diff --git a/src/securityinsight/azext_sentinel/azext_metadata.json b/src/securityinsight/azext_sentinel/azext_metadata.json index 4f48fa652a5..cfc30c747c7 100644 --- a/src/securityinsight/azext_sentinel/azext_metadata.json +++ b/src/securityinsight/azext_sentinel/azext_metadata.json @@ -1,4 +1,4 @@ { "azext.isExperimental": true, - "azext.minCliCoreVersion": "2.11.0" + "azext.minCliCoreVersion": "2.15.0" } \ No newline at end of file diff --git a/src/securityinsight/azext_sentinel/generated/_client_factory.py b/src/securityinsight/azext_sentinel/generated/_client_factory.py index 6868ae4601c..249c6f708ac 100644 --- a/src/securityinsight/azext_sentinel/generated/_client_factory.py +++ b/src/securityinsight/azext_sentinel/generated/_client_factory.py @@ -11,34 +11,34 @@ def cf_sentinel_cl(cli_ctx, *_): from azure.cli.core.commands.client_factory import get_mgmt_service_client - from ..vendored_sdks.securityinsight import SecurityInsights + from azext_sentinel.vendored_sdks.securityinsight import SecurityInsights return get_mgmt_service_client(cli_ctx, SecurityInsights) def cf_alert_rule(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).alert_rule + return cf_sentinel_cl(cli_ctx).alert_rules def cf_action(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).action + return cf_sentinel_cl(cli_ctx).actions def cf_alert_rule_template(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).alert_rule_template + return cf_sentinel_cl(cli_ctx).alert_rule_templates def cf_bookmark(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).bookmark + return cf_sentinel_cl(cli_ctx).bookmarks def cf_data_connector(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).data_connector + return cf_sentinel_cl(cli_ctx).data_connectors def cf_incident(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).incident + return cf_sentinel_cl(cli_ctx).incidents def cf_incident_comment(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).incident_comment + return cf_sentinel_cl(cli_ctx).incident_comments diff --git a/src/securityinsight/azext_sentinel/generated/_help.py b/src/securityinsight/azext_sentinel/generated/_help.py index 9a401f619f3..b28d953da2b 100644 --- a/src/securityinsight/azext_sentinel/generated/_help.py +++ b/src/securityinsight/azext_sentinel/generated/_help.py @@ -14,7 +14,7 @@ helps['sentinel alert-rule'] = """ type: group - short-summary: sentinel alert-rule + short-summary: Manage alert rule with sentinel """ helps['sentinel alert-rule list'] = """ @@ -30,10 +30,18 @@ type: command short-summary: "Gets the alert rule." examples: - - name: Get an alert rule. + - name: Get a Fusion alert rule. text: |- az sentinel alert-rule show --resource-group "myRg" --rule-id "myFirstFusionRule" --workspace-name \ "myWorkspace" + - name: Get a MicrosoftSecurityIncidentCreation rule. + text: |- + az sentinel alert-rule show --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExam\ +ple" --workspace-name "myWorkspace" + - name: Get a Scheduled alert rule. + text: |- + az sentinel alert-rule show --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--workspace-name "myWorkspace" """ helps['sentinel alert-rule create'] = """ @@ -92,30 +100,31 @@ examples: - name: Creates or updates an action of alert rule. text: |- - az sentinel alert-rule create --etag "{etag}" \ ---logic-app-resource-id "/subscriptions/{subs}/resourceGroups/myRg/providers/Microsoft.Lo\ -gic/workflows/MyAlerts" --trigger-uri "https://xxx.northcentralus.logic.azure.com:443/workflows/xxx/triggers/\ -manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" \ ---action-id "{action-id}" --resource-group "myRg" --rule-id "{rule-id}" --workspace-name "myWorkspace" + az sentinel alert-rule create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ +--logic-app-resource-id "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Lo\ +gic/workflows/MyAlerts" --trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd\ +7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" \ +--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2\ +ab5" --workspace-name "myWorkspace" - name: Creates or updates a Fusion alert rule. text: |- - az sentinel alert-rule create --fusion-alert-rule etag="{etag}" \ -alert-rule-template-name="{name}" enabled=true --resource-group "myRg" --rule-id \ + az sentinel alert-rule create --fusion-alert-rule etag="3d00c3ca-0000-0100-0000-5d42d5010000" \ +alert-rule-template-name="f71aba3d-28fb-450b-b192-4e76a83015c8" enabled=true --resource-group "myRg" --rule-id \ "myFirstFusionRule" --workspace-name "myWorkspace" - name: Creates or updates a MicrosoftSecurityIncidentCreation rule. text: |- az sentinel alert-rule create --microsoft-security-incident-creation-alert-rule \ -etag="{etag}" product-filter="Microsoft Cloud App Security" display-name="testing \ +etag="\\"260097e0-0000-0d00-0000-5d6fa88f0000\\"" product-filter="Microsoft Cloud App Security" display-name="testing \ displayname" enabled=true --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" \ --workspace-name "myWorkspace" - name: Creates or updates a Scheduled alert rule. text: |- - az sentinel alert-rule create --scheduled-alert-rule etag="{etag}" \ + az sentinel alert-rule create --scheduled-alert-rule etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ query="ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden" \ query-frequency="PT1H" query-period="P2DT1H30M" severity="High" trigger-operator="GreaterThan" trigger-threshold=0 \ description="" display-name="Rule2" enabled=true suppression-duration="PT1H" suppression-enabled=false \ -tactics="Persistence" tactics="LateralMovement" --resource-group "myRg" --rule-id "{rule-id}" \ ---workspace-name "myWorkspace" +tactics="Persistence" tactics="LateralMovement" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5\ +" --workspace-name "myWorkspace" """ helps['sentinel alert-rule update'] = """ @@ -179,27 +188,27 @@ examples: - name: Delete an action of alert rule. text: |- - az sentinel alert-rule delete --action-id "{action-id}" --resource-group \ -"myRg" --rule-id "{rule-id}" --workspace-name "myWorkspace" + az sentinel alert-rule delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group \ +"myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" - name: Delete an alert rule. text: |- - az sentinel alert-rule delete --resource-group "myRg" --rule-id "{rule-id}" \ + az sentinel alert-rule delete --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ --workspace-name "myWorkspace" """ -helps['sentinel alert-rule get-action'] = """ +helps['sentinel alert-rule show-action'] = """ type: command short-summary: "Gets the action of alert rule." examples: - name: Get an action of alert rule. text: |- - az sentinel alert-rule get-action --action-id "{action-id}" --resource-group \ -"myRg" --rule-id "{rule-id}" --workspace-name "myWorkspace" + az sentinel alert-rule show-action --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group \ +"myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" """ helps['sentinel action'] = """ type: group - short-summary: sentinel action + short-summary: Manage action with sentinel """ helps['sentinel action list'] = """ @@ -208,13 +217,13 @@ examples: - name: Get all actions of alert rule. text: |- - az sentinel action list --resource-group "myRg" --rule-id "{rule-id}" \ + az sentinel action list --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ --workspace-name "myWorkspace" """ helps['sentinel alert-rule-template'] = """ type: group - short-summary: sentinel alert-rule-template + short-summary: Manage alert rule template with sentinel """ helps['sentinel alert-rule-template list'] = """ @@ -232,13 +241,13 @@ examples: - name: Get alert rule template by Id. text: |- - az sentinel alert-rule-template show --alert-rule-template-id "{id}" \ + az sentinel alert-rule-template show --alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" \ --resource-group "myRg" --workspace-name "myWorkspace" """ helps['sentinel bookmark'] = """ type: group - short-summary: sentinel bookmark + short-summary: Manage bookmark with sentinel """ helps['sentinel bookmark list'] = """ @@ -256,7 +265,7 @@ examples: - name: Get a bookmark. text: |- - az sentinel bookmark show --bookmark-id "{id}" --resource-group "myRg" \ + az sentinel bookmark show --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ --workspace-name "myWorkspace" """ @@ -276,11 +285,12 @@ examples: - name: Creates or updates a bookmark. text: |- - az sentinel bookmark create --etag "{etag}" --created \ -"2019-01-01T13:15:30Z" --display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious \ -activity" -q "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" --query-result "Security \ -Event query result" --updated "2019-01-01T13:15:30Z" --bookmark-id "{id}" \ ---resource-group "myRg" --workspace-name "myWorkspace" + az sentinel bookmark create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --created \ +"2019-01-01T13:15:30Z" --user-info-object-id "2046feea-040d-4a46-9e2b-91c2941bfa70" --display-name "My bookmark" \ +--labels "Tag1" "Tag2" --notes "Found a suspicious activity" --query "SecurityEvent | where TimeGenerated > ago(1d) \ +and TimeGenerated < ago(2d)" --query-result "Security Event query result" --updated "2019-01-01T13:15:30Z" --object-id \ +"2046feea-040d-4a46-9e2b-91c2941bfa70" --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" """ helps['sentinel bookmark update'] = """ @@ -304,13 +314,13 @@ examples: - name: Delete a bookmark. text: |- - az sentinel bookmark delete --bookmark-id "{id}" --resource-group \ + az sentinel bookmark delete --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ "myRg" --workspace-name "myWorkspace" """ helps['sentinel data-connector'] = """ type: group - short-summary: sentinel data-connector + short-summary: Manage data connector with sentinel """ helps['sentinel data-connector list'] = """ @@ -326,10 +336,38 @@ type: command short-summary: "Gets a data connector." examples: - - name: Get a data connector. + - name: Get a ASC data connector. + text: |- + az sentinel data-connector show --data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get a MCAS data connector. + text: |- + az sentinel data-connector show --data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get a MDATP data connector + text: |- + az sentinel data-connector show --data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get a TI data connector. text: |- - az sentinel data-connector show --data-connector-id "{id}" --resource-group "myRg" \ - --workspace-name "myWorkspace" + az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an AAD data connector. + text: |- + az sentinel data-connector show --data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an AATP data connector. + text: |- + az sentinel data-connector show --data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an AwsCloudTrail data connector. + text: |- + az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an Office365 data connector. + text: |- + az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--resource-group "myRg" --workspace-name "myWorkspace" """ helps['sentinel data-connector create'] = """ @@ -375,12 +413,13 @@ - name: --mcas-data-connector short-summary: "Represents MCAS (Microsoft Cloud App Security) data connector." long-summary: | - Usage: --mcas-data-connector tenant-id=XX state-data-types-alerts-state=XX state-data-types-discovery-logs-\ -state=XX kind=XX etag=XX + Usage: --mcas-data-connector tenant-id=XX state-properties-data-types-alerts-state=XX \ +state-properties-data-types-discovery-logs-state=XX kind=XX etag=XX tenant-id: The tenant id to connect to, and get the data from. - state-data-types-alerts-state: Describe whether this data type connection is enabled or not. - state-data-types-discovery-logs-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-alerts-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-discovery-logs-state: Describe whether this data type connection is enabled or \ +not. kind: Required. The data connector kind etag: Etag of the azure resource - name: --mdatp-data-connector @@ -395,12 +434,14 @@ - name: --office-data-connector short-summary: "Represents office data connector." long-summary: | - Usage: --office-data-connector tenant-id=XX state-data-types-share-point-state=XX \ -state-data-types-exchange-state=XX kind=XX etag=XX + Usage: --office-data-connector tenant-id=XX state-properties-data-types-teams-state=XX \ +state-properties-data-types-share-point-state=XX state-properties-data-types-exchange-state=XX kind=XX etag=XX tenant-id: The tenant id to connect to, and get the data from. - state-data-types-share-point-state: Describe whether this data type connection is enabled or not. - state-data-types-exchange-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-teams-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-share-point-state: Describe whether this data type connection is enabled or \ +not. + state-properties-data-types-exchange-state: Describe whether this data type connection is enabled or not. kind: Required. The data connector kind etag: Etag of the azure resource - name: --ti-data-connector @@ -415,8 +456,9 @@ examples: - name: Creates or updates an Office365 data connector. text: |- - az sentinel data-connector create --office-data-connector etag="{etag}" \ - tenant-id="{tenant-id}" --data-connector-id "{id}" --resource-group "myRg" --workspace-name "myWorkspace" + az sentinel data-connector create --office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\ +\\"" tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" state-properties-data-types-exchange-state="Enabled" \ +--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" """ helps['sentinel data-connector update'] = """ @@ -462,12 +504,13 @@ - name: --mcas-data-connector short-summary: "Represents MCAS (Microsoft Cloud App Security) data connector." long-summary: | - Usage: --mcas-data-connector tenant-id=XX state-data-types-alerts-state=XX state-data-types-discovery-logs-\ -state=XX kind=XX etag=XX + Usage: --mcas-data-connector tenant-id=XX state-properties-data-types-alerts-state=XX \ +state-properties-data-types-discovery-logs-state=XX kind=XX etag=XX tenant-id: The tenant id to connect to, and get the data from. - state-data-types-alerts-state: Describe whether this data type connection is enabled or not. - state-data-types-discovery-logs-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-alerts-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-discovery-logs-state: Describe whether this data type connection is enabled or \ +not. kind: Required. The data connector kind etag: Etag of the azure resource - name: --mdatp-data-connector @@ -482,12 +525,14 @@ - name: --office-data-connector short-summary: "Represents office data connector." long-summary: | - Usage: --office-data-connector tenant-id=XX state-data-types-share-point-state=XX \ -state-data-types-exchange-state=XX kind=XX etag=XX + Usage: --office-data-connector tenant-id=XX state-properties-data-types-teams-state=XX \ +state-properties-data-types-share-point-state=XX state-properties-data-types-exchange-state=XX kind=XX etag=XX tenant-id: The tenant id to connect to, and get the data from. - state-data-types-share-point-state: Describe whether this data type connection is enabled or not. - state-data-types-exchange-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-teams-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-share-point-state: Describe whether this data type connection is enabled or \ +not. + state-properties-data-types-exchange-state: Describe whether this data type connection is enabled or not. kind: Required. The data connector kind etag: Etag of the azure resource - name: --ti-data-connector @@ -505,15 +550,15 @@ type: command short-summary: "Delete the data connector." examples: - - name: Delete a data connector. + - name: Delete an Office365 data connector. text: |- - az sentinel data-connector delete --data-connector-id "{id}" --resource-group "myRg" \ - --workspace-name "myWorkspace" + az sentinel data-connector delete --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--resource-group "myRg" --workspace-name "myWorkspace" """ helps['sentinel incident'] = """ type: group - short-summary: sentinel incident + short-summary: Manage incident with sentinel """ helps['sentinel incident list'] = """ @@ -532,7 +577,8 @@ examples: - name: Get an incident. text: |- - az sentinel incident show --incident-id "{id}" --resource-group "myRg" --workspace-name "myWorkspace" + az sentinel incident show --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" """ helps['sentinel incident create'] = """ @@ -559,11 +605,11 @@ examples: - name: Creates or updates an incident. text: |- - az sentinel incident create --etag "{etag}" --description "This is \ + az sentinel incident create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --description "This is \ a demo incident" --classification "FalsePositive" --classification-comment "Not a malicious activity" \ --classification-reason "IncorrectAlertLogic" --first-activity-time-utc "2019-01-01T13:00:30Z" \ ---last-activity-time-utc "2019-01-01T13:05:30Z" --owner object-id="{oid}" --severity \ -"High" --status "Closed" --title "My incident" --incident-id "{id}" --resource-group \ +--last-activity-time-utc "2019-01-01T13:05:30Z" --owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" --severity \ +"High" --status "Closed" --title "My incident" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ "myRg" --workspace-name "myWorkspace" """ @@ -596,13 +642,13 @@ examples: - name: Delete an incident. text: |- - az sentinel incident delete --incident-id "{id}" --resource-group \ + az sentinel incident delete --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ "myRg" --workspace-name "myWorkspace" """ helps['sentinel incident-comment'] = """ type: group - short-summary: sentinel incident-comment + short-summary: Manage incident comment with sentinel """ helps['sentinel incident-comment list'] = """ @@ -611,7 +657,7 @@ examples: - name: Get all incident comments. text: |- - az sentinel incident-comment list --incident-id "{id}" --resource-group \ + az sentinel incident-comment list --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ "myRg" --workspace-name "myWorkspace" """ @@ -621,8 +667,8 @@ examples: - name: Get an incident comment. text: |- - az sentinel incident-comment show --incident-comment-id "{comment-id}" \ ---incident-id "{id}" --resource-group "myRg" --workspace-name "myWorkspace" + az sentinel incident-comment show --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" \ +--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" """ helps['sentinel incident-comment create'] = """ @@ -632,6 +678,6 @@ - name: Creates an incident comment. text: |- az sentinel incident-comment create --message "Some message" --incident-comment-id \ -"4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id "{id}" --resource-group "myRg" \ +"4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ --workspace-name "myWorkspace" """ diff --git a/src/securityinsight/azext_sentinel/generated/_params.py b/src/securityinsight/azext_sentinel/generated/_params.py index 8cf66c08483..a74d9aae19d 100644 --- a/src/securityinsight/azext_sentinel/generated/_params.py +++ b/src/securityinsight/azext_sentinel/generated/_params.py @@ -52,24 +52,24 @@ def load_arguments(self, _): c.argument('logic_app_resource_id', type=str, help='Logic App Resource Id, /subscriptions/{my-subscription}/res' 'ourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.') c.argument('trigger_uri', type=str, help='Logic App Callback URL for this specific workflow.') - c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='*', help='Represents Fusion alert rule.', + c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='+', help='Represents Fusion alert rule.', arg_group='AlertRule') c.argument('microsoft_security_incident_creation_alert_rule', - action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='*', help='Represents ' + action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='+', help='Represents ' 'MicrosoftSecurityIncidentCreation rule.', arg_group='AlertRule') - c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='*', help='Represents scheduled alert ' + c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='+', help='Represents scheduled alert ' 'rule.', arg_group='AlertRule') with self.argument_context('sentinel alert-rule update') as c: c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') - c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='*', help='Represents Fusion alert rule.', + c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='+', help='Represents Fusion alert rule.', arg_group='AlertRule') c.argument('microsoft_security_incident_creation_alert_rule', - action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='*', help='Represents ' + action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='+', help='Represents ' 'MicrosoftSecurityIncidentCreation rule.', arg_group='AlertRule') - c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='*', help='Represents scheduled alert ' + c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='+', help='Represents scheduled alert ' 