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListIterator) NextWithContext 

func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRulesListIterator) NotDone 

func (iter AlertRulesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRulesListIterator) Response 

func (iter AlertRulesListIterator) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListIterator) Value 

func (iter AlertRulesListIterator) Value() BasicAlertRule

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRulesListPage 

type AlertRulesListPage struct {
	// contains filtered or unexported fields
}

AlertRulesListPage contains a page of BasicAlertRule values.

func NewAlertRulesListPage 

func NewAlertRulesListPage(cur AlertRulesList, getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage

Creates a new instance of the AlertRulesListPage type.

func (*AlertRulesListPage) Next 

func (page *AlertRulesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListPage) NextWithContext 

func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRulesListPage) NotDone 

func (page AlertRulesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRulesListPage) Response 

func (page AlertRulesListPage) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListPage) Values 

func (page AlertRulesListPage) Values() []BasicAlertRule

Values returns the slice of values for the current page or nil if there are no values.

type AlertSeverity 

type AlertSeverity string

AlertSeverity enumerates the values for alert severity. 

const (
	// High High severity
	High AlertSeverity = "High"
	// Informational Informational severity
	Informational AlertSeverity = "Informational"
	// Low Low severity
	Low AlertSeverity = "Low"
	// Medium Medium severity
	Medium AlertSeverity = "Medium"
)

func PossibleAlertSeverityValues 

func PossibleAlertSeverityValues() []AlertSeverity

PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type.

type AlertsDataTypeOfDataConnector 

type AlertsDataTypeOfDataConnector struct {
	// Alerts - Alerts data type connection.
	Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"`
}

AlertsDataTypeOfDataConnector alerts data type for data connectors.

type AttackTactic 

type AttackTactic string

AttackTactic enumerates the values for attack tactic. 

const (
	// Collection ...
	Collection AttackTactic = "Collection"
	// CommandAndControl ...
	CommandAndControl AttackTactic = "CommandAndControl"
	// CredentialAccess ...
	CredentialAccess AttackTactic = "CredentialAccess"
	// DefenseEvasion ...
	DefenseEvasion AttackTactic = "DefenseEvasion"
	// Discovery ...
	Discovery AttackTactic = "Discovery"
	// Execution ...
	Execution AttackTactic = "Execution"
	// Exfiltration ...
	Exfiltration AttackTactic = "Exfiltration"
	// Impact ...
	Impact AttackTactic = "Impact"
	// InitialAccess ...
	InitialAccess AttackTactic = "InitialAccess"
	// LateralMovement ...
	LateralMovement AttackTactic = "LateralMovement"
	// Persistence ...
	Persistence AttackTactic = "Persistence"
	// PrivilegeEscalation ...
	PrivilegeEscalation AttackTactic = "PrivilegeEscalation"
)

func PossibleAttackTacticValues 

func PossibleAttackTacticValues() []AttackTactic

PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type.

type AwsCloudTrailDataConnector 

type AwsCloudTrailDataConnector struct {
	// AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.
	*AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector.

func (AwsCloudTrailDataConnector) AsAADDataConnector 

func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAATPDataConnector 

func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsASCDataConnector 

func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector 

func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsBasicDataConnector 

func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsDataConnector 

func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMCASDataConnector 

func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMDATPDataConnector 

func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsOfficeDataConnector 

func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsTIDataConnector 

func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) MarshalJSON 

func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector.

func (*AwsCloudTrailDataConnector) UnmarshalJSON 

func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct.

type AwsCloudTrailDataConnectorDataTypes 

type AwsCloudTrailDataConnectorDataTypes struct {
	// Logs - Logs data type.
	Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data connector.

type AwsCloudTrailDataConnectorDataTypesLogs 

type AwsCloudTrailDataConnectorDataTypesLogs struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

AwsCloudTrailDataConnectorDataTypesLogs logs data type.

type AwsCloudTrailDataConnectorProperties 

type AwsCloudTrailDataConnectorProperties struct {
	// AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
	AwsRoleArn *string `json:"awsRoleArn,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"`
}

AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties.

type BaseClient 

type BaseClient struct {
	autorest.Client
	BaseURI        string
	SubscriptionID string
}

BaseClient is the base client for Securityinsight.

func New 

func New(subscriptionID string) BaseClient

New creates an instance of the BaseClient client.

func NewWithBaseURI 

func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient

NewWithBaseURI creates an instance of the BaseClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

type BasicAlertRule 

type BasicAlertRule interface {
	AsFusionAlertRule() (*FusionAlertRule, bool)
	AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
	AsScheduledAlertRule() (*ScheduledAlertRule, bool)
	AsAlertRule() (*AlertRule, bool)
}

BasicAlertRule alert rule.

type BasicAlertRuleTemplate 

type BasicAlertRuleTemplate interface {
	AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
	AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
	AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
	AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
}

BasicAlertRuleTemplate alert rule template.

type BasicDataConnector 

type BasicDataConnector interface {
	AsAADDataConnector() (*AADDataConnector, bool)
	AsAATPDataConnector() (*AATPDataConnector, bool)
	AsASCDataConnector() (*ASCDataConnector, bool)
	AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
	AsMCASDataConnector() (*MCASDataConnector, bool)
	AsMDATPDataConnector() (*MDATPDataConnector, bool)
	AsOfficeDataConnector() (*OfficeDataConnector, bool)
	AsTIDataConnector() (*TIDataConnector, bool)
	AsDataConnector() (*DataConnector, bool)
}

BasicDataConnector data connector.

type BasicSettings 

type BasicSettings interface {
	AsToggleSettings() (*ToggleSettings, bool)
	AsUebaSettings() (*UebaSettings, bool)
	AsSettings() (*Settings, bool)
}

BasicSettings the Settings.

type Bookmark 

type Bookmark struct {
	autorest.Response `json:"-"`
	// BookmarkProperties - Bookmark properties
	*BookmarkProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Bookmark represents a bookmark in Azure Security Insights.

func (Bookmark) MarshalJSON 

func (b Bookmark) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Bookmark.

func (*Bookmark) UnmarshalJSON 

func (b *Bookmark) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Bookmark struct.

type BookmarkList 

type BookmarkList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of cases.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of bookmarks.
	Value *[]Bookmark `json:"value,omitempty"`
}

BookmarkList list all the bookmarks.

func (BookmarkList) IsEmpty 

func (bl BookmarkList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (BookmarkList) MarshalJSON 

func (bl BookmarkList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for BookmarkList.

type BookmarkListIterator 

type BookmarkListIterator struct {
	// contains filtered or unexported fields
}

BookmarkListIterator provides access to a complete listing of Bookmark values.

func NewBookmarkListIterator 

func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator

Creates a new instance of the BookmarkListIterator type.

func (*BookmarkListIterator) Next 

func (iter *BookmarkListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListIterator) NextWithContext 

func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (BookmarkListIterator) NotDone 

func (iter BookmarkListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (BookmarkListIterator) Response 

func (iter BookmarkListIterator) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListIterator) Value 

func (iter BookmarkListIterator) Value() Bookmark

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type BookmarkListPage 

type BookmarkListPage struct {
	// contains filtered or unexported fields
}

BookmarkListPage contains a page of Bookmark values.

func NewBookmarkListPage 

func NewBookmarkListPage(cur BookmarkList, getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage

Creates a new instance of the BookmarkListPage type.

func (*BookmarkListPage) Next 

func (page *BookmarkListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListPage) NextWithContext 

func (page *BookmarkListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (BookmarkListPage) NotDone 

func (page BookmarkListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (BookmarkListPage) Response 

func (page BookmarkListPage) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListPage) Values 

func (page BookmarkListPage) Values() []Bookmark

Values returns the slice of values for the current page or nil if there are no values.

type BookmarkProperties 

type BookmarkProperties struct {
	// Created - The time the bookmark was created
	Created *date.Time `json:"created,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// DisplayName - The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// Query - The query of the bookmark.
	Query *string `json:"query,omitempty"`
	// QueryResult - The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`
	// Updated - The last time the bookmark was updated
	Updated *date.Time `json:"updated,omitempty"`
	// UpdatedBy - Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// IncidentInfo - Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`
}

BookmarkProperties describes bookmark properties

type BookmarksClient 

type BookmarksClient struct {
	BaseClient
}

BookmarksClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarksClient 

func NewBookmarksClient(subscriptionID string) BookmarksClient

NewBookmarksClient creates an instance of the BookmarksClient client.

func NewBookmarksClientWithBaseURI 

func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient

NewBookmarksClientWithBaseURI creates an instance of the BookmarksClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (BookmarksClient) CreateOrUpdate 

func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark Bookmark) (result Bookmark, err error)

CreateOrUpdate creates or updates the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID bookmark - the bookmark

func (BookmarksClient) CreateOrUpdatePreparer 

func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark Bookmark) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (BookmarksClient) CreateOrUpdateResponder 

func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (BookmarksClient) CreateOrUpdateSender 

func (client BookmarksClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Delete 

func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (result autorest.Response, err error)

Delete delete the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) DeletePreparer 

func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (BookmarksClient) DeleteResponder 

func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (BookmarksClient) DeleteSender 

func (client BookmarksClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Get 

func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (result Bookmark, err error)

Get gets a bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) GetPreparer 

func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (BookmarksClient) GetResponder 

func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (BookmarksClient) GetSender 

func (client BookmarksClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) List 

func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result BookmarkListPage, err error)

List gets all bookmarks. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace.

func (BookmarksClient) ListComplete 

func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result BookmarkListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (BookmarksClient) ListPreparer 

func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (BookmarksClient) ListResponder 

func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (BookmarksClient) ListSender 

func (client BookmarksClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type CaseSeverity 

type CaseSeverity string

CaseSeverity enumerates the values for case severity. 

const (
	// CaseSeverityCritical Critical severity
	CaseSeverityCritical CaseSeverity = "Critical"
	// CaseSeverityHigh High severity
	CaseSeverityHigh CaseSeverity = "High"
	// CaseSeverityInformational Informational severity
	CaseSeverityInformational CaseSeverity = "Informational"
	// CaseSeverityLow Low severity
	CaseSeverityLow CaseSeverity = "Low"
	// CaseSeverityMedium Medium severity
	CaseSeverityMedium CaseSeverity = "Medium"
)

func PossibleCaseSeverityValues 

func PossibleCaseSeverityValues() []CaseSeverity

PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type.

type ClientInfo 

type ClientInfo struct {
	// Email - The email of the client.
	Email *string `json:"email,omitempty"`
	// Name - The name of the client.
	Name *string `json:"name,omitempty"`
	// ObjectID - The object id of the client.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
	// UserPrincipalName - The user principal name of the client.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
}

ClientInfo information on the client (user or application) that made some action

type CloudError 

type CloudError struct {
	// Error - The error object of the CloudError response
	Error *ErrorResponse `json:"error,omitempty"`
}

CloudError an error response for a resource management request.

type DataConnector 

type DataConnector struct {
	autorest.Response `json:"-"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

DataConnector data connector.

func (DataConnector) AsAADDataConnector 

func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAATPDataConnector 

func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsASCDataConnector 

func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAwsCloudTrailDataConnector 

func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsBasicDataConnector 

func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsDataConnector 

func (dc DataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMCASDataConnector 

func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMDATPDataConnector 

func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsOfficeDataConnector 

func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsTIDataConnector 

func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) MarshalJSON 

func (dc DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnector.

type DataConnectorDataTypeCommon 

type DataConnectorDataTypeCommon struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

DataConnectorDataTypeCommon common field for data type in data connectors.

type DataConnectorKind 

type DataConnectorKind string

DataConnectorKind enumerates the values for data connector kind. 

const (
	// DataConnectorKindAmazonWebServicesCloudTrail ...
	DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail"
	// DataConnectorKindAzureActiveDirectory ...
	DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory"
	// DataConnectorKindAzureAdvancedThreatProtection ...
	DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection"
	// DataConnectorKindAzureSecurityCenter ...
	DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter"
	// DataConnectorKindMicrosoftCloudAppSecurity ...
	DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity"
	// DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ...
	DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
	// DataConnectorKindOffice365 ...
	DataConnectorKindOffice365 DataConnectorKind = "Office365"
	// DataConnectorKindThreatIntelligence ...
	DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence"
)

func PossibleDataConnectorKindValues 

func PossibleDataConnectorKindValues() []DataConnectorKind

PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.

type DataConnectorList 

type DataConnectorList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of data connectors.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of data connectors.
	Value *[]BasicDataConnector `json:"value,omitempty"`
}

DataConnectorList list all the data connectors.

func (DataConnectorList) IsEmpty 

func (dcl DataConnectorList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (DataConnectorList) MarshalJSON 

func (dcl DataConnectorList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnectorList.

func (*DataConnectorList) UnmarshalJSON 

func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorList struct.

type DataConnectorListIterator 

type DataConnectorListIterator struct {
	// contains filtered or unexported fields
}

DataConnectorListIterator provides access to a complete listing of DataConnector values.

func NewDataConnectorListIterator 

func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator

Creates a new instance of the DataConnectorListIterator type.

func (*DataConnectorListIterator) Next 

func (iter *DataConnectorListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListIterator) NextWithContext 

func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (DataConnectorListIterator) NotDone 

func (iter DataConnectorListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (DataConnectorListIterator) Response 

func (iter DataConnectorListIterator) Response() DataConnectorList

Response returns the raw server response from the last page request.

func (DataConnectorListIterator) Value 

func (iter DataConnectorListIterator) Value() BasicDataConnector

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type DataConnectorListPage 

type DataConnectorListPage struct {
	// contains filtered or unexported fields
}

DataConnectorListPage contains a page of BasicDataConnector values.

func NewDataConnectorListPage 

func NewDataConnectorListPage(cur DataConnectorList, getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage

Creates a new instance of the DataConnectorListPage type.

func (*DataConnectorListPage) Next 

func (page *DataConnectorListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListPage) NextWithContext 

func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (DataConnectorListPage) NotDone 

func (page DataConnectorListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (DataConnectorListPage) Response 

func (page DataConnectorListPage) Response() DataConnectorList

Response returns the raw server response from the last page request.

func (DataConnectorListPage) Values 

func (page DataConnectorListPage) Values() []BasicDataConnector

Values returns the slice of values for the current page or nil if there are no values.

type DataConnectorModel 

type DataConnectorModel struct {
	autorest.Response `json:"-"`
	Value             BasicDataConnector `json:"value,omitempty"`
}