'rule.', arg_group='AlertRule') with self.argument_context('sentinel alert-rule delete') as c: @@ -78,7 +78,7 @@ def load_arguments(self, _): c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') c.argument('action_id', type=str, help='Action ID', id_part='child_name_2') - with self.argument_context('sentinel alert-rule get-action') as c: + with self.argument_context('sentinel alert-rule show-action') as c: c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') @@ -114,14 +114,15 @@ def load_arguments(self, _): c.argument('etag', type=str, help='Etag of the azure resource') c.argument('created', help='The time the bookmark was created') c.argument('display_name', type=str, help='The display name of the bookmark') - c.argument('labels', nargs='*', help='List of labels relevant to this bookmark') + c.argument('labels', nargs='+', help='List of labels relevant to this bookmark') c.argument('notes', type=str, help='The notes of the bookmark') - c.argument('query_content', options_list=['-q'], type=str, help='The query of the bookmark.') + c.argument('query', type=str, help='The query of the bookmark.') c.argument('query_result', type=str, help='The query result of the bookmark.') c.argument('updated', help='The last time the bookmark was updated') - c.argument('incident_info', action=AddIncidentInfo, nargs='*', help='Describes an incident that relates to ' + c.argument('incident_info', action=AddIncidentInfo, nargs='+', help='Describes an incident that relates to ' 'bookmark') - c.argument('updated_by_object_id', help='The object id of the user.') + c.argument('object_id', help='The object id of the user.', arg_group='Updated By') + c.argument('user_info_object_id', help='The object id of the user.', arg_group='Created By') with self.argument_context('sentinel bookmark update') as c: c.argument('resource_group_name', resource_group_name_type) @@ -130,14 +131,16 @@ def load_arguments(self, _): c.argument('etag', type=str, help='Etag of the azure resource') c.argument('created', help='The time the bookmark was created') c.argument('display_name', type=str, help='The display name of the bookmark') - c.argument('labels', nargs='*', help='List of labels relevant to this bookmark') + c.argument('labels', nargs='+', help='List of labels relevant to this bookmark') c.argument('notes', type=str, help='The notes of the bookmark') - c.argument('query_content', options_list=['-q'], type=str, help='The query of the bookmark.') + c.argument('query', type=str, help='The query of the bookmark.') c.argument('query_result', type=str, help='The query result of the bookmark.') c.argument('updated', help='The last time the bookmark was updated') - c.argument('incident_info', action=AddIncidentInfo, nargs='*', help='Describes an incident that relates to ' + c.argument('incident_info', action=AddIncidentInfo, nargs='+', help='Describes an incident that relates to ' 'bookmark') - c.argument('updated_by_object_id', help='The object id of the user.') + c.argument('object_id', help='The object id of the user.', arg_group='Updated By') + c.argument('user_info_object_id', help='The object id of the user.', arg_group='Created By') + c.ignore('bookmark') with self.argument_context('sentinel bookmark delete') as c: c.argument('resource_group_name', resource_group_name_type) @@ -157,42 +160,42 @@ def load_arguments(self, _): c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.') c.argument('data_connector_id', type=str, help='Connector ID') - c.argument('aad_data_connector', action=AddAadDataConnector, nargs='*', help='Represents AAD (Azure Active ' + c.argument('aad_data_connector', action=AddAadDataConnector, nargs='+', help='Represents AAD (Azure Active ' 'Directory) data connector.', arg_group='DataConnector') - c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='*', help='Represents AATP (Azure ' + c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='+', help='Represents AATP (Azure ' 'Advanced Threat Protection) data connector.', arg_group='DataConnector') - c.argument('asc_data_connector', action=AddAscDataConnector, nargs='*', help='Represents ASC (Azure Security ' + c.argument('asc_data_connector', action=AddAscDataConnector, nargs='+', help='Represents ASC (Azure Security ' 'Center) data connector.', arg_group='DataConnector') - c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='*', help='Represents ' + c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='+', help='Represents ' 'Amazon Web Services CloudTrail data connector.', arg_group='DataConnector') - c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='*', help='Represents MCAS (Microsoft ' + c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='+', help='Represents MCAS (Microsoft ' 'Cloud App Security) data connector.', arg_group='DataConnector') - c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='*', help='Represents MDATP (Microsoft ' + c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='+', help='Represents MDATP (Microsoft ' 'Defender Advanced Threat Protection) data connector.', arg_group='DataConnector') - c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='*', help='Represents office data ' + c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='+', help='Represents office data ' 'connector.', arg_group='DataConnector') - c.argument('ti_data_connector', action=AddTiDataConnector, nargs='*', help='Represents threat intelligence ' + c.argument('ti_data_connector', action=AddTiDataConnector, nargs='+', help='Represents threat intelligence ' 'data connector.', arg_group='DataConnector') with self.argument_context('sentinel data-connector update') as c: c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') c.argument('data_connector_id', type=str, help='Connector ID', id_part='child_name_1') - c.argument('aad_data_connector', action=AddAadDataConnector, nargs='*', help='Represents AAD (Azure Active ' + c.argument('aad_data_connector', action=AddAadDataConnector, nargs='+', help='Represents AAD (Azure Active ' 'Directory) data connector.', arg_group='DataConnector') - c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='*', help='Represents AATP (Azure ' + c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='+', help='Represents AATP (Azure ' 'Advanced Threat Protection) data connector.', arg_group='DataConnector') - c.argument('asc_data_connector', action=AddAscDataConnector, nargs='*', help='Represents ASC (Azure Security ' + c.argument('asc_data_connector', action=AddAscDataConnector, nargs='+', help='Represents ASC (Azure Security ' 'Center) data connector.', arg_group='DataConnector') - c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='*', help='Represents ' + c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='+', help='Represents ' 'Amazon Web Services CloudTrail data connector.', arg_group='DataConnector') - c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='*', help='Represents MCAS (Microsoft ' + c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='+', help='Represents MCAS (Microsoft ' 'Cloud App Security) data connector.', arg_group='DataConnector') - c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='*', help='Represents MDATP (Microsoft ' + c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='+', help='Represents MDATP (Microsoft ' 'Defender Advanced Threat Protection) data connector.', arg_group='DataConnector') - c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='*', help='Represents office data ' + c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='+', help='Represents office data ' 'connector.', arg_group='DataConnector') - c.argument('ti_data_connector', action=AddTiDataConnector, nargs='*', help='Represents threat intelligence ' + c.argument('ti_data_connector', action=AddTiDataConnector, nargs='+', help='Represents threat intelligence ' 'data connector.', arg_group='DataConnector') with self.argument_context('sentinel data-connector delete') as c: @@ -222,18 +225,18 @@ def load_arguments(self, _): c.argument('workspace_name', type=str, help='The name of the workspace.') c.argument('incident_id', type=str, help='Incident ID') c.argument('etag', type=str, help='Etag of the azure resource') - c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', '' + c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive']), help='The reason the incident was ' 'closed') c.argument('classification_comment', type=str, help='Describes the reason the incident was closed') - c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', '' - 'IncorrectAlertLogic', 'InaccurateData']), help='' - 'The classification reason the incident was closed with') + c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', + 'IncorrectAlertLogic', 'InaccurateData']), + help='The classification reason the incident was closed with') c.argument('description', type=str, help='The description of the incident') c.argument('first_activity_time_utc', help='The time of the first activity in the incident') - c.argument('labels', action=AddLabels, nargs='*', help='List of labels relevant to this incident') + c.argument('labels', action=AddLabels, nargs='+', help='List of labels relevant to this incident') c.argument('last_activity_time_utc', help='The time of the last activity in the incident') - c.argument('owner', action=AddOwner, nargs='*', help='Describes a user that the incident is assigned to') + c.argument('owner', action=AddOwner, nargs='+', help='Describes a user that the incident is assigned to') c.argument('severity', arg_type=get_enum_type(['High', 'Medium', 'Low', 'Informational']), help='The severity ' 'of the incident') c.argument('status', arg_type=get_enum_type(['New', 'Active', 'Closed']), help='The status of the incident') @@ -244,22 +247,23 @@ def load_arguments(self, _): c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') c.argument('incident_id', type=str, help='Incident ID', id_part='child_name_1') c.argument('etag', type=str, help='Etag of the azure resource') - c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', '' + c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive']), help='The reason the incident was ' 'closed') c.argument('classification_comment', type=str, help='Describes the reason the incident was closed') - c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', '' - 'IncorrectAlertLogic', 'InaccurateData']), help='' - 'The classification reason the incident was closed with') + c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', + 'IncorrectAlertLogic', 'InaccurateData']), + help='The classification reason the incident was closed with') c.argument('description', type=str, help='The description of the incident') c.argument('first_activity_time_utc', help='The time of the first activity in the incident') - c.argument('labels', action=AddLabels, nargs='*', help='List of labels relevant to this incident') + c.argument('labels', action=AddLabels, nargs='+', help='List of labels relevant to this incident') c.argument('last_activity_time_utc', help='The time of the last activity in the incident') - c.argument('owner', action=AddOwner, nargs='*', help='Describes a user that the incident is assigned to') + c.argument('owner', action=AddOwner, nargs='+', help='Describes a user that the incident is assigned to') c.argument('severity', arg_type=get_enum_type(['High', 'Medium', 'Low', 'Informational']), help='The severity ' 'of the incident') c.argument('status', arg_type=get_enum_type(['New', 'Active', 'Closed']), help='The status of the incident') c.argument('title', type=str, help='The title of the incident') + c.ignore('incident') with self.argument_context('sentinel incident delete') as c: c.argument('resource_group_name', resource_group_name_type) diff --git a/src/securityinsight/azext_sentinel/generated/action.py b/src/securityinsight/azext_sentinel/generated/action.py index 6fa9f30cb9b..5516e098fbb 100644 --- a/src/securityinsight/azext_sentinel/generated/action.py +++ b/src/securityinsight/azext_sentinel/generated/action.py @@ -37,6 +37,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['enabled'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter fusion_alert_rule. All possible keys are: ' + 'alert-rule-template-name, enabled, etag'.format(k)) d['kind'] = 'Fusion' return d @@ -76,6 +79,11 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['enabled'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter microsoft_security_incident_creation_alert' + '_rule. All possible keys are: display-names-filter, display-names-exclude-filter, ' + 'product-filter, severities-filter, alert-rule-template-name, description, ' + 'display-name, enabled, etag'.format(k)) d['kind'] = 'MicrosoftSecurityIncidentCreation' return d @@ -125,6 +133,11 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['tactics'] = v elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter scheduled_alert_rule. All possible keys ' + 'are: query, query-frequency, query-period, severity, trigger-operator, ' + 'trigger-threshold, alert-rule-template-name, description, display-name, enabled, ' + 'suppression-duration, suppression-enabled, tactics, etag'.format(k)) d['kind'] = 'Scheduled' return d @@ -154,6 +167,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['title'] = v[0] elif kl == 'relation-name': d['relation_name'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter incident_info. All possible keys are: ' + 'incident-id, severity, title, relation-name'.format(k)) return d @@ -180,6 +196,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter aad_data_connector. All possible keys ' + 'are: tenant-id, state, etag'.format(k)) d['kind'] = 'AzureActiveDirectory' return d @@ -207,6 +226,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter aatp_data_connector. All possible keys ' + 'are: tenant-id, state, etag'.format(k)) d['kind'] = 'AzureAdvancedThreatProtection' return d @@ -234,6 +256,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter asc_data_connector. All possible keys ' + 'are: subscription-id, state, etag'.format(k)) d['kind'] = 'AzureSecurityCenter' return d @@ -261,6 +286,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter aws_cloud_trail_data_connector. All ' + 'possible keys are: aws-role-arn, state, etag'.format(k)) d['kind'] = 'AmazonWebServicesCloudTrail' return d @@ -284,12 +312,16 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use v = properties[k] if kl == 'tenant-id': d['tenant_id'] = v[0] - elif kl == 'state-data-types-alerts-state': - d['state_data_types_alerts_state'] = v[0] - elif kl == 'state-data-types-discovery-logs-state': - d['state_data_types_discovery_logs_state'] = v[0] + elif kl == 'state-properties-data-types-alerts-state': + d['undefined'] = v[0] + elif kl == 'state-properties-data-types-discovery-logs-state': + d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter mcas_data_connector. All possible keys ' + 'are: tenant-id, state-properties-data-types-alerts-state, ' + 'state-properties-data-types-discovery-logs-state, etag'.format(k)) d['kind'] = 'MicrosoftCloudAppSecurity' return d @@ -317,6 +349,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter mdatp_data_connector. All possible keys ' + 'are: tenant-id, state, etag'.format(k)) d['kind'] = 'MicrosoftDefenderAdvancedThreatProtection' return d @@ -334,25 +369,26 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use properties = dict(properties) except ValueError: raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) - d = { - 'dataTypes': { - 'sharePoint': {'state': 'Disabled'}, - 'exchange': {'state': 'Disabled'} - } - } + d = {} for k in properties: kl = k.lower() v = properties[k] if kl == 'tenant-id': - d['tenantId'] = v[0] - elif kl == 'sharepoint-enabled': - d['dataTypes']['sharePoint']['state'] = 'Enabled' - elif kl == 'exchange-enabled': - d['dataTypes']['exchange']['state'] = 'Enabled' + d['tenant_id'] = v[0] + elif kl == 'state-properties-data-types-teams-state': + d['state'] = v[0] + elif kl == 'state-properties-data-types-share-point-state': + d['state'] = v[0] + elif kl == 'state-properties-data-types-exchange-state': + d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter office_data_connector. All possible keys ' + 'are: tenant-id, state-properties-data-types-teams-state, ' + 'state-properties-data-types-share-point-state, state-properties-data-types-exchange-sta' + 'te, etag'.format(k)) d['kind'] = 'Office365' - print(d) return d @@ -379,6 +415,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter ti_data_connector. All possible keys are: ' + 'tenant-id, state, etag'.format(k)) d['kind'] = 'ThreatIntelligence' return d @@ -402,6 +441,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use v = properties[k] if kl == 'label-name': d['label_name'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter labels. All possible keys are: label-name' + .format(k)) return d @@ -430,4 +472,7 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['object_id'] = v[0] elif kl == 'user-principal-name': d['user_principal_name'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter owner. All possible keys are: email, ' + 'assigned-to, object-id, user-principal-name'.format(k)) return d diff --git a/src/securityinsight/azext_sentinel/generated/commands.py b/src/securityinsight/azext_sentinel/generated/commands.py index f8dac3f83d6..935d968b584 100644 --- a/src/securityinsight/azext_sentinel/generated/commands.py +++ b/src/securityinsight/azext_sentinel/generated/commands.py @@ -17,84 +17,82 @@ def load_command_table(self, _): from azext_sentinel.generated._client_factory import cf_alert_rule sentinel_alert_rule = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_operations#AlertRuleOperat' - 'ions.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rules_operations#AlertRulesOper' + 'ations.{}', client_factory=cf_alert_rule) - with self.command_group('sentinel alert-rule', sentinel_alert_rule, client_factory=cf_alert_rule, - is_experimental=True) as g: + with self.command_group('sentinel alert-rule', sentinel_alert_rule, client_factory=cf_alert_rule) as g: g.custom_command('list', 'sentinel_alert_rule_list') g.custom_show_command('show', 'sentinel_alert_rule_show') g.custom_command('create', 'sentinel_alert_rule_create') - g.generic_update_command('update', setter_arg_name='alert_rule', - custom_func_name='sentinel_alert_rule_update') + g.custom_command('update', 'sentinel_alert_rule_update') g.custom_command('delete', 'sentinel_alert_rule_delete', confirmation=True) - g.custom_command('get-action', 'sentinel_alert_rule_get_action') + g.custom_command('show-action', 'sentinel_alert_rule_show_action') from azext_sentinel.generated._client_factory import cf_action sentinel_action = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._action_operations#ActionOperations.{}' - '', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._actions_operations#ActionsOperations.' + '{}', client_factory=cf_action) - with self.command_group('sentinel action', sentinel_action, client_factory=cf_action, is_experimental=True) as g: + with self.command_group('sentinel action', sentinel_action, client_factory=cf_action) as g: g.custom_command('list', 'sentinel_action_list') from azext_sentinel.generated._client_factory import cf_alert_rule_template sentinel_alert_rule_template = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_template_operations#AlertR' - 'uleTemplateOperations.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_templates_operations#Alert' + 'RuleTemplatesOperations.{}', client_factory=cf_alert_rule_template) with self.command_group('sentinel alert-rule-template', sentinel_alert_rule_template, - client_factory=cf_alert_rule_template, is_experimental=True) as g: + client_factory=cf_alert_rule_template) as g: g.custom_command('list', 'sentinel_alert_rule_template_list') g.custom_show_command('show', 'sentinel_alert_rule_template_show') from azext_sentinel.generated._client_factory import cf_bookmark sentinel_bookmark = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._bookmark_operations#BookmarkOperation' - 's.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._bookmarks_operations#BookmarksOperati' + 'ons.{}', client_factory=cf_bookmark) - with self.command_group('sentinel bookmark', sentinel_bookmark, client_factory=cf_bookmark, - is_experimental=True) as g: + with self.command_group('sentinel bookmark', sentinel_bookmark, client_factory=cf_bookmark) as g: g.custom_command('list', 'sentinel_bookmark_list') g.custom_show_command('show', 'sentinel_bookmark_show') g.custom_command('create', 'sentinel_bookmark_create') - g.custom_command('update', 'sentinel_bookmark_update') + g.generic_update_command('update', setter_arg_name='bookmark', custom_func_name='sentinel_bookmark_update') g.custom_command('delete', 'sentinel_bookmark_delete', confirmation=True) from azext_sentinel.generated._client_factory import cf_data_connector sentinel_data_connector = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._data_connector_operations#DataConnect' - 'orOperations.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._data_connectors_operations#DataConnec' + 'torsOperations.