DataConnectorModel ...

func (*DataConnectorModel) UnmarshalJSON 

func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorModel struct.

type DataConnectorTenantID 

type DataConnectorTenantID struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

DataConnectorTenantID properties data connector on tenant level.

type DataConnectorWithAlertsProperties 

type DataConnectorWithAlertsProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

DataConnectorWithAlertsProperties data connector properties.

type DataConnectorsClient 

type DataConnectorsClient struct {
	BaseClient
}

DataConnectorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewDataConnectorsClient 

func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient

NewDataConnectorsClient creates an instance of the DataConnectorsClient client.

func NewDataConnectorsClientWithBaseURI 

func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient

NewDataConnectorsClientWithBaseURI creates an instance of the DataConnectorsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (DataConnectorsClient) CreateOrUpdate 

func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (result DataConnectorModel, err error)

CreateOrUpdate creates or updates the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. dataConnectorID - connector ID dataConnector - the data connector

func (DataConnectorsClient) CreateOrUpdatePreparer 

func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (DataConnectorsClient) CreateOrUpdateResponder 

func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (DataConnectorsClient) CreateOrUpdateSender 

func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Delete 

func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result autorest.Response, err error)

Delete delete the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) DeletePreparer 

func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (DataConnectorsClient) DeleteResponder 

func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (DataConnectorsClient) DeleteSender 

func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Get 

func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result DataConnectorModel, err error)

Get gets a data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) GetPreparer 

func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (DataConnectorsClient) GetResponder 

func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (DataConnectorsClient) GetSender 

func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) List 

func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result DataConnectorListPage, err error)

List gets all data connectors. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace.

func (DataConnectorsClient) ListComplete 

func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result DataConnectorListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (DataConnectorsClient) ListPreparer 

func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (DataConnectorsClient) ListResponder 

func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (DataConnectorsClient) ListSender 

func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type DataTypeState 

type DataTypeState string

DataTypeState enumerates the values for data type state. 

const (
	// Disabled ...
	Disabled DataTypeState = "Disabled"
	// Enabled ...
	Enabled DataTypeState = "Enabled"
)

func PossibleDataTypeStateValues 

func PossibleDataTypeStateValues() []DataTypeState

PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type.

type ErrorAdditionalInfo 

type ErrorAdditionalInfo struct {
	// Type - READ-ONLY; The additional info type.
	Type *string `json:"type,omitempty"`
	// Info - READ-ONLY; The additional info.
	Info interface{} `json:"info,omitempty"`
}

ErrorAdditionalInfo the resource management error additional info.

func (ErrorAdditionalInfo) MarshalJSON 

func (eai ErrorAdditionalInfo) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ErrorAdditionalInfo.

type ErrorResponse 

type ErrorResponse struct {
	// Code - READ-ONLY; The error code.
	Code *string `json:"code,omitempty"`
	// Message - READ-ONLY; The error message.
	Message *string `json:"message,omitempty"`
	// Target - READ-ONLY; The error target.
	Target *string `json:"target,omitempty"`
	// Details - READ-ONLY; The error details.
	Details *[]ErrorResponse `json:"details,omitempty"`
	// AdditionalInfo - READ-ONLY; The error additional info.
	AdditionalInfo *[]ErrorAdditionalInfo `json:"additionalInfo,omitempty"`
}

ErrorResponse common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.)

func (ErrorResponse) MarshalJSON 

func (er ErrorResponse) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ErrorResponse.

type FusionAlertRule 

type FusionAlertRule struct {
	// FusionAlertRuleProperties - Fusion alert rule properties
	*FusionAlertRuleProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind Kind `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

FusionAlertRule represents Fusion alert rule.

func (FusionAlertRule) AsAlertRule 

func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsBasicAlertRule 

func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsFusionAlertRule 

func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsScheduledAlertRule 

func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) MarshalJSON 

func (far FusionAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRule.

func (*FusionAlertRule) UnmarshalJSON 

func (far *FusionAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FusionAlertRule struct.

type FusionAlertRuleProperties 

type FusionAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - READ-ONLY; The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

FusionAlertRuleProperties fusion alert rule base property bag.

func (FusionAlertRuleProperties) MarshalJSON 

func (farp FusionAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleProperties.

type FusionAlertRuleTemplate 

type FusionAlertRuleTemplate struct {
	// FusionAlertRuleTemplateProperties - Fusion alert rule template properties
	*FusionAlertRuleTemplateProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

FusionAlertRuleTemplate represents Fusion alert rule template.

func (FusionAlertRuleTemplate) AsAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) MarshalJSON 

func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleTemplate.

func (*FusionAlertRuleTemplate) UnmarshalJSON 

func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct.

type FusionAlertRuleTemplateProperties 

type FusionAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data connectors for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

FusionAlertRuleTemplateProperties represents Fusion alert rule template properties

func (FusionAlertRuleTemplateProperties) MarshalJSON 

func (fartp FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleTemplateProperties.

type Incident 

type Incident struct {
	autorest.Response `json:"-"`
	// IncidentProperties - Incident properties
	*IncidentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Incident represents an incident in Azure Security Insights.

func (Incident) MarshalJSON 

func (i Incident) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Incident.

func (*Incident) UnmarshalJSON 

func (i *Incident) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Incident struct.

type IncidentAdditionalData 

type IncidentAdditionalData struct {
	// AlertsCount - READ-ONLY; The number of alerts in the incident
	AlertsCount *int32 `json:"alertsCount,omitempty"`
	// BookmarksCount - READ-ONLY; The number of bookmarks in the incident
	BookmarksCount *int32 `json:"bookmarksCount,omitempty"`
	// CommentsCount - READ-ONLY; The number of comments in the incident
	CommentsCount *int32 `json:"commentsCount,omitempty"`
	// AlertProductNames - READ-ONLY; List of product names of alerts in the incident
	AlertProductNames *[]string `json:"alertProductNames,omitempty"`
	// Tactics - READ-ONLY; The tactics associated with incident
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

IncidentAdditionalData incident additional data property bag.

func (IncidentAdditionalData) MarshalJSON 

func (iad IncidentAdditionalData) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentAdditionalData.

type IncidentClassification 

type IncidentClassification string

IncidentClassification enumerates the values for incident classification. 

const (
	// BenignPositive Incident was benign positive
	BenignPositive IncidentClassification = "BenignPositive"
	// FalsePositive Incident was false positive
	FalsePositive IncidentClassification = "FalsePositive"
	// TruePositive Incident was true positive
	TruePositive IncidentClassification = "TruePositive"
	// Undetermined Incident classification was undetermined
	Undetermined IncidentClassification = "Undetermined"
)

func PossibleIncidentClassificationValues 

func PossibleIncidentClassificationValues() []IncidentClassification

PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type.

type IncidentClassificationReason 

type IncidentClassificationReason string

IncidentClassificationReason enumerates the values for incident classification reason. 

const (
	// InaccurateData Classification reason was inaccurate data
	InaccurateData IncidentClassificationReason = "InaccurateData"
	// IncorrectAlertLogic Classification reason was incorrect alert logic
	IncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic"
	// SuspiciousActivity Classification reason was suspicious activity
	SuspiciousActivity IncidentClassificationReason = "SuspiciousActivity"
	// SuspiciousButExpected Classification reason was suspicious but expected
	SuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected"
)

func PossibleIncidentClassificationReasonValues 

func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason

PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type.