{}', client_factory=cf_data_connector) - with self.command_group('sentinel data-connector', sentinel_data_connector, client_factory=cf_data_connector, - is_experimental=True) as g: + with self.command_group('sentinel data-connector', sentinel_data_connector, + client_factory=cf_data_connector) as g: g.custom_command('list', 'sentinel_data_connector_list') g.custom_show_command('show', 'sentinel_data_connector_show') g.custom_command('create', 'sentinel_data_connector_create') - g.generic_update_command('update', setter_arg_name='data_connector', custom_func_name='' - 'sentinel_data_connector_update') + g.custom_command('update', 'sentinel_data_connector_update') g.custom_command('delete', 'sentinel_data_connector_delete', confirmation=True) from azext_sentinel.generated._client_factory import cf_incident sentinel_incident = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_operations#IncidentOperation' - 's.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incidents_operations#IncidentsOperati' + 'ons.{}', client_factory=cf_incident) - with self.command_group('sentinel incident', sentinel_incident, client_factory=cf_incident, - is_experimental=True) as g: + with self.command_group('sentinel incident', sentinel_incident, client_factory=cf_incident) as g: g.custom_command('list', 'sentinel_incident_list') g.custom_show_command('show', 'sentinel_incident_show') g.custom_command('create', 'sentinel_incident_create') - g.custom_command('update', 'sentinel_incident_update') + g.generic_update_command('update', setter_arg_name='incident', custom_func_name='sentinel_incident_update') g.custom_command('delete', 'sentinel_incident_delete', confirmation=True) from azext_sentinel.generated._client_factory import cf_incident_comment sentinel_incident_comment = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_comment_operations#IncidentC' - 'ommentOperations.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_comments_operations#Incident' + 'CommentsOperations.{}', client_factory=cf_incident_comment) - with self.command_group('sentinel incident-comment', sentinel_incident_comment, client_factory=cf_incident_comment, - is_experimental=True) as g: + with self.command_group('sentinel incident-comment', sentinel_incident_comment, + client_factory=cf_incident_comment) as g: g.custom_command('list', 'sentinel_incident_comment_list') g.custom_show_command('show', 'sentinel_incident_comment_show') g.custom_command('create', 'sentinel_incident_comment_create') + + with self.command_group('sentinel', is_experimental=True): + pass diff --git a/src/securityinsight/azext_sentinel/generated/custom.py b/src/securityinsight/azext_sentinel/generated/custom.py index f0bd94de342..a03a0d4fed0 100644 --- a/src/securityinsight/azext_sentinel/generated/custom.py +++ b/src/securityinsight/azext_sentinel/generated/custom.py @@ -40,6 +40,10 @@ def sentinel_alert_rule_create(client, fusion_alert_rule=None, microsoft_security_incident_creation_alert_rule=None, scheduled_alert_rule=None): + action = {} + action['etag'] = etag + action['logic_app_resource_id'] = logic_app_resource_id + action['trigger_uri'] = trigger_uri all_alert_rule = [] if fusion_alert_rule is not None: all_alert_rule.append(fusion_alert_rule) @@ -56,23 +60,38 @@ def sentinel_alert_rule_create(client, workspace_name=workspace_name, rule_id=rule_id, action_id=action_id, - etag=etag, - logic_app_resource_id=logic_app_resource_id, - trigger_uri=trigger_uri) + action=action) return client.create_or_update(resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, alert_rule=alert_rule) -def sentinel_alert_rule_update(instance, +def sentinel_alert_rule_update(client, resource_group_name, workspace_name, rule_id, fusion_alert_rule=None, microsoft_security_incident_creation_alert_rule=None, scheduled_alert_rule=None): - return instance + all_alert_rule = [] + if fusion_alert_rule is not None: + all_alert_rule.append(fusion_alert_rule) + if microsoft_security_incident_creation_alert_rule is not None: + all_alert_rule.append(microsoft_security_incident_creation_alert_rule) + if scheduled_alert_rule is not None: + all_alert_rule.append(scheduled_alert_rule) + if len(all_alert_rule) > 1: + raise CLIError('at most one of fusion_alert_rule, microsoft_security_incident_creation_alert_rule, ' + 'scheduled_alert_rule is needed for alert_rule!') + if len(all_alert_rule) != 1: + raise CLIError('alert_rule is required. but none of fusion_alert_rule, microsoft_security_incident_creation_ale' + 'rt_rule, scheduled_alert_rule is provided!') + alert_rule = all_alert_rule[0] if len(all_alert_rule) == 1 else None + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + alert_rule=alert_rule) def sentinel_alert_rule_delete(client, @@ -90,11 +109,11 @@ def sentinel_alert_rule_delete(client, rule_id=rule_id) -def sentinel_alert_rule_get_action(client, - resource_group_name, - workspace_name, - rule_id, - action_id): +def sentinel_alert_rule_show_action(client, + resource_group_name, + workspace_name, + rule_id, + action_id): return client.get_action(resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, @@ -151,27 +170,33 @@ def sentinel_bookmark_create(client, display_name=None, labels=None, notes=None, - query_content=None, + query=None, query_result=None, updated=None, incident_info=None, - updated_by_object_id=None): + object_id=None, + user_info_object_id=None): + bookmark = {} + bookmark['etag'] = etag + bookmark['created'] = created + bookmark['display_name'] = display_name + bookmark['labels'] = labels + bookmark['notes'] = notes + bookmark['query'] = query + bookmark['query_result'] = query_result + bookmark['updated'] = updated + bookmark['incident_info'] = incident_info + bookmark['updated_by'] = {} + bookmark['updated_by']['object_id'] = object_id + bookmark['created_by'] = {} + bookmark['created_by']['object_id'] = user_info_object_id return client.create_or_update(resource_group_name=resource_group_name, workspace_name=workspace_name, bookmark_id=bookmark_id, - etag=etag, - created=created, - display_name=display_name, - labels=labels, - notes=notes, - query=query_content, - query_result=query_result, - updated=updated, - incident_info=incident_info, - object_id=updated_by_object_id) - - -def sentinel_bookmark_update(client, + bookmark=bookmark) + + +def sentinel_bookmark_update(instance, resource_group_name, workspace_name, bookmark_id, @@ -180,24 +205,35 @@ def sentinel_bookmark_update(client, display_name=None, labels=None, notes=None, - query_content=None, + query=None, query_result=None, updated=None, incident_info=None, - updated_by_object_id=None): - return client.create_or_update(resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - etag=etag, - created=created, - display_name=display_name, - labels=labels, - notes=notes, - query=query_content, - query_result=query_result, - updated=updated, - incident_info=incident_info, - object_id=updated_by_object_id) + object_id=None, + user_info_object_id=None): + if etag is not None: + instance.etag = etag + if created is not None: + instance.created = created + if display_name is not None: + instance.display_name = display_name + if labels is not None: + instance.labels = labels + if notes is not None: + instance.notes = notes + if query is not None: + instance.query = query + if query_result is not None: + instance.query_result = query_result + if updated is not None: + instance.updated = updated + if incident_info is not None: + instance.incident_info = incident_info + if object_id is not None: + instance.updated_by.object_id = object_id + if user_info_object_id is not None: + instance.created_by.object_id = user_info_object_id + return instance def sentinel_bookmark_delete(client, @@ -269,7 +305,7 @@ def sentinel_data_connector_create(client, data_connector=data_connector) -def sentinel_data_connector_update(instance, +def sentinel_data_connector_update(client, resource_group_name, workspace_name, data_connector_id, @@ -281,7 +317,36 @@ def sentinel_data_connector_update(instance, mdatp_data_connector=None, office_data_connector=None, ti_data_connector=None): - return instance + all_data_connector = [] + if aad_data_connector is not None: + all_data_connector.append(aad_data_connector) + if aatp_data_connector is not None: + all_data_connector.append(aatp_data_connector) + if asc_data_connector is not None: + all_data_connector.append(asc_data_connector) + if aws_cloud_trail_data_connector is not None: + all_data_connector.append(aws_cloud_trail_data_connector) + if mcas_data_connector is not None: + all_data_connector.append(mcas_data_connector) + if mdatp_data_connector is not None: + all_data_connector.append(mdatp_data_connector) + if office_data_connector is not None: + all_data_connector.append(office_data_connector) + if ti_data_connector is not None: + all_data_connector.append(ti_data_connector) + if len(all_data_connector) > 1: + raise CLIError('at most one of aad_data_connector, aatp_data_connector, asc_data_connector, ' + 'aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, ' + 'office_data_connector, ti_data_connector is needed for data_connector!') + if len(all_data_connector) != 1: + raise CLIError('data_connector is required. but none of aad_data_connector, aatp_data_connector, ' + 'asc_data_connector, aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, ' + 'office_data_connector, ti_data_connector is provided!') + data_connector = all_data_connector[0] if len(all_data_connector) == 1 else None + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id, + data_connector=data_connector) def sentinel_data_connector_delete(client, @@ -333,24 +398,26 @@ def sentinel_incident_create(client, severity=None, status=None, title=None): + incident = {} + incident['etag'] = etag + incident['classification'] = classification + incident['classification_comment'] = classification_comment + incident['classification_reason'] = classification_reason + incident['description'] = description + incident['first_activity_time_utc'] = first_activity_time_utc + incident['labels'] = labels + incident['last_activity_time_utc'] = last_activity_time_utc + incident['owner'] = owner + incident['severity'] = severity + incident['status'] = status + incident['title'] = title return client.create_or_update(resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, - etag=etag, - classification=classification, - classification_comment=classification_comment, - classification_reason=classification_reason, - description=description, - first_activity_time_utc=first_activity_time_utc, - labels=labels, - last_activity_time_utc=last_activity_time_utc, - owner=owner, - severity=severity, - status=status, - title=title) - - -def sentinel_incident_update(client, + incident=incident) + + +def sentinel_incident_update(instance, resource_group_name, workspace_name, incident_id, @@ -366,21 +433,31 @@ def sentinel_incident_update(client, severity=None, status=None, title=None): - return client.create_or_update(resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - etag=etag, - classification=classification, - classification_comment=classification_comment, - classification_reason=classification_reason, - description=description, - first_activity_time_utc=first_activity_time_utc, - labels=labels, - last_activity_time_utc=last_activity_time_utc, - owner=owner, - severity=severity, - status=status, - title=title) + if etag is not None: + instance.etag = etag + if classification is not None: + instance.classification = classification + if classification_comment is not None: + instance.classification_comment = classification_comment + if classification_reason is not None: + instance.classification_reason = classification_reason + if description is not None: + instance.description = description + if first_activity_time_utc is not None: + instance.first_activity_time_utc = first_activity_time_utc + if labels is not None: + instance.labels = labels + if last_activity_time_utc is not None: + instance.last_activity_time_utc = last_activity_time_utc + if owner is not None: + instance.owner = owner + if severity is not None: + instance.severity = severity + if status is not None: + instance.status = status + if title is not None: + instance.title = title + return instance def sentinel_incident_delete(client, @@ -426,8 +503,10 @@ def sentinel_incident_comment_create(client, incident_id, incident_comment_id, message=None): + incident_comment = {} + incident_comment['message'] = message return client.create_comment(resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, incident_comment_id=incident_comment_id, - message=message) + incident_comment=incident_comment) diff --git a/src/securityinsight/azext_sentinel/tests/__init__.py b/src/securityinsight/azext_sentinel/tests/__init__.py index 50e0627daff..70488e93851 100644 --- a/src/securityinsight/azext_sentinel/tests/__init__.py +++ b/src/securityinsight/azext_sentinel/tests/__init__.py @@ -31,8 +31,8 @@ def try_manual(func): def import_manual_function(origin_func): from importlib import import_module - decorated_path = inspect.getfile(origin_func) - module_path = __path__[0] + decorated_path = inspect.getfile(origin_func).lower() + module_path = __path__[0].lower() if not decorated_path.startswith(module_path): raise Exception("Decorator can only be used in submodules!") manual_path = os.path.join( @@ -46,7 +46,6 @@ def import_manual_function(origin_func): def get_func_to_call(): func_to_call = func try: - func_to_call = import_manual_function(func) func_to_call = import_manual_function(func) logger.info("Found manual override for %s(...)", func.__name__) except (ImportError, AttributeError): @@ -66,6 +65,9 @@ def wrapper(*args, **kwargs): ret = func_to_call(*args, **kwargs) except (AssertionError, AzureError, CliTestError, CliExecutionError, SystemExit, JMESPathCheckAssertionError) as e: + use_exception_cache = os.getenv("TEST_EXCEPTION_CACHE") + if use_exception_cache is None or use_exception_cache.lower() != "true": + raise test_map[func.__name__]["end_dt"] = dt.datetime.utcnow() test_map[func.__name__]["result"] = FAILED test_map[func.__name__]["error_message"] = str(e).replace("\r\n", " ").replace("\n", " ")[:500] diff --git a/src/securityinsight/gen.zip b/src/securityinsight/azext_sentinel/tests/latest/example_steps.py similarity index 67% rename from src/securityinsight/gen.zip rename to src/securityinsight/azext_sentinel/tests/latest/example_steps.py index a6dbc93f1dd..e160ce6e641 100644 Binary files a/src/securityinsight/gen.zip and b/src/securityinsight/azext_sentinel/tests/latest/example_steps.py differ diff --git a/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py b/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py index d6ccef5984d..f3f770fbc5f 100644 --- a/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py +++ b/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py @@ -10,552 +10,126 @@ import os from azure.cli.testsdk import ScenarioTest -from .. import try_manual, raise_if, calc_coverage from azure.cli.testsdk import ResourceGroupPreparer from azure_devtools.scenario_tests import AllowLargeResponse -TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..')) - - -# Env setup -@try_manual -def setup(test, rg): - test.kwargs.update({ - 'workspace': test.create_random_name('cli-test-ws-', 24) - }) - test.cmd('az monitor log-analytics workspace create -g {rg} -n {workspace}') - - -# EXAMPLE: /Actions/get/Get all actions of alert rule. -@try_manual -def step__actions_get_get_all_actions_of_alert_rule_(test, rg): - test.cmd('az sentinel action list ' - '--resource-group "{rg}" ' - '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /AlertRules/put/Creates or updates a Fusion alert rule. -@try_manual -def step__alertrules_put(test, rg): - test.cmd('az sentinel alert-rule create ' - '--fusion-alert-rule etag="3d00c3ca-0000-0100-0000-5d42d5010000" alert-rule-template-name="f71aba3d-28fb-4' - '50b-b192-4e76a83015c8" enabled=true ' - '--resource-group "{rg}" ' - '--rule-id "myFirstFusionRule" ' - '--workspace-name {workspace}', - checks=[ - test.check('enabled', True), - test.check('kind', 'Fusion'), - test.check('name', 'myFirstFusionRule') - ]) - - -# EXAMPLE: /AlertRules/put/Creates or updates a MicrosoftSecurityIncidentCreation rule. -@try_manual -def step__alertrules_put2(test, rg): - test.cmd('az sentinel alert-rule create ' - '--microsoft-security-incident-creation-alert-rule etag="260097e0-0000-0d00-0000-5d6fa88f0000" ' - 'product-filter="Microsoft Cloud App Security" display-name="testing displayname" enabled=true ' - '--resource-group "{rg}" ' - '--rule-id "microsoftSecurityIncidentCreationRuleExample" ' - '--workspace-name {workspace}', - checks=[ - test.check('enabled', True), - test.check('kind', 'MicrosoftSecurityIncidentCreation'), - test.check('name', 'microsoftSecurityIncidentCreationRuleExample'), - test.check('productFilter', 'Microsoft Cloud App Security'), - test.check('displayName', 'testing displayname') - ]) - - -# EXAMPLE: /AlertRules/put/Creates or updates a Scheduled alert rule. -@try_manual -def step__alertrules_put3(test, rg): - # BadRequestError: (BadRequest) Failed to run the alert rule query. One of the tables does not exist. - test.cmd('az sentinel alert-rule create ' - '--scheduled-alert-rule etag="0300bf09-0000-0000-0000-5c37296e0000" query="ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden“ ' - 'query-frequency="PT1H" query-period="P2DT1H30M" severity="High" ' - 'trigger-operator="GreaterThan" trigger-threshold=0 description="" display-name="Rule2" enabled=true ' - 'suppression-duration="PT1H" suppression-enabled=false tactics="Persistence" tactics="LateralMovement" ' - '--resource-group "{rg}" ' - '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /AlertRules/put/Creates or updates an action of alert rule. -@try_manual -def step__alertrules_put4(test, rg): - test.cmd('az sentinel alert-rule create ' - '--etag "0300bf09-0000-0000-0000-5c37296e0000" ' - '--logic-app-resource-id "/subscriptions/{subscription_id}/resourceGroups/{rg}/providers/Microsoft.Logic/w' - 'orkflows/MyAlerts" ' - '--trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d4' - '8d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signatur' - 'e" ' - '--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" ' - '--resource-group "{rg}" ' - '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /AlertRules/get/Get a Fusion alert rule. -@try_manual -def step__alertrules_get_get_a_fusion_alert_rule_(test, rg): - test.cmd('az sentinel alert-rule show ' - '--resource-group "{rg}" ' - '--rule-id "myFirstFusionRule" ' - '--workspace-name {workspace}', - checks=[ - test.check('enabled', True), - test.check('kind', 'Fusion'), - test.check('name', 'myFirstFusionRule') - ]) - - -# EXAMPLE: /AlertRules/get/Get a MicrosoftSecurityIncidentCreation rule. -@try_manual -def step__alertrules_get(test, rg): - test.cmd('az sentinel alert-rule show ' - '--resource-group "{rg}" ' - '--rule-id "microsoftSecurityIncidentCreationRuleExample" ' - '--workspace-name {workspace}', - checks=[ - test.check('enabled', True), - test.check('kind', 'MicrosoftSecurityIncidentCreation'), - test.check('name', 'microsoftSecurityIncidentCreationRuleExample'), - test.check('productFilter', 'Microsoft Cloud App Security'), - test.check('displayName', 'testing displayname') - ]) - - -# EXAMPLE: /AlertRules/get/Get a Scheduled alert rule. -@try_manual -def step__alertrules_get_get_a_scheduled_alert_rule_(test, rg): - test.cmd('az sentinel alert-rule show ' - '--resource-group "{rg}" ' - '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /AlertRules/get/Get all alert rules. -@try_manual -def step__alertrules_get_get_all_alert_rules_(test, rg): - test.cmd('az sentinel alert-rule list ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('length(@)', 2) - ]) - - -# EXAMPLE: /AlertRules/get/Get an action of alert rule. -@try_manual -def step__alertrules_get_get_an_action_of_alert_rule_(test, rg): - test.cmd('az sentinel alert-rule get-action ' - '--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" ' - '--resource-group "{rg}" ' - '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /AlertRules/delete/Delete an action of alert rule. -@try_manual -def step__alertrules_delete(test, rg): - test.cmd('az sentinel alert-rule delete -y ' - '--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" ' - '--resource-group "{rg}" ' - '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /AlertRules/delete/Delete an alert rule. -@try_manual -def step__alertrules_delete_delete_an_alert_rule_(test, rg): - test.cmd('az sentinel alert-rule delete -y ' - '--resource-group "{rg}" ' - '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--workspace-name {workspace}', - checks=[]) - - -@try_manual -def step__alertrules_delete_delete_a_fusion_alert_rule_(test, rg): - test.cmd('az sentinel alert-rule delete -y ' - '--resource-group "{rg}" ' - '--rule-id "myFirstFusionRule" ' - '--workspace-name {workspace}') - - -# EXAMPLE: /AlertRuleTemplates/get/Get alert rule template by Id. -@try_manual -def step__alertruletemplates_get(test, rg): - test.cmd('az sentinel alert-rule-template show ' - '--alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('kind', 'Scheduled'), - test.check('name', '65360bb0-8986-4ade-a89d-af3cf44d28aa') - ]) - - -# EXAMPLE: /AlertRuleTemplates/get/Get all alert rule templates. -@try_manual -def step__alertruletemplates_list(test, rg): - test.cmd('az sentinel alert-rule-template list ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}') - - -# EXAMPLE: /Bookmarks/put/Creates or updates a bookmark. -@try_manual -def step__bookmarks_put_creates_or_updates_a_bookmark_(test, rg): - test.cmd('az sentinel bookmark create ' - '--etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" ' - '--created "2019-01-01T13:15:30Z" ' - '--display-name "My bookmark" ' - '--labels "Tag1" ' - '--labels "Tag2" ' - '--notes "Found a suspicious activity" ' - '-q "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" ' - '--query-result "Security Event query result" ' - '--updated "2019-01-01T13:15:30Z" ' - '--bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('name', '73e01a99-5cd7-4139-a149-9f2736ff2ab5'), - test.check('query', 'SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)') - ]) - - -# EXAMPLE: /Bookmarks/get/Get a bookmark. -@try_manual -def step__bookmarks_get_get_a_bookmark_(test, rg): - test.cmd('az sentinel bookmark show ' - '--bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('name', '73e01a99-5cd7-4139-a149-9f2736ff2ab5'), - test.check('query', 'SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)') - ]) - - -# EXAMPLE: /Bookmarks/get/Get all bookmarks. -@try_manual -def step__bookmarks_get_get_all_bookmarks_(test, rg): - test.cmd('az sentinel bookmark list ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('length(@)', 1), - test.check('[0].name', '73e01a99-5cd7-4139-a149-9f2736ff2ab5'), - test.check('[0].query', 'SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)') - ]) - - -# EXAMPLE: /Bookmarks/delete/Delete a bookmark. -@try_manual -def step__bookmarks_delete_delete_a_bookmark_(test, rg): - test.cmd('az sentinel bookmark delete -y ' - '--bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}') - +from .example_steps import step_action_list +from .example_steps import step_alert_rule_create +from .example_steps import step_alert_rule_create2 +from .example_steps import step_alert_rule_create3 +from .example_steps import step_alert_rule_create4 +from .example_steps import step_alert_rule_show +from .example_steps import step_alert_rule_show2 +from .example_steps import step_alert_rule_show3 +from .example_steps import step_alert_rule_list +from .example_steps import step_alert_rule_show_action +from .example_steps import step_alert_rule_delete +from .example_steps import step_alert_rule_delete2 +from .example_steps import step_alert_rule_template_show +from .example_steps import step_alert_rule_template_list +from .example_steps import step_bookmark_create +from .example_steps import step_bookmark_show +from .example_steps import step_bookmark_list +from .example_steps import step_bookmark_delete +from .example_steps import step_data_connector_create +from .example_steps import step_data_connector_show +from .example_steps import step_data_connector_show2 +from .example_steps import step_data_connector_show3 +from .example_steps import step_data_connector_show4 +from .example_steps import step_data_connector_list +from .example_steps import step_data_connector_show5 +from .example_steps import step_data_connector_show6 +from .example_steps import step_data_connector_show7 +from .example_steps import step_data_connector_show8 +from .example_steps import step_data_connector_delete +from .example_steps import step_incident_comment_create +from .example_steps import step_incident_comment_list +from .example_steps import step_incident_comment_show +from .example_steps import step_incident_create +from .example_steps import step_incident_list +from .example_steps import step_incident_show +from .example_steps import step_incident_delete +from .. import ( + try_manual, + raise_if, + calc_coverage +) -# EXAMPLE: /DataConnectors/put/Creates or updates an Office365 data connector. -@try_manual -def step__dataconnectors_put(test, rg): - test.cmd('az sentinel data-connector create ' - '--office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" ' - '--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /DataConnectors/get/Get a ASC data connector. -@try_manual -def step__dataconnectors_get_get_a_asc_data_connector_(test, rg): - test.cmd('az sentinel data-connector show ' - '--data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /DataConnectors/get/Get a MCAS data connector. -@try_manual -def step__dataconnectors_get(test, rg): - test.cmd('az sentinel data-connector show ' - '--data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /DataConnectors/get/Get a MDATP data connector -@try_manual -def step__dataconnectors_get2(test, rg): - test.cmd('az sentinel data-connector show ' - '--data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /DataConnectors/get/Get a TI data connector. -@try_manual -def step__dataconnectors_get_get_a_ti_data_connector_(test, rg): - test.cmd('az sentinel data-connector show ' - '--data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /DataConnectors/get/Get all data connectors. -@try_manual -def step__dataconnectors_get_get_all_data_connectors_(test, rg): - test.cmd('az sentinel data-connector list ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /DataConnectors/get/Get an AAD data connector. -@try_manual -def step__dataconnectors_get3(test, rg): - test.cmd('az sentinel data-connector show ' - '--data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /DataConnectors/get/Get an AATP data connector. -@try_manual -def step__dataconnectors_get4(test, rg): - test.cmd('az sentinel data-connector show ' - '--data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /DataConnectors/get/Get an AwsCloudTrail data connector. -@try_manual -def step__dataconnectors_get5(test, rg): - test.cmd('az sentinel data-connector show ' - '--data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /DataConnectors/get/Get an Office365 data connector. -@try_manual -def step__dataconnectors_get6(test, rg): - test.cmd('az sentinel data-connector show ' - '--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - - -# EXAMPLE: /DataConnectors/delete/Delete an Office365 data connector. -@try_manual -def step__dataconnectors_delete(test, rg): - test.cmd('az sentinel data-connector delete -y ' - '--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[]) - -# EXAMPLE: /IncidentComments/put/Creates an incident comment. -@try_manual -def step__incidentcomments_put(test, rg): - test.cmd('az sentinel incident-comment create ' - '--message "Some message" ' - '--incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" ' - '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('message', 'Some message'), - test.check('name', '4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014') - ]) - - -# EXAMPLE: /IncidentComments/get/Get all incident comments. -@try_manual -def step__incidentcomments_get(test, rg): - test.cmd('az sentinel incident-comment list ' - '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('length(@)', 1), - test.check('[0].message', 'Some message'), - test.check('[0].name', '4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014') - ]) - - -# EXAMPLE: /IncidentComments/get/Get an incident comment. -@try_manual -def step__incidentcomments_get2(test, rg): - test.cmd('az sentinel incident-comment show ' - '--incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" ' - '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('message', 'Some message'), - test.check('name', '4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014') - ]) - - -# EXAMPLE: /Incidents/put/Creates or updates an incident. -@try_manual -def step__incidents_put(test, rg): - test.cmd('az sentinel incident create ' - '--etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" ' - '--description "This is a demo incident" ' - '--classification "FalsePositive" ' - '--classification-comment "Not a malicious activity" ' - '--classification-reason "IncorrectAlertLogic" ' - '--first-activity-time-utc "2019-01-01T13:00:30Z" ' - '--last-activity-time-utc "2019-01-01T13:05:30Z" ' - '--owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" ' - '--severity "High" ' - '--status "Closed" ' - '--title "title" ' - '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('classification', 'FalsePositive'), - test.check('classificationReason', 'IncorrectAlertLogic'), - test.check('classificationComment', 'Not a malicious activity'), - test.check('severity', 'High'), - test.check('title', 'title'), - test.check('status', 'Closed') - ]) - - -# EXAMPLE: /Incidents/get/Get all incidents. -@try_manual -def step__incidents_get_get_all_incidents_(test, rg): - test.cmd('az sentinel incident list ' - '--orderby "properties/createdTimeUtc desc" ' - '--top 1 ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('length(@)', 1), - test.check('[0].name', '73e01a99-5cd7-4139-a149-9f2736ff2ab5') - ]) - - -# EXAMPLE: /Incidents/get/Get an incident. -@try_manual -def step__incidents_get_get_an_incident_(test, rg): - test.cmd('az sentinel incident show ' - '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}', - checks=[ - test.check('classification', 'FalsePositive'), - test.check('classificationReason', 'IncorrectAlertLogic'), - test.check('classificationComment', 'Not a malicious activity'), - test.check('severity', 'High'), - test.check('title', 'title'), - test.check('status', 'Closed') - ]) +TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..')) -# EXAMPLE: /Incidents/delete/Delete an incident. +# Env setup_scenario @try_manual -def step__incidents_delete_delete_an_incident_(test, rg): - test.cmd('az sentinel incident delete -y ' - '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' - '--resource-group "{rg}" ' - '--workspace-name {workspace}') +def setup_scenario(test, rg): + pass -# Env cleanup +# Env cleanup_scenario @try_manual -def cleanup(test, rg): +def cleanup_scenario(test, rg): pass -# Testcase +# Testcase: Scenario @try_manual def call_scenario(test, rg): - setup(test, rg) - step__alertrules_put(test, rg) - step__alertrules_put2(test, rg) - # step__alertrules_put3(test, rg) - # step__alertrules_put4(test, rg) - step__alertrules_get_get_a_fusion_alert_rule_(test, rg) - step__alertrules_get(test, rg) - # step__alertrules_get_get_a_scheduled_alert_rule_(test, rg) - step__alertrules_get_get_all_alert_rules_(test, rg) - # step__alertrules_get_get_an_action_of_alert_rule_(test, rg) - # step__alertrules_delete(test, rg) - # step__alertrules_delete_delete_an_alert_rule_(test, rg) - step__alertrules_delete_delete_a_fusion_alert_rule_(test, rg) - step__alertruletemplates_get(test, rg) - step__alertruletemplates_list(test, rg) - # step__actions_get_get_all_actions_of_alert_rule_(test, rg) - step__bookmarks_put_creates_or_updates_a_bookmark_(test, rg) - step__bookmarks_get_get_a_bookmark_(test, rg) - step__bookmarks_get_get_all_bookmarks_(test, rg) - step__bookmarks_delete_delete_a_bookmark_(test, rg) - - # step__dataconnectors_put(test, rg) - # step__dataconnectors_get_get_a_asc_data_connector_(test, rg) - # step__dataconnectors_get(test, rg) - # step__dataconnectors_get2(test, rg) - # step__dataconnectors_get_get_a_ti_data_connector_(test, rg) - # step__dataconnectors_get_get_all_data_connectors_(test, rg) - # step__dataconnectors_get3(test, rg) - # step__dataconnectors_get4(test, rg) - # step__dataconnectors_get5(test, rg) - # step__dataconnectors_get6(test, rg) - # step__dataconnectors_delete(test, rg) - - step__incidents_put(test, rg) - # step__incidents_get_get_all_incidents_(test, rg) - step__incidents_get_get_an_incident_(test, rg) - step__incidentcomments_put(test, rg) - step__incidentcomments_get(test, rg) - step__incidentcomments_get2(test, rg) - step__incidents_delete_delete_an_incident_(test, rg) - cleanup(test, rg) - - -@try_manual -class SecurityInsightsScenarioTest(ScenarioTest): - - @ResourceGroupPreparer(name_prefix='clitestsentinel_myRg'[:7], key='rg', parameter_name='rg') - @AllowLargeResponse() - def test_sentinel(self, rg): - + setup_scenario(test, rg) + step_action_list(test, rg, checks=[]) + step_alert_rule_create(test, rg, checks=[]) + step_alert_rule_create2(test, rg, checks=[]) + step_alert_rule_create3(test, rg, checks=[]) + step_alert_rule_create4(test, rg, checks=[]) + step_alert_rule_show(test, rg, checks=[]) + step_alert_rule_show2(test, rg, checks=[]) + step_alert_rule_show3(test, rg, checks=[]) + step_alert_rule_list(test, rg, checks=[]) + step_alert_rule_show_action(test, rg, checks=[]) + step_alert_rule_delete(test, rg, checks=[]) + step_alert_rule_delete2(test, rg, checks=[]) + step_alert_rule_template_show(test, rg, checks=[]) + step_alert_rule_template_list(test, rg, checks=[]) + step_bookmark_create(test, rg, checks=[]) + step_bookmark_show(test, rg, checks=[]) + step_bookmark_list(test, rg, checks=[]) + step_bookmark_delete(test, rg, checks=[]) + step_data_connector_create(test, rg, checks=[]) + step_data_connector_show(test, rg, checks=[]) + step_data_connector_show2(test, rg, checks=[]) + step_data_connector_show3(test, rg, checks=[]) + step_data_connector_show4(test, rg, checks=[]) + step_data_connector_list(test, rg, checks=[]) + step_data_connector_show5(test, rg, checks=[]) + step_data_connector_show6(test, rg, checks=[]) + step_data_connector_show7(test, rg, checks=[]) + step_data_connector_show8(test, rg, checks=[]) + step_data_connector_delete(test, rg, checks=[]) + step_incident_comment_create(test, rg, checks=[]) + step_incident_comment_list(test, rg, checks=[]) + step_incident_comment_show(test, rg, checks=[]) + step_incident_create(test, rg, checks=[]) + step_incident_list(test, rg, checks=[]) + step_incident_show(test, rg, checks=[]) + step_incident_delete(test, rg, checks=[]) + cleanup_scenario(test, rg) + + +# Test class for Scenario +@try_manual +class SentinelScenarioTest(ScenarioTest): + + def __init__(self, *args, **kwargs): + super(SentinelScenarioTest, self).__init__(*args, **kwargs) self.kwargs.update({ 'subscription_id': self.get_subscription_id() }) + + + @ResourceGroupPreparer(name_prefix='clitestsentinel_myRg'[:7], key='rg', parameter_name='rg') + def test_sentinel_Scenario(self, rg): call_scenario(self, rg) calc_coverage(__file__) raise_if() + diff --git a/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario_coverage.md b/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario_coverage.md deleted file mode 100644 index 92d9c097816..00000000000 --- a/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario_coverage.md +++ /dev/null @@ -1,20 +0,0 @@ -|Scenario|Result|ErrorMessage|ErrorStack|ErrorNormalized|StartDt|EndDt| -|step__alertrules_put|successed||||2020-11-30 05:12:10.340025|2020-11-30 05:12:14.212919| -|step__alertrules_put2|successed||||2020-11-30 05:12:14.213902|2020-11-30 05:12:16.912928| -|step__alertrules_get_get_a_fusion_alert_rule_|successed||||2020-11-30 05:12:16.913927|2020-11-30 05:12:18.411054| -|step__alertrules_get|successed||||2020-11-30 05:12:18.412055|2020-11-30 05:12:21.541734| -|step__alertrules_get_get_all_alert_rules_|successed||||2020-11-30 05:12:21.541734|2020-11-30 05:12:23.591243| -|step__alertrules_delete_delete_a_fusion_alert_rule_|successed||||2020-11-30 05:12:23.592241|2020-11-30 05:12:26.496214| -|step__alertruletemplates_get|successed||||2020-11-30 05:12:26.497214|2020-11-30 05:12:29.682131| -|step__alertruletemplates_list|successed||||2020-11-30 05:12:29.682131|2020-11-30 05:12:33.559276| -|step__bookmarks_put_creates_or_updates_a_bookmark_|successed||||2020-11-30 05:12:33.560277|2020-11-30 05:12:36.664603| -|step__bookmarks_get_get_a_bookmark_|successed||||2020-11-30 05:12:36.665672|2020-11-30 05:12:37.405872| -|step__bookmarks_get_get_all_bookmarks_|successed||||2020-11-30 05:12:37.406872|2020-11-30 05:12:38.657312| -|step__bookmarks_delete_delete_a_bookmark_|successed||||2020-11-30 05:12:38.658311|2020-11-30 05:12:41.040726| -|step__incidents_put|successed||||2020-11-30 05:12:41.040726|2020-11-30 05:12:43.390843| -|step__incidents_get_get_an_incident_|successed||||2020-11-30 05:12:43.391911|2020-11-30 05:12:45.395363| -|step__incidentcomments_put|successed||||2020-11-30 05:12:45.396360|2020-11-30 05:12:46.378773| -|step__incidentcomments_get|successed||||2020-11-30 05:12:46.379844|2020-11-30 05:12:47.110435| -|step__incidentcomments_get2|successed||||2020-11-30 05:12:47.111432|2020-11-30 05:12:47.890755| -|step__incidents_delete_delete_an_incident_|successed||||2020-11-30 05:12:47.891754|2020-11-30 05:12:48.690398| -Coverage: 18/18 diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py index 3f1b4e49c01..e5f3fc25700 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py @@ -18,36 +18,36 @@ from azure.core.credentials import TokenCredential from ._configuration import SecurityInsightsConfiguration -from .operations import OperationOperations -from .operations import AlertRuleOperations -from .operations import ActionOperations -from .operations import AlertRuleTemplateOperations -from .operations import BookmarkOperations -from .operations import DataConnectorOperations -from .operations import IncidentOperations -from .operations import IncidentCommentOperations +from .operations import Operations +from .operations import AlertRulesOperations +from .operations import ActionsOperations +from .operations import AlertRuleTemplatesOperations +from .operations import BookmarksOperations +from .operations import DataConnectorsOperations +from .operations import IncidentsOperations +from .operations import IncidentCommentsOperations from . import models class SecurityInsights(object): """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. - :ivar operation: OperationOperations operations - :vartype operation: security_insights.operations.OperationOperations - :ivar alert_rule: AlertRuleOperations operations - :vartype alert_rule: security_insights.operations.AlertRuleOperations - :ivar action: ActionOperations operations - :vartype action: security_insights.operations.ActionOperations - :ivar alert_rule_template: AlertRuleTemplateOperations operations - :vartype alert_rule_template: security_insights.operations.AlertRuleTemplateOperations - :ivar bookmark: BookmarkOperations operations - :vartype bookmark: security_insights.operations.BookmarkOperations - :ivar data_connector: DataConnectorOperations operations - :vartype data_connector: security_insights.operations.DataConnectorOperations - :ivar incident: IncidentOperations operations - :vartype incident: security_insights.operations.IncidentOperations - :ivar incident_comment: IncidentCommentOperations operations - :vartype incident_comment: security_insights.operations.IncidentCommentOperations + :ivar operations: Operations operations + :vartype operations: security_insights.operations.Operations + :ivar alert_rules: AlertRulesOperations operations + :vartype alert_rules: security_insights.operations.AlertRulesOperations + :ivar actions: ActionsOperations operations + :vartype actions: security_insights.operations.ActionsOperations + :ivar alert_rule_templates: AlertRuleTemplatesOperations operations + :vartype alert_rule_templates: security_insights.operations.AlertRuleTemplatesOperations + :ivar bookmarks: BookmarksOperations operations + :vartype bookmarks: security_insights.operations.BookmarksOperations + :ivar data_connectors: DataConnectorsOperations operations + :vartype data_connectors: security_insights.operations.DataConnectorsOperations + :ivar incidents: IncidentsOperations operations + :vartype incidents: security_insights.operations.IncidentsOperations + :ivar incident_comments: IncidentCommentsOperations operations + :vartype incident_comments: security_insights.operations.IncidentCommentsOperations :param credential: Credential needed for the client to connect to Azure. :type credential: ~azure.core.credentials.TokenCredential :param subscription_id: Azure subscription ID. @@ -72,21 +72,21 @@ def __init__( self._serialize = Serializer(client_models) self._deserialize = Deserializer(client_models) - self.operation = OperationOperations( + self.operations = Operations( self._client, self._config, self._serialize, self._deserialize) - self.alert_rule = AlertRuleOperations( + self.alert_rules = AlertRulesOperations( self._client, self._config, self._serialize, self._deserialize) - self.action = ActionOperations( + self.actions = ActionsOperations( self._client, self._config, self._serialize, self._deserialize) - self.alert_rule_template = AlertRuleTemplateOperations( + self.alert_rule_templates = AlertRuleTemplatesOperations( self._client, self._config, self._serialize, self._deserialize) - self.bookmark = BookmarkOperations( + self.bookmarks = BookmarksOperations( self._client, self._config, self._serialize, self._deserialize) - self.data_connector = DataConnectorOperations( + self.data_connectors = DataConnectorsOperations( self._client, self._config, self._serialize, self._deserialize) - self.incident = IncidentOperations( + self.incidents = IncidentsOperations( self._client, self._config, self._serialize, self._deserialize) - self.incident_comment = IncidentCommentOperations( + self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize) def close(self): diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py index 7eb275a24fa..62e49e6a888 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py @@ -16,36 +16,36 @@ from azure.core.credentials_async import AsyncTokenCredential from ._configuration import SecurityInsightsConfiguration -from .operations import OperationOperations -from .operations import AlertRuleOperations -from .operations import ActionOperations -from .operations import AlertRuleTemplateOperations -from .operations import BookmarkOperations -from .operations import DataConnectorOperations -from .operations import IncidentOperations -from .operations import IncidentCommentOperations +from .operations import Operations +from .operations import AlertRulesOperations +from .operations import ActionsOperations +from .operations import AlertRuleTemplatesOperations +from .operations import BookmarksOperations +from .operations import DataConnectorsOperations +from .operations import IncidentsOperations +from .operations import IncidentCommentsOperations from .. import models class SecurityInsights(object): """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. - :ivar operation: OperationOperations operations - :vartype operation: security_insights.aio.operations.OperationOperations - :ivar alert_rule: AlertRuleOperations operations - :vartype alert_rule: security_insights.aio.operations.AlertRuleOperations - :ivar action: ActionOperations operations - :vartype action: security_insights.aio.operations.ActionOperations - :ivar alert_rule_template: AlertRuleTemplateOperations operations - :vartype alert_rule_template: security_insights.aio.operations.AlertRuleTemplateOperations - :ivar bookmark: BookmarkOperations operations - :vartype bookmark: security_insights.aio.operations.BookmarkOperations - :ivar data_connector: DataConnectorOperations operations - :vartype data_connector: security_insights.aio.operations.DataConnectorOperations - :ivar incident: IncidentOperations operations - :vartype incident: security_insights.aio.operations.IncidentOperations - :ivar incident_comment: IncidentCommentOperations operations - :vartype incident_comment: security_insights.aio.operations.IncidentCommentOperations + :ivar operations: Operations operations + :vartype operations: security_insights.aio.operations.Operations + :ivar alert_rules: AlertRulesOperations operations + :vartype alert_rules: security_insights.aio.operations.AlertRulesOperations + :ivar actions: ActionsOperations operations + :vartype actions: security_insights.aio.operations.ActionsOperations + :ivar alert_rule_templates: AlertRuleTemplatesOperations operations + :vartype alert_rule_templates: security_insights.aio.operations.AlertRuleTemplatesOperations + :ivar bookmarks: BookmarksOperations operations + :vartype bookmarks: security_insights.aio.operations.BookmarksOperations + :ivar data_connectors: DataConnectorsOperations operations + :vartype data_connectors: security_insights.aio.operations.DataConnectorsOperations + :ivar incidents: IncidentsOperations operations + :vartype incidents: security_insights.aio.operations.IncidentsOperations + :ivar incident_comments: IncidentCommentsOperations operations + :vartype incident_comments: security_insights.aio.operations.IncidentCommentsOperations :param credential: Credential needed for the client to connect to Azure. :type credential: ~azure.core.credentials_async.AsyncTokenCredential :param subscription_id: Azure subscription ID. @@ -69,21 +69,21 @@ def __init__( self._serialize = Serializer(client_models) self._deserialize = Deserializer(client_models) - self.operation = OperationOperations( + self.operations = Operations( self._client, self._config, self._serialize, self._deserialize) - self.alert_rule = AlertRuleOperations( + self.alert_rules = AlertRulesOperations( self._client, self._config, self._serialize, self._deserialize) - self.action = ActionOperations( + self.actions = ActionsOperations( self._client, self._config, self._serialize, self._deserialize) - self.alert_rule_template = AlertRuleTemplateOperations( + self.alert_rule_templates = AlertRuleTemplatesOperations( self._client, self._config, self._serialize, self._deserialize) - self.bookmark = BookmarkOperations( + self.bookmarks = BookmarksOperations( self._client, self._config, self._serialize, self._deserialize) - self.data_connector = DataConnectorOperations( + self.data_connectors = DataConnectorsOperations( self._client, self._config, self._serialize, self._deserialize) - self.incident = IncidentOperations( + self.incidents = IncidentsOperations( self._client, self._config, self._serialize, self._deserialize) - self.incident_comment = IncidentCommentOperations( + self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize) async def close(self) -> None: diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py index 5e67996dcd4..f941c6be952 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py @@ -6,22 +6,22 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from ._operation_operations import OperationOperations -from ._alert_rule_operations import AlertRuleOperations -from ._action_operations import ActionOperations -from ._alert_rule_template_operations import AlertRuleTemplateOperations -from ._bookmark_operations import BookmarkOperations -from ._data_connector_operations import DataConnectorOperations -from ._incident_operations import IncidentOperations -from ._incident_comment_operations import IncidentCommentOperations +from ._operations import Operations +from ._alert_rules_operations import AlertRulesOperations +from ._actions_operations import ActionsOperations +from ._alert_rule_templates_operations import AlertRuleTemplatesOperations +from ._bookmarks_operations import BookmarksOperations +from ._data_connectors_operations import DataConnectorsOperations +from ._incidents_operations import IncidentsOperations +from ._incident_comments_operations import IncidentCommentsOperations __all__ = [ - 'OperationOperations', - 'AlertRuleOperations', - 'ActionOperations', - 'AlertRuleTemplateOperations', - 'BookmarkOperations', - 'DataConnectorOperations', - 'IncidentOperations', - 'IncidentCommentOperations', + 'Operations', + 'AlertRulesOperations', + 'ActionsOperations', + 'AlertRuleTemplatesOperations', + 'BookmarksOperations', + 'DataConnectorsOperations', + 'IncidentsOperations', + 'IncidentCommentsOperations', ] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_actions_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_actions_operations.py index 378198b2cfb..927368e5b54 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_actions_operations.py @@ -19,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class ActionOperations: - """ActionOperations async operations. +class ActionsOperations: + """ActionsOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_templates_operations.py similarity index 99% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_templates_operations.py index 986138cb66b..0b004ed0e59 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_templates_operations.py @@ -19,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class AlertRuleTemplateOperations: - """AlertRuleTemplateOperations async operations. +class AlertRuleTemplatesOperations: + """AlertRuleTemplatesOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rules_operations.py similarity index 97% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rules_operations.py index 89d90bb06be..0bcf22503d7 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rules_operations.py @@ -19,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class AlertRuleOperations: - """AlertRuleOperations async operations. +class AlertRulesOperations: + """AlertRulesOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -387,9 +387,7 @@ async def create_or_update_action( workspace_name: str, rule_id: str, action_id: str, - etag: Optional[str] = None, - logic_app_resource_id: Optional[str] = None, - trigger_uri: Optional[str] = None, + action: "models.ActionRequest", **kwargs ) -> "models.ActionResponse": """Creates or updates the action of alert rule. @@ -403,14 +401,8 @@ async def create_or_update_action( :type rule_id: str :param action_id: Action ID. :type action_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my- - subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- - workflow-id}. - :type logic_app_resource_id: str - :param trigger_uri: Logic App Callback URL for this specific workflow. - :type trigger_uri: str + :param action: The action. + :type action: ~security_insights.models.ActionRequest :keyword callable cls: A custom type or function that will be passed the direct response :return: ActionResponse, or the result of cls(response) :rtype: ~security_insights.models.ActionResponse @@ -421,8 +413,6 @@ async def create_or_update_action( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - action = models.ActionRequest(etag=etag, logic_app_resource_id=logic_app_resource_id, trigger_uri=trigger_uri) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmarks_operations.py similarity index 89% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmarks_operations.py index 6cd59a2dc8c..e22f720758a 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmarks_operations.py @@ -5,8 +5,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import datetime -from typing import Any, AsyncIterable, Callable, Dict, Generic, List, Optional, TypeVar, Union +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union import warnings from azure.core.async_paging import AsyncItemPaged, AsyncList @@ -20,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class BookmarkOperations: - """BookmarkOperations async operations. +class BookmarksOperations: + """BookmarksOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -185,16 +184,7 @@ async def create_or_update( resource_group_name: str, workspace_name: str, bookmark_id: str, - etag: Optional[str] = None, - created: Optional[datetime.datetime] = None, - display_name: Optional[str] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - incident_info: Optional["models.IncidentInfo"] = None, - object_id: Optional[str] = None, + bookmark: "models.Bookmark", **kwargs ) -> "models.Bookmark": """Creates or updates the bookmark. @@ -206,26 +196,8 @@ async def create_or_update( :type workspace_name: str :param bookmark_id: Bookmark ID. :type bookmark_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param created: The time the bookmark was created. - :type created: ~datetime.datetime - :param display_name: The display name of the bookmark. - :type display_name: str - :param labels: List of labels relevant to this bookmark. - :type labels: list[str] - :param notes: The notes of the bookmark. - :type notes: str - :param query: The query of the bookmark. - :type query: str - :param query_result: The query result of the bookmark. - :type query_result: str - :param updated: The last time the bookmark was updated. - :type updated: ~datetime.datetime - :param incident_info: Describes an incident that relates to bookmark. - :type incident_info: ~security_insights.models.IncidentInfo - :param object_id: The object id of the user. - :type object_id: str + :param bookmark: The bookmark. + :type bookmark: ~security_insights.models.Bookmark :keyword callable cls: A custom type or function that will be passed the direct response :return: Bookmark, or the result of cls(response) :rtype: ~security_insights.models.Bookmark @@ -236,8 +208,6 @@ async def create_or_update( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - bookmark = models.Bookmark(etag=etag, created=created, display_name=display_name, labels=labels, notes=notes, query=query, query_result=query_result, updated=updated, incident_info=incident_info, object_id_updated_by_object_id=object_id) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connectors_operations.py similarity index 99% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connectors_operations.py index 9f83b3170a9..f0a4fee020e 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connectors_operations.py @@ -19,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class DataConnectorOperations: - """DataConnectorOperations async operations. +class DataConnectorsOperations: + """DataConnectorsOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comments_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comments_operations.py index cc2b8403fc1..413a720e50a 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comments_operations.py @@ -19,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class IncidentCommentOperations: - """IncidentCommentOperations async operations. +class IncidentCommentsOperations: + """IncidentCommentsOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -215,7 +215,7 @@ async def create_comment( workspace_name: str, incident_id: str, incident_comment_id: str, - message: Optional[str] = None, + incident_comment: "models.IncidentComment", **kwargs ) -> "models.IncidentComment": """Creates the incident comment. @@ -229,8 +229,8 @@ async def create_comment( :type incident_id: str :param incident_comment_id: Incident comment ID. :type incident_comment_id: str - :param message: The comment message. - :type message: str + :param incident_comment: The incident comment. + :type incident_comment: ~security_insights.models.IncidentComment :keyword callable cls: A custom type or function that will be passed the direct response :return: IncidentComment, or the result of cls(response) :rtype: ~security_insights.models.IncidentComment @@ -241,8 +241,6 @@ async def create_comment( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - incident_comment = models.IncidentComment(message=message) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incidents_operations.py similarity index 85% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incidents_operations.py index 8efc09e2788..edd3f511ac9 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incidents_operations.py @@ -5,8 +5,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import datetime -from typing import Any, AsyncIterable, Callable, Dict, Generic, List, Optional, TypeVar, Union +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union import warnings from azure.core.async_paging import AsyncItemPaged, AsyncList @@ -20,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class IncidentOperations: - """IncidentOperations async operations. +class IncidentsOperations: + """IncidentsOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -207,18 +206,7 @@ async def create_or_update( resource_group_name: str, workspace_name: str, incident_id: str, - etag: Optional[str] = None, - classification: Optional[Union[str, "models.IncidentClassification"]] = None, - classification_comment: Optional[str] = None, - classification_reason: Optional[Union[str, "models.IncidentClassificationReason"]] = None, - description: Optional[str] = None, - first_activity_time_utc: Optional[datetime.datetime] = None, - labels: Optional[List["models.IncidentLabel"]] = None, - last_activity_time_utc: Optional[datetime.datetime] = None, - owner: Optional["models.IncidentOwnerInfo"] = None, - severity: Optional[Union[str, "models.IncidentSeverity"]] = None, - status: Optional[Union[str, "models.IncidentStatus"]] = None, - title: Optional[str] = None, + incident: "models.Incident", **kwargs ) -> "models.Incident": """Creates or updates the incident. @@ -230,30 +218,8 @@ async def create_or_update( :type workspace_name: str :param incident_id: Incident ID. :type incident_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param classification: The reason the incident was closed. - :type classification: str or ~security_insights.models.IncidentClassification - :param classification_comment: Describes the reason the incident was closed. - :type classification_comment: str - :param classification_reason: The classification reason the incident was closed with. - :type classification_reason: str or ~security_insights.models.IncidentClassificationReason - :param description: The description of the incident. - :type description: str - :param first_activity_time_utc: The time of the first activity in the incident. - :type first_activity_time_utc: ~datetime.datetime - :param labels: List of labels relevant to this incident. - :type labels: list[~security_insights.models.IncidentLabel] - :param last_activity_time_utc: The time of the last activity in the incident. - :type last_activity_time_utc: ~datetime.datetime - :param owner: Describes a user that the incident is assigned to. - :type owner: ~security_insights.models.IncidentOwnerInfo - :param severity: The severity of the incident. - :type severity: str or ~security_insights.models.IncidentSeverity - :param status: The status of the incident. - :type status: str or ~security_insights.models.IncidentStatus - :param title: The title of the incident. - :type title: str + :param incident: The incident. + :type incident: ~security_insights.models.Incident :keyword callable cls: A custom type or function that will be passed the direct response :return: Incident, or the result of cls(response) :rtype: ~security_insights.models.Incident @@ -264,8 +230,6 @@ async def create_or_update( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - incident = models.Incident(etag=etag, classification=classification, classification_comment=classification_comment, classification_reason=classification_reason, description=description, first_activity_time_utc=first_activity_time_utc, labels=labels, last_activity_time_utc=last_activity_time_utc, owner=owner, severity=severity, status=status, title=title) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operations.py index d8d19921e5c..0b48d47f85f 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operations.py @@ -19,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class OperationOperations: - """OperationOperations async operations. +class Operations: + """Operations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py index d50534763d7..73d2a150c03 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py @@ -7,10 +7,8 @@ # -------------------------------------------------------------------------- try: - from ._models_py3 import AADDataConnector - from ._models_py3 import AATPDataConnector - from ._models_py3 import ASCDataConnector - from ._models_py3 import ASCDataConnectorProperties + from ._models_py3 import AadDataConnector + from ._models_py3 import AatpDataConnector from ._models_py3 import ActionPropertiesBase from ._models_py3 import ActionRequest from ._models_py3 import ActionRequestProperties @@ -23,7 +21,10 @@ from ._models_py3 import AlertRuleTemplatesList from ._models_py3 import AlertRulesList from ._models_py3 import AlertsDataTypeOfDataConnector + from ._models_py3 import AscDataConnector + from ._models_py3 import AscDataConnectorProperties from ._models_py3 import AwsCloudTrailDataConnector + from ._models_py3 import AwsCloudTrailDataConnectorDataTypes from ._models_py3 import AwsCloudTrailDataConnectorDataTypesLogs from ._models_py3 import Bookmark from ._models_py3 import BookmarkList @@ -45,9 +46,9 @@ from ._models_py3 import IncidentLabel from ._models_py3 import IncidentList from ._models_py3 import IncidentOwnerInfo - from ._models_py3 import MCASDataConnector - from ._models_py3 import MCASDataConnectorDataTypes - from ._models_py3 import MDATPDataConnector + from ._models_py3 import McasDataConnector + from ._models_py3 import McasDataConnectorDataTypes + from ._models_py3 import MdatpDataConnector from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRule from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleProperties @@ -55,8 +56,10 @@ from ._models_py3 import OfficeConsent from ._models_py3 import OfficeConsentList from ._models_py3 import OfficeDataConnector + from ._models_py3 import OfficeDataConnectorDataTypes from ._models_py3 import OfficeDataConnectorDataTypesExchange from ._models_py3 import OfficeDataConnectorDataTypesSharePoint + from ._models_py3 import OfficeDataConnectorDataTypesTeams from ._models_py3 import Operation from ._models_py3 import OperationDisplay from ._models_py3 import OperationsList @@ -67,16 +70,16 @@ from ._models_py3 import ScheduledAlertRuleProperties from ._models_py3 import ScheduledAlertRuleTemplate from ._models_py3 import Settings - from ._models_py3 import TIDataConnector - from ._models_py3 import TIDataConnectorDataTypesIndicators from ._models_py3 import ThreatIntelligence + from ._models_py3 import TiDataConnector + from ._models_py3 import TiDataConnectorDataTypes + from ._models_py3 import TiDataConnectorDataTypesIndicators from ._models_py3 import ToggleSettings from ._models_py3 import UebaSettings + from ._models_py3 import UserInfo except (SyntaxError, ImportError): - from ._models import AADDataConnector # type: ignore - from ._models import AATPDataConnector # type: ignore - from ._models import ASCDataConnector # type: ignore - from ._models import ASCDataConnectorProperties # type: ignore + from ._models import AadDataConnector # type: ignore + from ._models import AatpDataConnector # type: ignore from ._models import ActionPropertiesBase # type: ignore from ._models import ActionRequest # type: ignore from ._models import ActionRequestProperties # type: ignore @@ -89,7 +92,10 @@ from ._models import AlertRuleTemplatesList # type: ignore from ._models import AlertRulesList # type: ignore from ._models import AlertsDataTypeOfDataConnector # type: ignore + from ._models import AscDataConnector # type: ignore + from ._models import AscDataConnectorProperties # type: ignore from ._models import AwsCloudTrailDataConnector # type: ignore + from ._models import AwsCloudTrailDataConnectorDataTypes # type: ignore from ._models import AwsCloudTrailDataConnectorDataTypesLogs # type: ignore from ._models import Bookmark # type: ignore from ._models import BookmarkList # type: ignore @@ -111,9 +117,9 @@ from ._models import IncidentLabel # type: ignore from ._models import IncidentList # type: ignore from ._models import IncidentOwnerInfo # type: ignore - from ._models import MCASDataConnector # type: ignore - from ._models import MCASDataConnectorDataTypes # type: ignore - from ._models import MDATPDataConnector # type: ignore + from ._models import McasDataConnector # type: ignore + from ._models import McasDataConnectorDataTypes # type: ignore + from ._models import MdatpDataConnector # type: ignore from ._models import MicrosoftSecurityIncidentCreationAlertRule # type: ignore from ._models import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties # type: ignore from ._models import MicrosoftSecurityIncidentCreationAlertRuleProperties # type: ignore @@ -121,8 +127,10 @@ from ._models import OfficeConsent # type: ignore from ._models import OfficeConsentList # type: ignore from ._models import OfficeDataConnector # type: ignore + from ._models import OfficeDataConnectorDataTypes # type: ignore from ._models import OfficeDataConnectorDataTypesExchange # type: ignore from ._models import OfficeDataConnectorDataTypesSharePoint # type: ignore + from ._models import OfficeDataConnectorDataTypesTeams # type: ignore from ._models import Operation # type: ignore from ._models import OperationDisplay # type: ignore from ._models import OperationsList # type: ignore @@ -133,11 +141,13 @@ from ._models import ScheduledAlertRuleProperties # type: ignore from ._models import ScheduledAlertRuleTemplate # type: ignore from ._models import Settings # type: ignore - from ._models import TIDataConnector # type: ignore - from ._models import TIDataConnectorDataTypesIndicators # type: ignore from ._models import ThreatIntelligence # type: ignore + from ._models import TiDataConnector # type: ignore + from ._models import TiDataConnectorDataTypes # type: ignore + from ._models import TiDataConnectorDataTypesIndicators # type: ignore from ._models import ToggleSettings # type: ignore from ._models import UebaSettings # type: ignore + from ._models import UserInfo # type: ignore from ._security_insights_enums import ( AlertRuleKind, @@ -154,16 +164,14 @@ LicenseStatus, MicrosoftSecurityProductName, SettingKind, - StatusInMCAS, + StatusInMcas, TemplateStatus, TriggerOperator, ) __all__ = [ - 'AADDataConnector', - 'AATPDataConnector', - 'ASCDataConnector', - 'ASCDataConnectorProperties', + 'AadDataConnector', + 'AatpDataConnector', 'ActionPropertiesBase', 'ActionRequest', 'ActionRequestProperties', @@ -176,7 +184,10 @@ 'AlertRuleTemplatesList', 'AlertRulesList', 'AlertsDataTypeOfDataConnector', + 'AscDataConnector', + 'AscDataConnectorProperties', 'AwsCloudTrailDataConnector', + 'AwsCloudTrailDataConnectorDataTypes', 'AwsCloudTrailDataConnectorDataTypesLogs', 'Bookmark', 'BookmarkList', @@ -198,9 +209,9 @@ 'IncidentLabel', 'IncidentList', 'IncidentOwnerInfo', - 'MCASDataConnector', - 'MCASDataConnectorDataTypes', - 'MDATPDataConnector', + 'McasDataConnector', + 'McasDataConnectorDataTypes', + 'MdatpDataConnector', 'MicrosoftSecurityIncidentCreationAlertRule', 'MicrosoftSecurityIncidentCreationAlertRuleCommonProperties', 'MicrosoftSecurityIncidentCreationAlertRuleProperties', @@ -208,8 +219,10 @@ 'OfficeConsent', 'OfficeConsentList', 'OfficeDataConnector', + 'OfficeDataConnectorDataTypes', 'OfficeDataConnectorDataTypesExchange', 'OfficeDataConnectorDataTypesSharePoint', + 'OfficeDataConnectorDataTypesTeams', 'Operation', 'OperationDisplay', 'OperationsList', @@ -220,11 +233,13 @@ 'ScheduledAlertRuleProperties', 'ScheduledAlertRuleTemplate', 'Settings', - 'TIDataConnector', - 'TIDataConnectorDataTypesIndicators', 'ThreatIntelligence', + 'TiDataConnector', + 'TiDataConnectorDataTypes', + 'TiDataConnectorDataTypesIndicators', 'ToggleSettings', 'UebaSettings', + 'UserInfo', 'AlertRuleKind', 'AlertSeverity', 'AttackTactic', @@ -239,7 +254,7 @@ 'LicenseStatus', 'MicrosoftSecurityProductName', 'SettingKind', - 'StatusInMCAS', + 'StatusInMcas', 'TemplateStatus', 'TriggerOperator', ] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py index f8a2cf69674..766610cdcb6 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py @@ -52,7 +52,7 @@ class DataConnector(ResourceWithEtag): """Data connector. You probably want to use the sub-classes and not this class directly. Known - sub-classes are: AwsCloudTrailDataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, MCASDataConnector, MDATPDataConnector, OfficeDataConnector, TIDataConnector. + sub-classes are: AwsCloudTrailDataConnector, AadDataConnector, AatpDataConnector, AscDataConnector, McasDataConnector, MdatpDataConnector, OfficeDataConnector, TiDataConnector. Variables are only populated by the server, and will be ignored when sending a request. @@ -89,7 +89,7 @@ class DataConnector(ResourceWithEtag): } _subtype_map = { - 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector'} + 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AadDataConnector', 'AzureAdvancedThreatProtection': 'AatpDataConnector', 'AzureSecurityCenter': 'AscDataConnector', 'MicrosoftCloudAppSecurity': 'McasDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MdatpDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TiDataConnector'} } def __init__( @@ -100,7 +100,7 @@ def __init__( self.kind = 'DataConnector' # type: str -class AADDataConnector(DataConnector): +class AadDataConnector(DataConnector): """Represents AAD (Azure Active Directory) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -122,9 +122,8 @@ class AADDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -141,20 +140,20 @@ class AADDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( self, **kwargs ): - super(AADDataConnector, self).__init__(**kwargs) + super(AadDataConnector, self).__init__(**kwargs) self.kind = 'AzureActiveDirectory' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state = kwargs.get('state', None) + self.data_types = kwargs.get('data_types', None) -class AATPDataConnector(DataConnector): +class AatpDataConnector(DataConnector): """Represents AATP (Azure Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -176,9 +175,8 @@ class AATPDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -195,17 +193,17 @@ class AATPDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( self, **kwargs ): - super(AATPDataConnector, self).__init__(**kwargs) + super(AatpDataConnector, self).__init__(**kwargs) self.kind = 'AzureAdvancedThreatProtection' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state = kwargs.get('state', None) + self.data_types = kwargs.get('data_types', None) class ActionPropertiesBase(msrest.serialization.Model): @@ -640,13 +638,12 @@ def __init__( class AlertsDataTypeOfDataConnector(msrest.serialization.Model): """Alerts data type for data connectors. - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param alerts: Alerts data type connection. + :type alerts: ~security_insights.models.DataConnectorDataTypeCommon """ _attribute_map = { - 'state': {'key': 'alerts.state', 'type': 'str'}, + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, } def __init__( @@ -654,10 +651,10 @@ def __init__( **kwargs ): super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) - self.state = kwargs.get('state', None) + self.alerts = kwargs.get('alerts', None) -class ASCDataConnector(DataConnector): +class AscDataConnector(DataConnector): """Represents ASC (Azure Security Center) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -677,11 +674,10 @@ class ASCDataConnector(DataConnector): "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". :type kind: str or ~security_insights.models.DataConnectorKind + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector :param subscription_id: The subscription id to connect to, and get the data from. :type subscription_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState """ _validation = { @@ -697,18 +693,18 @@ class ASCDataConnector(DataConnector): 'type': {'key': 'type', 'type': 'str'}, 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, } def __init__( self, **kwargs ): - super(ASCDataConnector, self).__init__(**kwargs) + super(AscDataConnector, self).__init__(**kwargs) self.kind = 'AzureSecurityCenter' # type: str + self.data_types = kwargs.get('data_types', None) self.subscription_id = kwargs.get('subscription_id', None) - self.state = kwargs.get('state', None) class DataConnectorWithAlertsProperties(msrest.serialization.Model): @@ -730,7 +726,7 @@ def __init__( self.data_types = kwargs.get('data_types', None) -class ASCDataConnectorProperties(DataConnectorWithAlertsProperties): +class AscDataConnectorProperties(DataConnectorWithAlertsProperties): """ASC (Azure Security Center) data connector properties. :param data_types: The available data types for the connector. @@ -748,7 +744,7 @@ def __init__( self, **kwargs ): - super(ASCDataConnectorProperties, self).__init__(**kwargs) + super(AscDataConnectorProperties, self).__init__(**kwargs) self.subscription_id = kwargs.get('subscription_id', None) @@ -775,9 +771,8 @@ class AwsCloudTrailDataConnector(DataConnector): :param aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. :type aws_role_arn: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AwsCloudTrailDataConnectorDataTypes """ _validation = { @@ -794,7 +789,7 @@ class AwsCloudTrailDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, - 'state': {'key': 'dataTypes.logs.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AwsCloudTrailDataConnectorDataTypes'}, } def __init__( @@ -804,7 +799,26 @@ def __init__( super(AwsCloudTrailDataConnector, self).__init__(**kwargs) self.kind = 'AmazonWebServicesCloudTrail' # type: str self.aws_role_arn = kwargs.get('aws_role_arn', None) - self.state = kwargs.get('state', None) + self.data_types = kwargs.get('data_types', None) + + +class AwsCloudTrailDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for Amazon Web Services CloudTrail data connector. + + :param logs: Logs data type. + :type logs: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'logs': {'key': 'logs', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + **kwargs + ): + super(AwsCloudTrailDataConnectorDataTypes, self).__init__(**kwargs) + self.logs = kwargs.get('logs', None) class DataConnectorDataTypeCommon(msrest.serialization.Model): @@ -861,6 +875,8 @@ class Bookmark(ResourceWithEtag): :type etag: str :param created: The time the bookmark was created. :type created: ~datetime.datetime + :param created_by: Describes a user that created the bookmark. + :type created_by: ~security_insights.models.UserInfo :param display_name: The display name of the bookmark. :type display_name: str :param labels: List of labels relevant to this bookmark. @@ -873,30 +889,16 @@ class Bookmark(ResourceWithEtag): :type query_result: str :param updated: The last time the bookmark was updated. :type updated: ~datetime.datetime + :param updated_by: Describes a user that updated the bookmark. + :type updated_by: ~security_insights.models.UserInfo :param incident_info: Describes an incident that relates to bookmark. :type incident_info: ~security_insights.models.IncidentInfo - :ivar email_updated_by_email: The email of the user. - :vartype email_updated_by_email: str - :ivar name_updated_by_name: The name of the user. - :vartype name_updated_by_name: str - :param object_id_updated_by_object_id: The object id of the user. - :type object_id_updated_by_object_id: str - :ivar email_created_by_email: The email of the user. - :vartype email_created_by_email: str - :ivar name_created_by_name: The name of the user. - :vartype name_created_by_name: str - :param object_id_created_by_object_id: The object id of the user. - :type object_id_created_by_object_id: str """ _validation = { 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'email_updated_by_email': {'readonly': True}, - 'name_updated_by_name': {'readonly': True}, - 'email_created_by_email': {'readonly': True}, - 'name_created_by_name': {'readonly': True}, } _attribute_map = { @@ -905,19 +907,15 @@ class Bookmark(ResourceWithEtag): 'type': {'key': 'type', 'type': 'str'}, 'etag': {'key': 'etag', 'type': 'str'}, 'created': {'key': 'properties.created', 'type': 'iso-8601'}, + 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, 'display_name': {'key': 'properties.displayName', 'type': 'str'}, 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'notes': {'key': 'properties.notes', 'type': 'str'}, 'query': {'key': 'properties.query', 'type': 'str'}, 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, + 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, 'incident_info': {'key': 'properties.incidentInfo', 'type': 'IncidentInfo'}, - 'email_updated_by_email': {'key': 'updatedBy.email', 'type': 'str'}, - 'name_updated_by_name': {'key': 'updatedBy.name', 'type': 'str'}, - 'object_id_updated_by_object_id': {'key': 'updatedBy.objectId', 'type': 'str'}, - 'email_created_by_email': {'key': 'createdBy.email', 'type': 'str'}, - 'name_created_by_name': {'key': 'createdBy.name', 'type': 'str'}, - 'object_id_created_by_object_id': {'key': 'createdBy.objectId', 'type': 'str'}, } def __init__( @@ -926,19 +924,15 @@ def __init__( ): super(Bookmark, self).__init__(**kwargs) self.created = kwargs.get('created', None) + self.created_by = kwargs.get('created_by', None) self.display_name = kwargs.get('display_name', None) self.labels = kwargs.get('labels', None) self.notes = kwargs.get('notes', None) self.query = kwargs.get('query', None) self.query_result = kwargs.get('query_result', None) self.updated = kwargs.get('updated', None) + self.updated_by = kwargs.get('updated_by', None) self.incident_info = kwargs.get('incident_info', None) - self.email_updated_by_email = None - self.name_updated_by_name = None - self.object_id_updated_by_object_id = kwargs.get('object_id_updated_by_object_id', None) - self.email_created_by_email = None - self.name_created_by_name = None - self.object_id_created_by_object_id = kwargs.get('object_id_created_by_object_id', None) class BookmarkList(msrest.serialization.Model): @@ -1086,7 +1080,7 @@ def __init__( class ErrorResponse(msrest.serialization.Model): - """The resource management error response. + """Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). Variables are only populated by the server, and will be ignored when sending a request. @@ -1656,7 +1650,7 @@ def __init__( self.user_principal_name = kwargs.get('user_principal_name', None) -class MCASDataConnector(DataConnector): +class McasDataConnector(DataConnector): """Represents MCAS (Microsoft Cloud App Security) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -1678,12 +1672,8 @@ class MCASDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state_data_types_alerts_state: Describe whether this data type connection is enabled or - not. Possible values include: "Enabled", "Disabled". - :type state_data_types_alerts_state: str or ~security_insights.models.DataTypeState - :param state_data_types_discovery_logs_state: Describe whether this data type connection is - enabled or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_discovery_logs_state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.McasDataConnectorDataTypes """ _validation = { @@ -1700,46 +1690,42 @@ class MCASDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state_data_types_alerts_state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, - 'state_data_types_discovery_logs_state': {'key': 'dataTypes.discoveryLogs.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'McasDataConnectorDataTypes'}, } def __init__( self, **kwargs ): - super(MCASDataConnector, self).__init__(**kwargs) + super(McasDataConnector, self).__init__(**kwargs) self.kind = 'MicrosoftCloudAppSecurity' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state_data_types_alerts_state = kwargs.get('state_data_types_alerts_state', None) - self.state_data_types_discovery_logs_state = kwargs.get('state_data_types_discovery_logs_state', None) + self.data_types = kwargs.get('data_types', None) -class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): +class McasDataConnectorDataTypes(AlertsDataTypeOfDataConnector): """The available data types for MCAS (Microsoft Cloud App Security) data connector. - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState - :param state_discovery_logs_state: Describe whether this data type connection is enabled or - not. Possible values include: "Enabled", "Disabled". - :type state_discovery_logs_state: str or ~security_insights.models.DataTypeState + :param alerts: Alerts data type connection. + :type alerts: ~security_insights.models.DataConnectorDataTypeCommon + :param discovery_logs: Discovery log data type connection. + :type discovery_logs: ~security_insights.models.DataConnectorDataTypeCommon """ _attribute_map = { - 'state': {'key': 'alerts.state', 'type': 'str'}, - 'state_discovery_logs_state': {'key': 'discoveryLogs.state', 'type': 'str'}, + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, + 'discovery_logs': {'key': 'discoveryLogs', 'type': 'DataConnectorDataTypeCommon'}, } def __init__( self, **kwargs ): - super(MCASDataConnectorDataTypes, self).__init__(**kwargs) - self.state_discovery_logs_state = kwargs.get('state_discovery_logs_state', None) + super(McasDataConnectorDataTypes, self).__init__(**kwargs) + self.discovery_logs = kwargs.get('discovery_logs', None) -class MDATPDataConnector(DataConnector): +class MdatpDataConnector(DataConnector): """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -1761,9 +1747,8 @@ class MDATPDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -1780,17 +1765,17 @@ class MDATPDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( self, **kwargs ): - super(MDATPDataConnector, self).__init__(**kwargs) + super(MdatpDataConnector, self).__init__(**kwargs) self.kind = 'MicrosoftDefenderAdvancedThreatProtection' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state = kwargs.get('state', None) + self.data_types = kwargs.get('data_types', None) class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): @@ -2160,12 +2145,8 @@ class OfficeDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state_data_types_share_point_state: Describe whether this data type connection is - enabled or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_share_point_state: str or ~security_insights.models.DataTypeState - :param state_data_types_exchange_state: Describe whether this data type connection is enabled - or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_exchange_state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.OfficeDataConnectorDataTypes """ _validation = { @@ -2182,8 +2163,7 @@ class OfficeDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state_data_types_share_point_state': {'key': 'dataTypes.sharePoint.state', 'type': 'str'}, - 'state_data_types_exchange_state': {'key': 'dataTypes.exchange.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, } def __init__( @@ -2193,8 +2173,34 @@ def __init__( super(OfficeDataConnector, self).__init__(**kwargs) self.kind = 'Office365' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state_data_types_share_point_state = kwargs.get('state_data_types_share_point_state', None) - self.state_data_types_exchange_state = kwargs.get('state_data_types_exchange_state', None) + self.data_types = kwargs.get('data_types', None) + + +class OfficeDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for office data connector. + + :param exchange: Exchange data type connection. + :type exchange: ~security_insights.models.DataConnectorDataTypeCommon + :param share_point: SharePoint data type connection. + :type share_point: ~security_insights.models.DataConnectorDataTypeCommon + :param teams: Teams data type connection. + :type teams: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'exchange': {'key': 'exchange', 'type': 'DataConnectorDataTypeCommon'}, + 'share_point': {'key': 'sharePoint', 'type': 'DataConnectorDataTypeCommon'}, + 'teams': {'key': 'teams', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnectorDataTypes, self).__init__(**kwargs) + self.exchange = kwargs.get('exchange', None) + self.share_point = kwargs.get('share_point', None) + self.teams = kwargs.get('teams', None) class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): @@ -2235,6 +2241,25 @@ def __init__( super(OfficeDataConnectorDataTypesSharePoint, self).__init__(**kwargs) +class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): + """Teams data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnectorDataTypesTeams, self).__init__(**kwargs) + + class Operation(msrest.serialization.Model): """Operation provided by provider. @@ -2742,7 +2767,7 @@ def __init__( self.threat_type = None -class TIDataConnector(DataConnector): +class TiDataConnector(DataConnector): """Represents threat intelligence data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -2764,9 +2789,8 @@ class TIDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.TiDataConnectorDataTypes """ _validation = { @@ -2783,20 +2807,39 @@ class TIDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.indicators.