type IncidentComment 

type IncidentComment struct {
	autorest.Response `json:"-"`
	// IncidentCommentProperties - Incident comment properties
	*IncidentCommentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

IncidentComment represents an incident comment

func (IncidentComment) MarshalJSON 

func (ic IncidentComment) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentComment.

func (*IncidentComment) UnmarshalJSON 

func (ic *IncidentComment) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IncidentComment struct.

type IncidentCommentList 

type IncidentCommentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of comments.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of comments.
	Value *[]IncidentComment `json:"value,omitempty"`
}

IncidentCommentList list of incident comments.

func (IncidentCommentList) IsEmpty 

func (icl IncidentCommentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (IncidentCommentList) MarshalJSON 

func (icl IncidentCommentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentCommentList.

type IncidentCommentListIterator 

type IncidentCommentListIterator struct {
	// contains filtered or unexported fields
}

IncidentCommentListIterator provides access to a complete listing of IncidentComment values.

func NewIncidentCommentListIterator 

func NewIncidentCommentListIterator(page IncidentCommentListPage) IncidentCommentListIterator

Creates a new instance of the IncidentCommentListIterator type.

func (*IncidentCommentListIterator) Next 

func (iter *IncidentCommentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentCommentListIterator) NextWithContext 

func (iter *IncidentCommentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (IncidentCommentListIterator) NotDone 

func (iter IncidentCommentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (IncidentCommentListIterator) Response 

func (iter IncidentCommentListIterator) Response() IncidentCommentList

Response returns the raw server response from the last page request.

func (IncidentCommentListIterator) Value 

func (iter IncidentCommentListIterator) Value() IncidentComment

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type IncidentCommentListPage 

type IncidentCommentListPage struct {
	// contains filtered or unexported fields
}

IncidentCommentListPage contains a page of IncidentComment values.

func NewIncidentCommentListPage 

func NewIncidentCommentListPage(cur IncidentCommentList, getNextPage func(context.Context, IncidentCommentList) (IncidentCommentList, error)) IncidentCommentListPage

Creates a new instance of the IncidentCommentListPage type.

func (*IncidentCommentListPage) Next 

func (page *IncidentCommentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentCommentListPage) NextWithContext 

func (page *IncidentCommentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (IncidentCommentListPage) NotDone 

func (page IncidentCommentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (IncidentCommentListPage) Response 

func (page IncidentCommentListPage) Response() IncidentCommentList

Response returns the raw server response from the last page request.

func (IncidentCommentListPage) Values 

func (page IncidentCommentListPage) Values() []IncidentComment

Values returns the slice of values for the current page or nil if there are no values.

type IncidentCommentProperties 

type IncidentCommentProperties struct {
	// CreatedTimeUtc - READ-ONLY; The time the comment was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Message - The comment message
	Message *string `json:"message,omitempty"`
	// Author - READ-ONLY; Describes the client that created the comment
	Author *ClientInfo `json:"author,omitempty"`
}

IncidentCommentProperties incident comment property bag.

func (IncidentCommentProperties) MarshalJSON 

func (icp IncidentCommentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentCommentProperties.

type IncidentCommentsClient 

type IncidentCommentsClient struct {
	BaseClient
}

IncidentCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentCommentsClient 

func NewIncidentCommentsClient(subscriptionID string) IncidentCommentsClient

NewIncidentCommentsClient creates an instance of the IncidentCommentsClient client.

func NewIncidentCommentsClientWithBaseURI 

func NewIncidentCommentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentCommentsClient

NewIncidentCommentsClientWithBaseURI creates an instance of the IncidentCommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentCommentsClient) CreateComment 

func (client IncidentCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (result IncidentComment, err error)

CreateComment creates the incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID incidentComment - the incident comment

func (IncidentCommentsClient) CreateCommentPreparer 

func (client IncidentCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (*http.Request, error)

CreateCommentPreparer prepares the CreateComment request.

func (IncidentCommentsClient) CreateCommentResponder 

func (client IncidentCommentsClient) CreateCommentResponder(resp *http.Response) (result IncidentComment, err error)

CreateCommentResponder handles the response to the CreateComment request. The method always closes the http.Response Body.

func (IncidentCommentsClient) CreateCommentSender 

func (client IncidentCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error)

CreateCommentSender sends the CreateComment request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) Get 

func (client IncidentCommentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string) (result IncidentComment, err error)

Get gets an incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID

func (IncidentCommentsClient) GetPreparer 

func (client IncidentCommentsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (IncidentCommentsClient) GetResponder 

func (client IncidentCommentsClient) GetResponder(resp *http.Response) (result IncidentComment, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (IncidentCommentsClient) GetSender 

func (client IncidentCommentsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) ListByIncident 

func (client IncidentCommentsClient) ListByIncident(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListPage, err error)

ListByIncident gets all incident comments. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentCommentsClient) ListByIncidentComplete 

func (client IncidentCommentsClient) ListByIncidentComplete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListIterator, err error)

ListByIncidentComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentCommentsClient) ListByIncidentPreparer 

func (client IncidentCommentsClient) ListByIncidentPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListByIncidentPreparer prepares the ListByIncident request.

func (IncidentCommentsClient) ListByIncidentResponder 

func (client IncidentCommentsClient) ListByIncidentResponder(resp *http.Response) (result IncidentCommentList, err error)

ListByIncidentResponder handles the response to the ListByIncident request. The method always closes the http.Response Body.

func (IncidentCommentsClient) ListByIncidentSender 

func (client IncidentCommentsClient) ListByIncidentSender(req *http.Request) (*http.Response, error)

ListByIncidentSender sends the ListByIncident request. The method will close the http.Response Body if it receives an error.

type IncidentInfo 

type IncidentInfo struct {
	// IncidentID - Incident Id
	IncidentID *string `json:"incidentId,omitempty"`
	// Severity - The severity of the incident. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational'
	Severity CaseSeverity `json:"severity,omitempty"`
	// Title - The title of the incident
	Title *string `json:"title,omitempty"`
	// RelationName - Relation Name
	RelationName *string `json:"relationName,omitempty"`
}

IncidentInfo describes related incident information for the bookmark

type IncidentLabel 

type IncidentLabel struct {
	// LabelName - The name of the label
	LabelName *string `json:"labelName,omitempty"`
	// LabelType - READ-ONLY; The type of the label. Possible values include: 'User', 'System'
	LabelType IncidentLabelType `json:"labelType,omitempty"`
}

IncidentLabel represents an incident label

func (IncidentLabel) MarshalJSON 

func (il IncidentLabel) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentLabel.

type IncidentLabelType 

type IncidentLabelType string

IncidentLabelType enumerates the values for incident label type. 

const (
	// System Label automatically created by the system
	System IncidentLabelType = "System"
	// User Label manually created by a user
	User IncidentLabelType = "User"
)

func PossibleIncidentLabelTypeValues 

func PossibleIncidentLabelTypeValues() []IncidentLabelType

PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type.

type IncidentList 

type IncidentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of incidents.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of incidents.
	Value *[]Incident `json:"value,omitempty"`
}

IncidentList list all the incidents.

func (IncidentList) IsEmpty 

func (il IncidentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (IncidentList) MarshalJSON 

func (il IncidentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentList.