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'TiDataConnectorDataTypes'}, } def __init__( self, **kwargs ): - super(TIDataConnector, self).__init__(**kwargs) + super(TiDataConnector, self).__init__(**kwargs) self.kind = 'ThreatIntelligence' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state = kwargs.get('state', None) + self.data_types = kwargs.get('data_types', None) + + +class TiDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for TI (Threat Intelligence) data connector. + + :param indicators: Data type for indicators connection. + :type indicators: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'indicators': {'key': 'indicators', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + **kwargs + ): + super(TiDataConnectorDataTypes, self).__init__(**kwargs) + self.indicators = kwargs.get('indicators', None) -class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): +class TiDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): """Data type for indicators connection. :param state: Describe whether this data type connection is enabled or not. Possible values @@ -2812,7 +2855,7 @@ def __init__( self, **kwargs ): - super(TIDataConnectorDataTypesIndicators, self).__init__(**kwargs) + super(TiDataConnectorDataTypesIndicators, self).__init__(**kwargs) class ToggleSettings(Settings): @@ -2888,7 +2931,7 @@ class UebaSettings(Settings): :type is_enabled: bool :ivar status_in_mcas: Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: "Enabled", "Disabled". - :vartype status_in_mcas: str or ~security_insights.models.StatusInMCAS + :vartype status_in_mcas: str or ~security_insights.models.StatusInMcas """ _validation = { @@ -2920,3 +2963,40 @@ def __init__( self.atp_license_status = None self.is_enabled = kwargs.get('is_enabled', None) self.status_in_mcas = None + + +class UserInfo(msrest.serialization.Model): + """User information that made some action. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str + :param object_id: Required. The object id of the user. + :type object_id: str + """ + + _validation = { + 'email': {'readonly': True}, + 'name': {'readonly': True}, + 'object_id': {'required': True}, + } + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(UserInfo, self).__init__(**kwargs) + self.email = None + self.name = None + self.object_id = kwargs['object_id'] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py index 29010ed670f..fd0cc134035 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py @@ -59,7 +59,7 @@ class DataConnector(ResourceWithEtag): """Data connector. You probably want to use the sub-classes and not this class directly. Known - sub-classes are: AwsCloudTrailDataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, MCASDataConnector, MDATPDataConnector, OfficeDataConnector, TIDataConnector. + sub-classes are: AwsCloudTrailDataConnector, AadDataConnector, AatpDataConnector, AscDataConnector, McasDataConnector, MdatpDataConnector, OfficeDataConnector, TiDataConnector. Variables are only populated by the server, and will be ignored when sending a request. @@ -96,7 +96,7 @@ class DataConnector(ResourceWithEtag): } _subtype_map = { - 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector'} + 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AadDataConnector', 'AzureAdvancedThreatProtection': 'AatpDataConnector', 'AzureSecurityCenter': 'AscDataConnector', 'MicrosoftCloudAppSecurity': 'McasDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MdatpDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TiDataConnector'} } def __init__( @@ -109,7 +109,7 @@ def __init__( self.kind = 'DataConnector' # type: str -class AADDataConnector(DataConnector): +class AadDataConnector(DataConnector): """Represents AAD (Azure Active Directory) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -131,9 +131,8 @@ class AADDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -150,7 +149,7 @@ class AADDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( @@ -158,16 +157,16 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, **kwargs ): - super(AADDataConnector, self).__init__(etag=etag, **kwargs) + super(AadDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'AzureActiveDirectory' # type: str self.tenant_id = tenant_id - self.state = state + self.data_types = data_types -class AATPDataConnector(DataConnector): +class AatpDataConnector(DataConnector): """Represents AATP (Azure Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -189,9 +188,8 @@ class AATPDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -208,7 +206,7 @@ class AATPDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( @@ -216,13 +214,13 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, **kwargs ): - super(AATPDataConnector, self).__init__(etag=etag, **kwargs) + super(AatpDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'AzureAdvancedThreatProtection' # type: str self.tenant_id = tenant_id - self.state = state + self.data_types = data_types class ActionPropertiesBase(msrest.serialization.Model): @@ -684,26 +682,25 @@ def __init__( class AlertsDataTypeOfDataConnector(msrest.serialization.Model): """Alerts data type for data connectors. - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param alerts: Alerts data type connection. + :type alerts: ~security_insights.models.DataConnectorDataTypeCommon """ _attribute_map = { - 'state': {'key': 'alerts.state', 'type': 'str'}, + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, } def __init__( self, *, - state: Optional[Union[str, "DataTypeState"]] = None, + alerts: Optional["DataConnectorDataTypeCommon"] = None, **kwargs ): super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) - self.state = state + self.alerts = alerts -class ASCDataConnector(DataConnector): +class AscDataConnector(DataConnector): """Represents ASC (Azure Security Center) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -723,11 +720,10 @@ class ASCDataConnector(DataConnector): "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". :type kind: str or ~security_insights.models.DataConnectorKind + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector :param subscription_id: The subscription id to connect to, and get the data from. :type subscription_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState """ _validation = { @@ -743,22 +739,22 @@ class ASCDataConnector(DataConnector): 'type': {'key': 'type', 'type': 'str'}, 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, } def __init__( self, *, etag: Optional[str] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, subscription_id: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, **kwargs ): - super(ASCDataConnector, self).__init__(etag=etag, **kwargs) + super(AscDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'AzureSecurityCenter' # type: str + self.data_types = data_types self.subscription_id = subscription_id - self.state = state class DataConnectorWithAlertsProperties(msrest.serialization.Model): @@ -782,7 +778,7 @@ def __init__( self.data_types = data_types -class ASCDataConnectorProperties(DataConnectorWithAlertsProperties): +class AscDataConnectorProperties(DataConnectorWithAlertsProperties): """ASC (Azure Security Center) data connector properties. :param data_types: The available data types for the connector. @@ -803,7 +799,7 @@ def __init__( subscription_id: Optional[str] = None, **kwargs ): - super(ASCDataConnectorProperties, self).__init__(data_types=data_types, **kwargs) + super(AscDataConnectorProperties, self).__init__(data_types=data_types, **kwargs) self.subscription_id = subscription_id @@ -830,9 +826,8 @@ class AwsCloudTrailDataConnector(DataConnector): :param aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. :type aws_role_arn: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AwsCloudTrailDataConnectorDataTypes """ _validation = { @@ -849,7 +844,7 @@ class AwsCloudTrailDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, - 'state': {'key': 'dataTypes.logs.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AwsCloudTrailDataConnectorDataTypes'}, } def __init__( @@ -857,13 +852,34 @@ def __init__( *, etag: Optional[str] = None, aws_role_arn: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["AwsCloudTrailDataConnectorDataTypes"] = None, **kwargs ): super(AwsCloudTrailDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'AmazonWebServicesCloudTrail' # type: str self.aws_role_arn = aws_role_arn - self.state = state + self.data_types = data_types + + +class AwsCloudTrailDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for Amazon Web Services CloudTrail data connector. + + :param logs: Logs data type. + :type logs: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'logs': {'key': 'logs', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + *, + logs: Optional["DataConnectorDataTypeCommon"] = None, + **kwargs + ): + super(AwsCloudTrailDataConnectorDataTypes, self).__init__(**kwargs) + self.logs = logs class DataConnectorDataTypeCommon(msrest.serialization.Model): @@ -924,6 +940,8 @@ class Bookmark(ResourceWithEtag): :type etag: str :param created: The time the bookmark was created. :type created: ~datetime.datetime + :param created_by: Describes a user that created the bookmark. + :type created_by: ~security_insights.models.UserInfo :param display_name: The display name of the bookmark. :type display_name: str :param labels: List of labels relevant to this bookmark. @@ -936,30 +954,16 @@ class Bookmark(ResourceWithEtag): :type query_result: str :param updated: The last time the bookmark was updated. :type updated: ~datetime.datetime + :param updated_by: Describes a user that updated the bookmark. + :type updated_by: ~security_insights.models.UserInfo :param incident_info: Describes an incident that relates to bookmark. :type incident_info: ~security_insights.models.IncidentInfo - :ivar email_updated_by_email: The email of the user. - :vartype email_updated_by_email: str - :ivar name_updated_by_name: The name of the user. - :vartype name_updated_by_name: str - :param object_id_updated_by_object_id: The object id of the user. - :type object_id_updated_by_object_id: str - :ivar email_created_by_email: The email of the user. - :vartype email_created_by_email: str - :ivar name_created_by_name: The name of the user. - :vartype name_created_by_name: str - :param object_id_created_by_object_id: The object id of the user. - :type object_id_created_by_object_id: str """ _validation = { 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'email_updated_by_email': {'readonly': True}, - 'name_updated_by_name': {'readonly': True}, - 'email_created_by_email': {'readonly': True}, - 'name_created_by_name': {'readonly': True}, } _attribute_map = { @@ -968,19 +972,15 @@ class Bookmark(ResourceWithEtag): 'type': {'key': 'type', 'type': 'str'}, 'etag': {'key': 'etag', 'type': 'str'}, 'created': {'key': 'properties.created', 'type': 'iso-8601'}, + 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, 'display_name': {'key': 'properties.displayName', 'type': 'str'}, 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'notes': {'key': 'properties.notes', 'type': 'str'}, 'query': {'key': 'properties.query', 'type': 'str'}, 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, + 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, 'incident_info': {'key': 'properties.incidentInfo', 'type': 'IncidentInfo'}, - 'email_updated_by_email': {'key': 'updatedBy.email', 'type': 'str'}, - 'name_updated_by_name': {'key': 'updatedBy.name', 'type': 'str'}, - 'object_id_updated_by_object_id': {'key': 'updatedBy.objectId', 'type': 'str'}, - 'email_created_by_email': {'key': 'createdBy.email', 'type': 'str'}, - 'name_created_by_name': {'key': 'createdBy.name', 'type': 'str'}, - 'object_id_created_by_object_id': {'key': 'createdBy.objectId', 'type': 'str'}, } def __init__( @@ -988,32 +988,28 @@ def __init__( *, etag: Optional[str] = None, created: Optional[datetime.datetime] = None, + created_by: Optional["UserInfo"] = None, display_name: Optional[str] = None, labels: Optional[List[str]] = None, notes: Optional[str] = None, query: Optional[str] = None, query_result: Optional[str] = None, updated: Optional[datetime.datetime] = None, + updated_by: Optional["UserInfo"] = None, incident_info: Optional["IncidentInfo"] = None, - object_id_updated_by_object_id: Optional[str] = None, - object_id_created_by_object_id: Optional[str] = None, **kwargs ): super(Bookmark, self).__init__(etag=etag, **kwargs) self.created = created + self.created_by = created_by self.display_name = display_name self.labels = labels self.notes = notes self.query = query self.query_result = query_result self.updated = updated + self.updated_by = updated_by self.incident_info = incident_info - self.email_updated_by_email = None - self.name_updated_by_name = None - self.object_id_updated_by_object_id = object_id_updated_by_object_id - self.email_created_by_email = None - self.name_created_by_name = None - self.object_id_created_by_object_id = object_id_created_by_object_id class BookmarkList(msrest.serialization.Model): @@ -1172,7 +1168,7 @@ def __init__( class ErrorResponse(msrest.serialization.Model): - """The resource management error response. + """Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). Variables are only populated by the server, and will be ignored when sending a request. @@ -1785,7 +1781,7 @@ def __init__( self.user_principal_name = user_principal_name -class MCASDataConnector(DataConnector): +class McasDataConnector(DataConnector): """Represents MCAS (Microsoft Cloud App Security) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -1807,12 +1803,8 @@ class MCASDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state_data_types_alerts_state: Describe whether this data type connection is enabled or - not. Possible values include: "Enabled", "Disabled". - :type state_data_types_alerts_state: str or ~security_insights.models.DataTypeState - :param state_data_types_discovery_logs_state: Describe whether this data type connection is - enabled or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_discovery_logs_state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.McasDataConnectorDataTypes """ _validation = { @@ -1829,8 +1821,7 @@ class MCASDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state_data_types_alerts_state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, - 'state_data_types_discovery_logs_state': {'key': 'dataTypes.discoveryLogs.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'McasDataConnectorDataTypes'}, } def __init__( @@ -1838,45 +1829,41 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state_data_types_alerts_state: Optional[Union[str, "DataTypeState"]] = None, - state_data_types_discovery_logs_state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["McasDataConnectorDataTypes"] = None, **kwargs ): - super(MCASDataConnector, self).__init__(etag=etag, **kwargs) + super(McasDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'MicrosoftCloudAppSecurity' # type: str self.tenant_id = tenant_id - self.state_data_types_alerts_state = state_data_types_alerts_state - self.state_data_types_discovery_logs_state = state_data_types_discovery_logs_state + self.data_types = data_types -class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): +class McasDataConnectorDataTypes(AlertsDataTypeOfDataConnector): """The available data types for MCAS (Microsoft Cloud App Security) data connector. - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState - :param state_discovery_logs_state: Describe whether this data type connection is enabled or - not. Possible values include: "Enabled", "Disabled". - :type state_discovery_logs_state: str or ~security_insights.models.DataTypeState + :param alerts: Alerts data type connection. + :type alerts: ~security_insights.models.DataConnectorDataTypeCommon + :param discovery_logs: Discovery log data type connection. + :type discovery_logs: ~security_insights.models.DataConnectorDataTypeCommon """ _attribute_map = { - 'state': {'key': 'alerts.state', 'type': 'str'}, - 'state_discovery_logs_state': {'key': 'discoveryLogs.state', 'type': 'str'}, + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, + 'discovery_logs': {'key': 'discoveryLogs', 'type': 'DataConnectorDataTypeCommon'}, } def __init__( self, *, - state: Optional[Union[str, "DataTypeState"]] = None, - state_discovery_logs_state: Optional[Union[str, "DataTypeState"]] = None, + alerts: Optional["DataConnectorDataTypeCommon"] = None, + discovery_logs: Optional["DataConnectorDataTypeCommon"] = None, **kwargs ): - super(MCASDataConnectorDataTypes, self).__init__(state=state, **kwargs) - self.state_discovery_logs_state = state_discovery_logs_state + super(McasDataConnectorDataTypes, self).__init__(alerts=alerts, **kwargs) + self.discovery_logs = discovery_logs -class MDATPDataConnector(DataConnector): +class MdatpDataConnector(DataConnector): """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -1898,9 +1885,8 @@ class MDATPDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -1917,7 +1903,7 @@ class MDATPDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( @@ -1925,13 +1911,13 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, **kwargs ): - super(MDATPDataConnector, self).__init__(etag=etag, **kwargs) + super(MdatpDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'MicrosoftDefenderAdvancedThreatProtection' # type: str self.tenant_id = tenant_id - self.state = state + self.data_types = data_types class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): @@ -2339,12 +2325,8 @@ class OfficeDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state_data_types_share_point_state: Describe whether this data type connection is - enabled or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_share_point_state: str or ~security_insights.models.DataTypeState - :param state_data_types_exchange_state: Describe whether this data type connection is enabled - or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_exchange_state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.OfficeDataConnectorDataTypes """ _validation = { @@ -2361,8 +2343,7 @@ class OfficeDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state_data_types_share_point_state': {'key': 'dataTypes.sharePoint.state', 'type': 'str'}, - 'state_data_types_exchange_state': {'key': 'dataTypes.exchange.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, } def __init__( @@ -2370,15 +2351,44 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state_data_types_share_point_state: Optional[Union[str, "DataTypeState"]] = None, - state_data_types_exchange_state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["OfficeDataConnectorDataTypes"] = None, **kwargs ): super(OfficeDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'Office365' # type: str self.tenant_id = tenant_id - self.state_data_types_share_point_state = state_data_types_share_point_state - self.state_data_types_exchange_state = state_data_types_exchange_state + self.data_types = data_types + + +class OfficeDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for office data connector. + + :param exchange: Exchange data type connection. + :type exchange: ~security_insights.models.DataConnectorDataTypeCommon + :param share_point: SharePoint data type connection. + :type share_point: ~security_insights.models.DataConnectorDataTypeCommon + :param teams: Teams data type connection. + :type teams: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'exchange': {'key': 'exchange', 'type': 'DataConnectorDataTypeCommon'}, + 'share_point': {'key': 'sharePoint', 'type': 'DataConnectorDataTypeCommon'}, + 'teams': {'key': 'teams', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + *, + exchange: Optional["DataConnectorDataTypeCommon"] = None, + share_point: Optional["DataConnectorDataTypeCommon"] = None, + teams: Optional["DataConnectorDataTypeCommon"] = None, + **kwargs + ): + super(OfficeDataConnectorDataTypes, self).__init__(**kwargs) + self.exchange = exchange + self.share_point = share_point + self.teams = teams class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): @@ -2423,6 +2433,27 @@ def __init__( super(OfficeDataConnectorDataTypesSharePoint, self).__init__(state=state, **kwargs) +class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): + """Teams data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(OfficeDataConnectorDataTypesTeams, self).__init__(state=state, **kwargs) + + class Operation(msrest.serialization.Model): """Operation provided by provider. @@ -2992,7 +3023,7 @@ def __init__( self.threat_type = None -class TIDataConnector(DataConnector): +class TiDataConnector(DataConnector): """Represents threat intelligence data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -3014,9 +3045,8 @@ class TIDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.TiDataConnectorDataTypes """ _validation = { @@ -3033,7 +3063,7 @@ class TIDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.indicators.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'TiDataConnectorDataTypes'}, } def __init__( @@ -3041,16 +3071,37 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["TiDataConnectorDataTypes"] = None, **kwargs ): - super(TIDataConnector, self).