type IncidentListIterator 

type IncidentListIterator struct {
	// contains filtered or unexported fields
}

IncidentListIterator provides access to a complete listing of Incident values.

func NewIncidentListIterator 

func NewIncidentListIterator(page IncidentListPage) IncidentListIterator

Creates a new instance of the IncidentListIterator type.

func (*IncidentListIterator) Next 

func (iter *IncidentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentListIterator) NextWithContext 

func (iter *IncidentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (IncidentListIterator) NotDone 

func (iter IncidentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (IncidentListIterator) Response 

func (iter IncidentListIterator) Response() IncidentList

Response returns the raw server response from the last page request.

func (IncidentListIterator) Value 

func (iter IncidentListIterator) Value() Incident

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type IncidentListPage 

type IncidentListPage struct {
	// contains filtered or unexported fields
}

IncidentListPage contains a page of Incident values.

func NewIncidentListPage 

func NewIncidentListPage(cur IncidentList, getNextPage func(context.Context, IncidentList) (IncidentList, error)) IncidentListPage

Creates a new instance of the IncidentListPage type.

func (*IncidentListPage) Next 

func (page *IncidentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentListPage) NextWithContext 

func (page *IncidentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (IncidentListPage) NotDone 

func (page IncidentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (IncidentListPage) Response 

func (page IncidentListPage) Response() IncidentList

Response returns the raw server response from the last page request.

func (IncidentListPage) Values 

func (page IncidentListPage) Values() []Incident

Values returns the slice of values for the current page or nil if there are no values.

type IncidentOwnerInfo 

type IncidentOwnerInfo struct {
	// Email - The email of the user the incident is assigned to.
	Email *string `json:"email,omitempty"`
	// AssignedTo - The name of the user the incident is assigned to.
	AssignedTo *string `json:"assignedTo,omitempty"`
	// ObjectID - The object id of the user the incident is assigned to.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
	// UserPrincipalName - The user principal name of the user the incident is assigned to.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
}

IncidentOwnerInfo information on the user an incident is assigned to

type IncidentProperties 

type IncidentProperties struct {
	// AdditionalData - READ-ONLY; Additional data on the incident
	AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty"`
	// Classification - The reason the incident was closed. Possible values include: 'Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive'
	Classification IncidentClassification `json:"classification,omitempty"`
	// ClassificationComment - Describes the reason the incident was closed
	ClassificationComment *string `json:"classificationComment,omitempty"`
	// ClassificationReason - The classification reason the incident was closed with. Possible values include: 'SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData'
	ClassificationReason IncidentClassificationReason `json:"classificationReason,omitempty"`
	// CreatedTimeUtc - READ-ONLY; The time the incident was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Description - The description of the incident
	Description *string `json:"description,omitempty"`
	// FirstActivityTimeUtc - The time of the first activity in the incident
	FirstActivityTimeUtc *date.Time `json:"firstActivityTimeUtc,omitempty"`
	// IncidentURL - READ-ONLY; The deep-link url to the incident in Azure portal
	IncidentURL *string `json:"incidentUrl,omitempty"`
	// IncidentNumber - READ-ONLY; A sequential number
	IncidentNumber *int32 `json:"incidentNumber,omitempty"`
	// Labels - List of labels relevant to this incident
	Labels *[]IncidentLabel `json:"labels,omitempty"`
	// LastActivityTimeUtc - The time of the last activity in the incident
	LastActivityTimeUtc *date.Time `json:"lastActivityTimeUtc,omitempty"`
	// LastModifiedTimeUtc - READ-ONLY; The last time the incident was updated
	LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"`
	// Owner - Describes a user that the incident is assigned to
	Owner *IncidentOwnerInfo `json:"owner,omitempty"`
	// RelatedAnalyticRuleIds - READ-ONLY; List of resource ids of Analytic rules related to the incident
	RelatedAnalyticRuleIds *[]string `json:"relatedAnalyticRuleIds,omitempty"`
	// Severity - The severity of the incident. Possible values include: 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational'
	Severity IncidentSeverity `json:"severity,omitempty"`
	// Status - The status of the incident. Possible values include: 'IncidentStatusNew', 'IncidentStatusActive', 'IncidentStatusClosed'
	Status IncidentStatus `json:"status,omitempty"`
	// Title - The title of the incident
	Title *string `json:"title,omitempty"`
}

IncidentProperties describes incident properties

func (IncidentProperties) MarshalJSON 

func (IP IncidentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentProperties.

type IncidentSeverity 

type IncidentSeverity string

IncidentSeverity enumerates the values for incident severity. 

const (
	// IncidentSeverityHigh High severity
	IncidentSeverityHigh IncidentSeverity = "High"
	// IncidentSeverityInformational Informational severity
	IncidentSeverityInformational IncidentSeverity = "Informational"
	// IncidentSeverityLow Low severity
	IncidentSeverityLow IncidentSeverity = "Low"
	// IncidentSeverityMedium Medium severity
	IncidentSeverityMedium IncidentSeverity = "Medium"
)

func PossibleIncidentSeverityValues 

func PossibleIncidentSeverityValues() []IncidentSeverity

PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type.

type IncidentStatus 

type IncidentStatus string

IncidentStatus enumerates the values for incident status. 

const (
	// IncidentStatusActive An active incident which is being handled
	IncidentStatusActive IncidentStatus = "Active"
	// IncidentStatusClosed A non-active incident
	IncidentStatusClosed IncidentStatus = "Closed"
	// IncidentStatusNew An active incident which isn't being handled currently
	IncidentStatusNew IncidentStatus = "New"
)

func PossibleIncidentStatusValues 

func PossibleIncidentStatusValues() []IncidentStatus

PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type.

type IncidentsClient 

type IncidentsClient struct {
	BaseClient
}

IncidentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentsClient 

func NewIncidentsClient(subscriptionID string) IncidentsClient

NewIncidentsClient creates an instance of the IncidentsClient client.

func NewIncidentsClientWithBaseURI 

func NewIncidentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentsClient

NewIncidentsClientWithBaseURI creates an instance of the IncidentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentsClient) CreateOrUpdate 

func (client IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident Incident) (result Incident, err error)

CreateOrUpdate creates or updates the incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID incident - the incident

func (IncidentsClient) CreateOrUpdatePreparer 

func (client IncidentsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident Incident) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (IncidentsClient) CreateOrUpdateResponder 

func (client IncidentsClient) CreateOrUpdateResponder(resp *http.Response) (result Incident, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (IncidentsClient) CreateOrUpdateSender 

func (client IncidentsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) Delete 

func (client IncidentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result autorest.Response, err error)

Delete delete the incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) DeletePreparer 

func (client IncidentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (IncidentsClient) DeleteResponder 

func (client IncidentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (IncidentsClient) DeleteSender 

func (client IncidentsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) Get 

func (client IncidentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result Incident, err error)

Get gets an incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) GetPreparer 

func (client IncidentsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (IncidentsClient) GetResponder 

func (client IncidentsClient) GetResponder(resp *http.Response) (result Incident, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (IncidentsClient) GetSender 

func (client IncidentsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) List 

func (client IncidentsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListPage, err error)

List gets all incidents. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentsClient) ListComplete 

func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentsClient) ListPreparer 

func (client IncidentsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (IncidentsClient) ListResponder 

func (client IncidentsClient) ListResponder(resp *http.Response) (result IncidentList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (IncidentsClient) ListSender 

func (client IncidentsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type Kind 

type Kind string

Kind enumerates the values for kind. 

const (
	// KindAlertRule ...
	KindAlertRule Kind = "AlertRule"
	// KindFusion ...
	KindFusion Kind = "Fusion"
	// KindMicrosoftSecurityIncidentCreation ...
	KindMicrosoftSecurityIncidentCreation Kind = "MicrosoftSecurityIncidentCreation"
	// KindScheduled ...
	KindScheduled Kind = "Scheduled"
)

func PossibleKindValues 

func PossibleKindValues() []Kind

PossibleKindValues returns an array of possible values for the Kind const type.

type KindBasicAlertRuleTemplate 

type KindBasicAlertRuleTemplate string

KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. 

const (
	// KindBasicAlertRuleTemplateKindAlertRuleTemplate ...
	KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate"
	// KindBasicAlertRuleTemplateKindFusion ...
	KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion"
	// KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ...
	KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation"
	// KindBasicAlertRuleTemplateKindScheduled ...
	KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled"
)

func PossibleKindBasicAlertRuleTemplateValues 

func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate

PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type.

type KindBasicDataConnector 

type KindBasicDataConnector string

KindBasicDataConnector enumerates the values for kind basic data connector. 

const (
	// KindAmazonWebServicesCloudTrail ...
	KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail"
	// KindAzureActiveDirectory ...
	KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory"
	// KindAzureAdvancedThreatProtection ...
	KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection"
	// KindAzureSecurityCenter ...
	KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter"
	// KindDataConnector ...
	KindDataConnector KindBasicDataConnector = "DataConnector"
	// KindMicrosoftCloudAppSecurity ...
	KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity"
	// KindMicrosoftDefenderAdvancedThreatProtection ...
	KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection"
	// KindOffice365 ...
	KindOffice365 KindBasicDataConnector = "Office365"
	// KindThreatIntelligence ...
	KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence"
)

func PossibleKindBasicDataConnectorValues 

func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector

PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type.

type KindBasicSettings 

type KindBasicSettings string

KindBasicSettings enumerates the values for kind basic settings. 

const (
	// KindSettings ...
	KindSettings KindBasicSettings = "Settings"
	// KindToggleSettings ...
	KindToggleSettings KindBasicSettings = "ToggleSettings"
	// KindUebaSettings ...
	KindUebaSettings KindBasicSettings = "UebaSettings"
)

func PossibleKindBasicSettingsValues 

func PossibleKindBasicSettingsValues() []KindBasicSettings

PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type.

type LicenseStatus 

type LicenseStatus string

LicenseStatus enumerates the values for license status. 

const (
	// LicenseStatusDisabled ...
	LicenseStatusDisabled LicenseStatus = "Disabled"
	// LicenseStatusEnabled ...
	LicenseStatusEnabled LicenseStatus = "Enabled"
)

func PossibleLicenseStatusValues 

func PossibleLicenseStatusValues() []LicenseStatus

PossibleLicenseStatusValues returns an array of possible values for the LicenseStatus const type.

type MCASDataConnector 

type MCASDataConnector struct {
	// MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties.
	*MCASDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector.

func (MCASDataConnector) AsAADDataConnector 

func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAATPDataConnector 

func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsASCDataConnector 

func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAwsCloudTrailDataConnector 

func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsBasicDataConnector 

func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsDataConnector 

func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMCASDataConnector 

func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMDATPDataConnector 

func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsOfficeDataConnector 

func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsTIDataConnector 

func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) MarshalJSON 

func (mdc MCASDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MCASDataConnector.

func (*MCASDataConnector) UnmarshalJSON 

func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct.

type MCASDataConnectorDataTypes 

type MCASDataConnectorDataTypes struct {
	// DiscoveryLogs - Discovery log data type connection.
	DiscoveryLogs *DataConnectorDataTypeCommon `json:"discoveryLogs,omitempty"`
	// Alerts - Alerts data type connection.
	Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"`
}

MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data connector.

type MCASDataConnectorProperties 

type MCASDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"`
}

MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties.

type MDATPDataConnector 

type MDATPDataConnector struct {
	// MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
	*MDATPDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

func (MDATPDataConnector) AsAADDataConnector 

func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAATPDataConnector 

func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsASCDataConnector 

func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAwsCloudTrailDataConnector 

func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsBasicDataConnector 

func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsDataConnector 

func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMCASDataConnector 

func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMDATPDataConnector 

func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsOfficeDataConnector 

func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsTIDataConnector 

func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) MarshalJSON 

func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MDATPDataConnector.

func (*MDATPDataConnector) UnmarshalJSON 

func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct.

type MDATPDataConnectorProperties 

type MDATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.

type MicrosoftSecurityIncidentCreationAlertRule 

type MicrosoftSecurityIncidentCreationAlertRule struct {
	// MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule properties
	*MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind Kind `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRule represents MicrosoftSecurityIncidentCreation rule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRule.

func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON 

func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRule struct.

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties 

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct {
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleCommonProperties microsoftSecurityIncidentCreation rule common property bag.

type MicrosoftSecurityIncidentCreationAlertRuleProperties 

type MicrosoftSecurityIncidentCreationAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property bag.

func (MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON 

func (msicarp MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleProperties.

type MicrosoftSecurityIncidentCreationAlertRuleTemplate 

type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct {
	// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties
	*MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplate represents MicrosoftSecurityIncidentCreation rule template.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON 

func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate struct.

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties 

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data connectors for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule template properties

func (MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON 

func (msicartp MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.

type MicrosoftSecurityProductName 

type MicrosoftSecurityProductName string

MicrosoftSecurityProductName enumerates the values for microsoft security product name. 

const (
	// AzureActiveDirectoryIdentityProtection ...
	AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection"
	// AzureAdvancedThreatProtection ...
	AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection"
	// AzureSecurityCenter ...
	AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center"
	// AzureSecurityCenterforIoT ...
	AzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT"
	// MicrosoftCloudAppSecurity ...
	MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security"
)

func PossibleMicrosoftSecurityProductNameValues 

func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName

PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type.

type OfficeConsent 

type OfficeConsent struct {
	// OfficeConsentProperties - Office consent properties
	*OfficeConsentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

OfficeConsent consent for Office365 tenant that already made.

func (OfficeConsent) MarshalJSON 

func (oc OfficeConsent) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsent.

func (*OfficeConsent) UnmarshalJSON 

func (oc *OfficeConsent) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeConsent struct.

type OfficeConsentList 

type OfficeConsentList struct {
	// NextLink - READ-ONLY; URL to fetch the next set of office consents.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of the consents.
	Value *[]OfficeConsent `json:"value,omitempty"`
}

OfficeConsentList list of all the office365 consents.

func (OfficeConsentList) MarshalJSON 

func (ocl OfficeConsentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsentList.

type OfficeConsentProperties 

type OfficeConsentProperties struct {
	// TenantID - The tenantId of the Office365 with the consent.
	TenantID *string `json:"tenantId,omitempty"`
	// TenantName - READ-ONLY; The tenant name of the Office365 with the consent.
	TenantName *string `json:"tenantName,omitempty"`
}