__init__(etag=etag, **kwargs) + super(TiDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'ThreatIntelligence' # type: str self.tenant_id = tenant_id - self.state = state + self.data_types = data_types + + +class TiDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for TI (Threat Intelligence) data connector. + + :param indicators: Data type for indicators connection. + :type indicators: ~security_insights.models.DataConnectorDataTypeCommon + """ + _attribute_map = { + 'indicators': {'key': 'indicators', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + *, + indicators: Optional["DataConnectorDataTypeCommon"] = None, + **kwargs + ): + super(TiDataConnectorDataTypes, self).__init__(**kwargs) + self.indicators = indicators -class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + +class TiDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): """Data type for indicators connection. :param state: Describe whether this data type connection is enabled or not. Possible values @@ -3068,7 +3119,7 @@ def __init__( state: Optional[Union[str, "DataTypeState"]] = None, **kwargs ): - super(TIDataConnectorDataTypesIndicators, self).__init__(state=state, **kwargs) + super(TiDataConnectorDataTypesIndicators, self).__init__(state=state, **kwargs) class ToggleSettings(Settings): @@ -3147,7 +3198,7 @@ class UebaSettings(Settings): :type is_enabled: bool :ivar status_in_mcas: Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: "Enabled", "Disabled". - :vartype status_in_mcas: str or ~security_insights.models.StatusInMCAS + :vartype status_in_mcas: str or ~security_insights.models.StatusInMcas """ _validation = { @@ -3182,3 +3233,42 @@ def __init__( self.atp_license_status = None self.is_enabled = is_enabled self.status_in_mcas = None + + +class UserInfo(msrest.serialization.Model): + """User information that made some action. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str + :param object_id: Required. The object id of the user. + :type object_id: str + """ + + _validation = { + 'email': {'readonly': True}, + 'name': {'readonly': True}, + 'object_id': {'required': True}, + } + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + } + + def __init__( + self, + *, + object_id: str, + **kwargs + ): + super(UserInfo, self).__init__(**kwargs) + self.email = None + self.name = None + self.object_id = object_id diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py index ff1e2d1db57..b97f5497911 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py @@ -156,7 +156,7 @@ class SettingKind(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): UEBA_SETTINGS = "UebaSettings" TOGGLE_SETTINGS = "ToggleSettings" -class StatusInMCAS(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): +class StatusInMcas(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): """Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). """ diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py index 5e67996dcd4..f941c6be952 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py @@ -6,22 +6,22 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from ._operation_operations import OperationOperations -from ._alert_rule_operations import AlertRuleOperations -from ._action_operations import ActionOperations -from ._alert_rule_template_operations import AlertRuleTemplateOperations -from ._bookmark_operations import BookmarkOperations -from ._data_connector_operations import DataConnectorOperations -from ._incident_operations import IncidentOperations -from ._incident_comment_operations import IncidentCommentOperations +from ._operations import Operations +from ._alert_rules_operations import AlertRulesOperations +from ._actions_operations import ActionsOperations +from ._alert_rule_templates_operations import AlertRuleTemplatesOperations +from ._bookmarks_operations import BookmarksOperations +from ._data_connectors_operations import DataConnectorsOperations +from ._incidents_operations import IncidentsOperations +from ._incident_comments_operations import IncidentCommentsOperations __all__ = [ - 'OperationOperations', - 'AlertRuleOperations', - 'ActionOperations', - 'AlertRuleTemplateOperations', - 'BookmarkOperations', - 'DataConnectorOperations', - 'IncidentOperations', - 'IncidentCommentOperations', + 'Operations', + 'AlertRulesOperations', + 'ActionsOperations', + 'AlertRuleTemplatesOperations', + 'BookmarksOperations', + 'DataConnectorsOperations', + 'IncidentsOperations', + 'IncidentCommentsOperations', ] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_actions_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_actions_operations.py index a0eaa43cf9a..159b170335b 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_actions_operations.py @@ -23,8 +23,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class ActionOperations(object): - """ActionOperations operations. +class ActionsOperations(object): + """ActionsOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_templates_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_templates_operations.py index 2dad458b3f7..fd1261fe812 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_templates_operations.py @@ -23,8 +23,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class AlertRuleTemplateOperations(object): - """AlertRuleTemplateOperations operations. +class AlertRuleTemplatesOperations(object): + """AlertRuleTemplatesOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rules_operations.py similarity index 97% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rules_operations.py index f91eef2b673..22842439a80 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rules_operations.py @@ -23,8 +23,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class AlertRuleOperations(object): - """AlertRuleOperations operations. +class AlertRulesOperations(object): + """AlertRulesOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -396,9 +396,7 @@ def create_or_update_action( workspace_name, # type: str rule_id, # type: str action_id, # type: str - etag=None, # type: Optional[str] - logic_app_resource_id=None, # type: Optional[str] - trigger_uri=None, # type: Optional[str] + action, # type: "models.ActionRequest" **kwargs # type: Any ): # type: (...) -> "models.ActionResponse" @@ -413,14 +411,8 @@ def create_or_update_action( :type rule_id: str :param action_id: Action ID. :type action_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my- - subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- - workflow-id}. - :type logic_app_resource_id: str - :param trigger_uri: Logic App Callback URL for this specific workflow. - :type trigger_uri: str + :param action: The action. + :type action: ~security_insights.models.ActionRequest :keyword callable cls: A custom type or function that will be passed the direct response :return: ActionResponse, or the result of cls(response) :rtype: ~security_insights.models.ActionResponse @@ -431,8 +423,6 @@ def create_or_update_action( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - action = models.ActionRequest(etag=etag, logic_app_resource_id=logic_app_resource_id, trigger_uri=trigger_uri) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmarks_operations.py similarity index 89% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmarks_operations.py index 0121790c420..916b766a5ff 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmarks_operations.py @@ -5,7 +5,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import datetime from typing import TYPE_CHECKING import warnings @@ -19,13 +18,13 @@ if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports - from typing import Any, Callable, Dict, Generic, Iterable, List, Optional, TypeVar, Union + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class BookmarkOperations(object): - """BookmarkOperations operations. +class BookmarksOperations(object): + """BookmarksOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -191,16 +190,7 @@ def create_or_update( resource_group_name, # type: str workspace_name, # type: str bookmark_id, # type: str - etag=None, # type: Optional[str] - created=None, # type: Optional[datetime.datetime] - display_name=None, # type: Optional[str] - labels=None, # type: Optional[List[str]] - notes=None, # type: Optional[str] - query=None, # type: Optional[str] - query_result=None, # type: Optional[str] - updated=None, # type: Optional[datetime.datetime] - incident_info=None, # type: Optional["models.IncidentInfo"] - object_id=None, # type: Optional[str] + bookmark, # type: "models.Bookmark" **kwargs # type: Any ): # type: (...) -> "models.Bookmark" @@ -213,26 +203,8 @@ def create_or_update( :type workspace_name: str :param bookmark_id: Bookmark ID. :type bookmark_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param created: The time the bookmark was created. - :type created: ~datetime.datetime - :param display_name: The display name of the bookmark. - :type display_name: str - :param labels: List of labels relevant to this bookmark. - :type labels: list[str] - :param notes: The notes of the bookmark. - :type notes: str - :param query: The query of the bookmark. - :type query: str - :param query_result: The query result of the bookmark. - :type query_result: str - :param updated: The last time the bookmark was updated. - :type updated: ~datetime.datetime - :param incident_info: Describes an incident that relates to bookmark. - :type incident_info: ~security_insights.models.IncidentInfo - :param object_id: The object id of the user. - :type object_id: str + :param bookmark: The bookmark. + :type bookmark: ~security_insights.models.Bookmark :keyword callable cls: A custom type or function that will be passed the direct response :return: Bookmark, or the result of cls(response) :rtype: ~security_insights.models.Bookmark @@ -243,8 +215,6 @@ def create_or_update( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - bookmark = models.Bookmark(etag=etag, created=created, display_name=display_name, labels=labels, notes=notes, query=query, query_result=query_result, updated=updated, incident_info=incident_info, object_id_updated_by_object_id=object_id) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connectors_operations.py similarity index 99% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connectors_operations.py index cce78e5ae84..be8df047530 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connectors_operations.py @@ -23,8 +23,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class DataConnectorOperations(object): - """DataConnectorOperations operations. +class DataConnectorsOperations(object): + """DataConnectorsOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -228,7 +228,6 @@ def create_or_update( 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), } url = self._client.format_url(url, **path_format_arguments) - print(url) # Construct parameters query_parameters = {} # type: Dict[str, Any] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comments_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comments_operations.py index ebed41e74ae..423987e28f8 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comments_operations.py @@ -23,8 +23,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class IncidentCommentOperations(object): - """IncidentCommentOperations operations. +class IncidentCommentsOperations(object): + """IncidentCommentsOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -221,7 +221,7 @@ def create_comment( workspace_name, # type: str incident_id, # type: str incident_comment_id, # type: str - message=None, # type: Optional[str] + incident_comment, # type: "models.IncidentComment" **kwargs # type: Any ): # type: (...) -> "models.IncidentComment" @@ -236,8 +236,8 @@ def create_comment( :type incident_id: str :param incident_comment_id: Incident comment ID. :type incident_comment_id: str - :param message: The comment message. - :type message: str + :param incident_comment: The incident comment. + :type incident_comment: ~security_insights.models.IncidentComment :keyword callable cls: A custom type or function that will be passed the direct response :return: IncidentComment, or the result of cls(response) :rtype: ~security_insights.models.IncidentComment @@ -248,8 +248,6 @@ def create_comment( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - incident_comment = models.IncidentComment(message=message) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incidents_operations.py similarity index 85% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incidents_operations.py index 0a2071ac198..bb389cb6d93 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incidents_operations.py @@ -5,7 +5,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import datetime from typing import TYPE_CHECKING import warnings @@ -19,13 +18,13 @@ if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports - from typing import Any, Callable, Dict, Generic, Iterable, List, Optional, TypeVar, Union + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class IncidentOperations(object): - """IncidentOperations operations. +class IncidentsOperations(object): + """IncidentsOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -213,18 +212,7 @@ def create_or_update( resource_group_name, # type: str workspace_name, # type: str incident_id, # type: str - etag=None, # type: Optional[str] - classification=None, # type: Optional[Union[str, "models.IncidentClassification"]] - classification_comment=None, # type: Optional[str] - classification_reason=None, # type: Optional[Union[str, "models.IncidentClassificationReason"]] - description=None, # type: Optional[str] - first_activity_time_utc=None, # type: Optional[datetime.datetime] - labels=None, # type: Optional[List["models.IncidentLabel"]] - last_activity_time_utc=None, # type: Optional[datetime.datetime] - owner=None, # type: Optional["models.IncidentOwnerInfo"] - severity=None, # type: Optional[Union[str, "models.IncidentSeverity"]] - status=None, # type: Optional[Union[str, "models.IncidentStatus"]] - title=None, # type: Optional[str] + incident, # type: "models.Incident" **kwargs # type: Any ): # type: (...) -> "models.Incident" @@ -237,30 +225,8 @@ def create_or_update( :type workspace_name: str :param incident_id: Incident ID. :type incident_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param classification: The reason the incident was closed. - :type classification: str or ~security_insights.models.IncidentClassification - :param classification_comment: Describes the reason the incident was closed. - :type classification_comment: str - :param classification_reason: The classification reason the incident was closed with. - :type classification_reason: str or ~security_insights.models.IncidentClassificationReason - :param description: The description of the incident. - :type description: str - :param first_activity_time_utc: The time of the first activity in the incident. - :type first_activity_time_utc: ~datetime.datetime - :param labels: List of labels relevant to this incident. - :type labels: list[~security_insights.models.IncidentLabel] - :param last_activity_time_utc: The time of the last activity in the incident. - :type last_activity_time_utc: ~datetime.datetime - :param owner: Describes a user that the incident is assigned to. - :type owner: ~security_insights.models.IncidentOwnerInfo - :param severity: The severity of the incident. - :type severity: str or ~security_insights.models.IncidentSeverity - :param status: The status of the incident. - :type status: str or ~security_insights.models.IncidentStatus - :param title: The title of the incident. - :type title: str + :param incident: The incident. + :type incident: ~security_insights.models.Incident :keyword callable cls: A custom type or function that will be passed the direct response :return: Incident, or the result of cls(response) :rtype: ~security_insights.models.Incident @@ -271,8 +237,6 @@ def create_or_update( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - incident = models.Incident(etag=etag, classification=classification, classification_comment=classification_comment, classification_reason=classification_reason, description=description, first_activity_time_utc=first_activity_time_utc, labels=labels, last_activity_time_utc=last_activity_time_utc, owner=owner, severity=severity, status=status, title=title) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operations.py index b1d3c09bbf3..3826b0ea142 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operations.py @@ -23,8 +23,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class OperationOperations(object): - """OperationOperations operations. +class Operations(object): + """Operations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/report.md b/src/securityinsight/report.md index d2f533d3f36..771ab240b15 100644 --- a/src/securityinsight/report.md +++ b/src/securityinsight/report.md @@ -33,7 +33,7 @@ |[az sentinel alert-rule update](#AlertRulesCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersAlertRulesCreateOrUpdate#Update)|Not Found| |[az sentinel alert-rule delete](#AlertRulesDeleteAction)|DeleteAction|[Parameters](#ParametersAlertRulesDeleteAction)|[Example](#ExamplesAlertRulesDeleteAction)| |[az sentinel alert-rule delete](#AlertRulesDelete)|Delete|[Parameters](#ParametersAlertRulesDelete)|[Example](#ExamplesAlertRulesDelete)| -|[az sentinel alert-rule get-action](#AlertRulesGetAction)|GetAction|[Parameters](#ParametersAlertRulesGetAction)|[Example](#ExamplesAlertRulesGetAction)| +|[az sentinel alert-rule show-action](#AlertRulesGetAction)|GetAction|[Parameters](#ParametersAlertRulesGetAction)|[Example](#ExamplesAlertRulesGetAction)| ### Commands in `az sentinel alert-rule-template` group |CLI Command|Operation Swagger name|Parameters|Examples| @@ -218,12 +218,12 @@ az sentinel alert-rule delete --resource-group "myRg" --rule-id "73e01a99-5cd7-4 ##### Parameters |Option|Type|Description|Path (SDK)|Swagger name| |------|----|-----------|----------|------------| -#### Command `az sentinel alert-rule get-action` +#### Command `az sentinel alert-rule show-action` ##### Example ``` -az sentinel alert-rule get-action --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id \ -"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +az sentinel alert-rule show-action --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \ +--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" ``` ##### Parameters |Option|Type|Description|Path (SDK)|Swagger name| @@ -292,9 +292,10 @@ az sentinel bookmark show --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - ##### Example ``` az sentinel bookmark create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --created "2019-01-01T13:15:30Z" \ ---display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious activity" --query \ -"SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" --query-result "Security Event query \ -result" --updated "2019-01-01T13:15:30Z" --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--user-info-object-id "2046feea-040d-4a46-9e2b-91c2941bfa70" --display-name "My bookmark" --labels "Tag1" "Tag2" \ +--notes "Found a suspicious activity" --query "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < \ +ago(2d)" --query-result "Security Event query result" --updated "2019-01-01T13:15:30Z" --object-id \ +"2046feea-040d-4a46-9e2b-91c2941bfa70" --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ --workspace-name "myWorkspace" ``` ##### Parameters @@ -312,7 +313,8 @@ result" --updated "2019-01-01T13:15:30Z" --bookmark-id "73e01a99-5cd7-4139-a149- |**--query-result**|string|The query result of the bookmark.|query_result|queryResult| |**--updated**|date-time|The last time the bookmark was updated|updated|updated| |**--incident-info**|object|Describes an incident that relates to bookmark|incident_info|incidentInfo| -|**--updated-by-object-id**|uuid|The object id of the user.|object_id|objectId| +|**--object-id**|uuid|The object id of the user.|object_id|objectId| +|**--user-info-object-id**|uuid|The object id of the user.|user_info_object_id|objectId| #### Command `az sentinel bookmark update` @@ -331,7 +333,8 @@ result" --updated "2019-01-01T13:15:30Z" --bookmark-id "73e01a99-5cd7-4139-a149- |**--query-result**|string|The query result of the bookmark.|query_result|queryResult| |**--updated**|date-time|The last time the bookmark was updated|updated|updated| |**--incident-info**|object|Describes an incident that relates to bookmark|incident_info|incidentInfo| -|**--updated-by-object-id**|uuid|The object id of the user.|object_id|objectId| +|**--object-id**|uuid|The object id of the user.|object_id|objectId| +|**--user-info-object-id**|uuid|The object id of the user.|user_info_object_id|objectId| #### Command `az sentinel bookmark delete` @@ -414,8 +417,8 @@ az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2 ##### Example ``` az sentinel data-connector create --office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ -tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ ---resource-group "myRg" --workspace-name "myWorkspace" +tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" state-properties-data-types-exchange-state="Enabled" \ +--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" ``` ##### Parameters |Option|Type|Description|Path (SDK)|Swagger name|