OfficeConsentProperties consent property bag.

func (OfficeConsentProperties) MarshalJSON 

func (ocp OfficeConsentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsentProperties.

type OfficeDataConnector 

type OfficeDataConnector struct {
	// OfficeDataConnectorProperties - Office data connector properties.
	*OfficeDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

OfficeDataConnector represents office data connector.

func (OfficeDataConnector) AsAADDataConnector 

func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAATPDataConnector 

func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsASCDataConnector 

func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAwsCloudTrailDataConnector 

func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsBasicDataConnector 

func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsDataConnector 

func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMCASDataConnector 

func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMDATPDataConnector 

func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsOfficeDataConnector 

func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsTIDataConnector 

func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) MarshalJSON 

func (odc OfficeDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeDataConnector.

func (*OfficeDataConnector) UnmarshalJSON 

func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct.

type OfficeDataConnectorDataTypes 

type OfficeDataConnectorDataTypes struct {
	// Exchange - Exchange data type connection.
	Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"`
	// SharePoint - SharePoint data type connection.
	SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"`
}

OfficeDataConnectorDataTypes the available data types for office data connector.

type OfficeDataConnectorDataTypesExchange 

type OfficeDataConnectorDataTypesExchange struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesExchange exchange data type connection.

type OfficeDataConnectorDataTypesSharePoint 

type OfficeDataConnectorDataTypesSharePoint struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesSharePoint sharePoint data type connection.

type OfficeDataConnectorProperties 

type OfficeDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"`
}

OfficeDataConnectorProperties office data connector properties.

type Operation 

type Operation struct {
	// Display - Properties of the operation
	Display *OperationDisplay `json:"display,omitempty"`
	// Name - Name of the operation
	Name *string `json:"name,omitempty"`
}

Operation operation provided by provider

type OperationDisplay 

type OperationDisplay struct {
	// Description - Description of the operation
	Description *string `json:"description,omitempty"`
	// Operation - Operation name
	Operation *string `json:"operation,omitempty"`
	// Provider - Provider name
	Provider *string `json:"provider,omitempty"`
	// Resource - Resource name
	Resource *string `json:"resource,omitempty"`
}

OperationDisplay properties of the operation

type OperationsClient 

type OperationsClient struct {
	BaseClient
}

OperationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewOperationsClient 

func NewOperationsClient(subscriptionID string) OperationsClient

NewOperationsClient creates an instance of the OperationsClient client.

func NewOperationsClientWithBaseURI 

func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient

NewOperationsClientWithBaseURI creates an instance of the OperationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (OperationsClient) List 

func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error)

List lists all operations available Azure Security Insights Resource Provider.

func (OperationsClient) ListComplete 

func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (OperationsClient) ListPreparer 

func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error)

ListPreparer prepares the List request.

func (OperationsClient) ListResponder 

func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (OperationsClient) ListSender 

func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type OperationsList 

type OperationsList struct {
	autorest.Response `json:"-"`
	// NextLink - URL to fetch the next set of operations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of operations
	Value *[]Operation `json:"value,omitempty"`
}

OperationsList lists the operations available in the SecurityInsights RP.

func (OperationsList) IsEmpty 

func (ol OperationsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type OperationsListIterator 

type OperationsListIterator struct {
	// contains filtered or unexported fields
}

OperationsListIterator provides access to a complete listing of Operation values.

func NewOperationsListIterator 

func NewOperationsListIterator(page OperationsListPage) OperationsListIterator

Creates a new instance of the OperationsListIterator type.

func (*OperationsListIterator) Next 

func (iter *OperationsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OperationsListIterator) NextWithContext 

func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (OperationsListIterator) NotDone 

func (iter OperationsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (OperationsListIterator) Response 

func (iter OperationsListIterator) Response() OperationsList

Response returns the raw server response from the last page request.

func (OperationsListIterator) Value 

func (iter OperationsListIterator) Value() Operation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type OperationsListPage 

type OperationsListPage struct {
	// contains filtered or unexported fields
}

OperationsListPage contains a page of Operation values.

func NewOperationsListPage 

func NewOperationsListPage(cur OperationsList, getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage

Creates a new instance of the OperationsListPage type.

func (*OperationsListPage) Next 

func (page *OperationsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OperationsListPage) NextWithContext 

func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (OperationsListPage) NotDone 

func (page OperationsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (OperationsListPage) Response 

func (page OperationsListPage) Response() OperationsList

Response returns the raw server response from the last page request.

func (OperationsListPage) Values 

func (page OperationsListPage) Values() []Operation

Values returns the slice of values for the current page or nil if there are no values.

type Resource 

type Resource struct {
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

Resource an azure resource object

func (Resource) MarshalJSON 

func (r Resource) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Resource.

type ResourceWithEtag 

type ResourceWithEtag struct {
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ResourceWithEtag an azure resource object with an Etag property

func (ResourceWithEtag) MarshalJSON 

func (rwe ResourceWithEtag) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ResourceWithEtag.

type ScheduledAlertRule 

type ScheduledAlertRule struct {
	// ScheduledAlertRuleProperties - Scheduled alert rule properties
	*ScheduledAlertRuleProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind Kind `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ScheduledAlertRule represents scheduled alert rule.

func (ScheduledAlertRule) AsAlertRule 

func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsBasicAlertRule 

func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsFusionAlertRule 

func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsScheduledAlertRule 

func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) MarshalJSON 

func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRule.

func (*ScheduledAlertRule) UnmarshalJSON 

func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct.

type ScheduledAlertRuleCommonProperties 

type ScheduledAlertRuleCommonProperties struct {
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
}

ScheduledAlertRuleCommonProperties schedule alert rule template property bag.

type ScheduledAlertRuleProperties 

type ScheduledAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`
	// SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
}

ScheduledAlertRuleProperties scheduled alert rule base property bag.

func (ScheduledAlertRuleProperties) MarshalJSON 

func (sarp ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleProperties.

type ScheduledAlertRuleTemplate 

type ScheduledAlertRuleTemplate struct {
	// ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties
	*ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

ScheduledAlertRuleTemplate represents scheduled alert rule template.

func (ScheduledAlertRuleTemplate) AsAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) MarshalJSON 

func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate.

func (*ScheduledAlertRuleTemplate) UnmarshalJSON 

func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct.

type ScheduledAlertRuleTemplateProperties 

type ScheduledAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data connectors for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

ScheduledAlertRuleTemplateProperties scheduled alert rule template properties

func (ScheduledAlertRuleTemplateProperties) MarshalJSON 

func (sartp ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplateProperties.

type SettingKind 

type SettingKind string

SettingKind enumerates the values for setting kind. 

const (
	// SettingKindToggleSettings ...
	SettingKindToggleSettings SettingKind = "ToggleSettings"
	// SettingKindUebaSettings ...
	SettingKindUebaSettings SettingKind = "UebaSettings"
)

func PossibleSettingKindValues 

func PossibleSettingKindValues() []SettingKind

PossibleSettingKindValues returns an array of possible values for the SettingKind const type.

type Settings 

type Settings struct {
	// Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings'
	Kind KindBasicSettings `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Settings the Settings.

func (Settings) AsBasicSettings 

func (s Settings) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for Settings.

func (Settings) AsSettings 

func (s Settings) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for Settings.

func (Settings) AsToggleSettings 

func (s Settings) AsToggleSettings() (*ToggleSettings, bool)

AsToggleSettings is the BasicSettings implementation for Settings.

func (Settings) AsUebaSettings 

func (s Settings) AsUebaSettings() (*UebaSettings, bool)

AsUebaSettings is the BasicSettings implementation for Settings.

func (Settings) MarshalJSON 

func (s Settings) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Settings.

type StatusInMcas 

type StatusInMcas string

StatusInMcas enumerates the values for status in mcas. 

const (
	// StatusInMcasDisabled ...
	StatusInMcasDisabled StatusInMcas = "Disabled"
	// StatusInMcasEnabled ...
	StatusInMcasEnabled StatusInMcas = "Enabled"
)

func PossibleStatusInMcasValues 

func PossibleStatusInMcasValues() []StatusInMcas

PossibleStatusInMcasValues returns an array of possible values for the StatusInMcas const type.

type TIDataConnector 

type TIDataConnector struct {
	// TIDataConnectorProperties - TI (Threat Intelligence) data connector properties.
	*TIDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

TIDataConnector represents threat intelligence data connector.

func (TIDataConnector) AsAADDataConnector 

func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAATPDataConnector 

func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsASCDataConnector 

func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAwsCloudTrailDataConnector 

func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsBasicDataConnector 

func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsDataConnector 

func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMCASDataConnector 

func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMDATPDataConnector 

func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsOfficeDataConnector 

func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsTIDataConnector 

func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) MarshalJSON 

func (tdc TIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TIDataConnector.

func (*TIDataConnector) UnmarshalJSON 

func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TIDataConnector struct.

type TIDataConnectorDataTypes 

type TIDataConnectorDataTypes struct {
	// Indicators - Data type for indicators connection.
	Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"`
}

TIDataConnectorDataTypes the available data types for TI (Threat Intelligence) data connector.

type TIDataConnectorDataTypesIndicators 

type TIDataConnectorDataTypesIndicators struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

TIDataConnectorDataTypesIndicators data type for indicators connection.

type TIDataConnectorProperties 

type TIDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"`
}

TIDataConnectorProperties TI (Threat Intelligence) data connector properties.

type TemplateStatus 

type TemplateStatus string

TemplateStatus enumerates the values for template status. 

const (
	// Available Alert rule template is available.
	Available TemplateStatus = "Available"
	// Installed Alert rule template installed. and can not use more then once
	Installed TemplateStatus = "Installed"
	// NotAvailable Alert rule template is not available
	NotAvailable TemplateStatus = "NotAvailable"
)

func PossibleTemplateStatusValues 

func PossibleTemplateStatusValues() []TemplateStatus

PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type.

type ThreatIntelligence 

type ThreatIntelligence struct {
	// Confidence - READ-ONLY; Confidence (must be between 0 and 1)
	Confidence *float64 `json:"confidence,omitempty"`
	// ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received
	ProviderName *string `json:"providerName,omitempty"`
	// ReportLink - READ-ONLY; Report link
	ReportLink *string `json:"reportLink,omitempty"`
	// ThreatDescription - READ-ONLY; Threat description (free text)
	ThreatDescription *string `json:"threatDescription,omitempty"`
	// ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware")
	ThreatName *string `json:"threatName,omitempty"`
	// ThreatType - READ-ONLY; Threat type (e.g. "Botnet")
	ThreatType *string `json:"threatType,omitempty"`
}

ThreatIntelligence threatIntelligence property bag.

func (ThreatIntelligence) MarshalJSON 

func (ti ThreatIntelligence) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligence.

type ToggleSettings 

type ToggleSettings struct {
	// ToggleSettingsProperties - toggle properties
	*ToggleSettingsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings'
	Kind KindBasicSettings `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ToggleSettings settings with single toggle.

func (ToggleSettings) AsBasicSettings 

func (ts ToggleSettings) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for ToggleSettings.

func (ToggleSettings) AsSettings 

func (ts ToggleSettings) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for ToggleSettings.

func (ToggleSettings) AsToggleSettings 

func (ts ToggleSettings) AsToggleSettings() (*ToggleSettings, bool)

AsToggleSettings is the BasicSettings implementation for ToggleSettings.

func (ToggleSettings) AsUebaSettings 

func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool)

AsUebaSettings is the BasicSettings implementation for ToggleSettings.

func (ToggleSettings) MarshalJSON 

func (ts ToggleSettings) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ToggleSettings.

func (*ToggleSettings) UnmarshalJSON 

func (ts *ToggleSettings) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ToggleSettings struct.

type ToggleSettingsProperties 

type ToggleSettingsProperties struct {
	// IsEnabled - Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`
}

ToggleSettingsProperties toggle property bag.

type TriggerOperator 

type TriggerOperator string

TriggerOperator enumerates the values for trigger operator. 

const (
	// Equal ...
	Equal TriggerOperator = "Equal"
	// GreaterThan ...
	GreaterThan TriggerOperator = "GreaterThan"
	// LessThan ...
	LessThan TriggerOperator = "LessThan"
	// NotEqual ...
	NotEqual TriggerOperator = "NotEqual"
)

func PossibleTriggerOperatorValues 

func PossibleTriggerOperatorValues() []TriggerOperator

PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type.

type UebaSettings 

type UebaSettings struct {
	// UebaSettingsProperties - User and Entity Behavior Analytics settings properties
	*UebaSettingsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings'
	Kind KindBasicSettings `json:"kind,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

UebaSettings represents settings for User and Entity Behavior Analytics enablement.

func (UebaSettings) AsBasicSettings 

func (us UebaSettings) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for UebaSettings.

func (UebaSettings) AsSettings 

func (us UebaSettings) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for UebaSettings.

func (UebaSettings) AsToggleSettings 

func (us UebaSettings) AsToggleSettings() (*ToggleSettings, bool)

AsToggleSettings is the BasicSettings implementation for UebaSettings.

func (UebaSettings) AsUebaSettings 

func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool)

AsUebaSettings is the BasicSettings implementation for UebaSettings.

func (UebaSettings) MarshalJSON 

func (us UebaSettings) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for UebaSettings.

func (*UebaSettings) UnmarshalJSON 

func (us *UebaSettings) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for UebaSettings struct.

type UebaSettingsProperties 

type UebaSettingsProperties struct {
	// AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled'
	AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"`
	// IsEnabled - Determines whether User and Entity Behavior Analytics is enabled for this workspace.
	IsEnabled *bool `json:"isEnabled,omitempty"`
	// StatusInMcas - READ-ONLY; Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: 'StatusInMcasEnabled', 'StatusInMcasDisabled'
	StatusInMcas StatusInMcas `json:"statusInMcas,omitempty"`
}

UebaSettingsProperties user and Entity Behavior Analytics settings property bag.

func (UebaSettingsProperties) MarshalJSON 

func (usp UebaSettingsProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for UebaSettingsProperties.

type UserInfo 

type UserInfo struct {
	// Email - READ-ONLY; The email of the user.
	Email *string `json:"email,omitempty"`
	// Name - READ-ONLY; The name of the user.
	Name *string `json:"name,omitempty"`
	// ObjectID - The object id of the user.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
}

UserInfo user information that made some action

func (UserInfo) MarshalJSON 

func (UI UserInfo) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for UserInfo.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.