diff --git a/common/config/rush/pnpm-lock.yaml b/common/config/rush/pnpm-lock.yaml index 627cb0853854..327987e32c06 100644 --- a/common/config/rush/pnpm-lock.yaml +++ b/common/config/rush/pnpm-lock.yaml @@ -92,6 +92,7 @@ specifiers: '@rush-temp/arm-resources-subscriptions': file:./projects/arm-resources-subscriptions.tgz '@rush-temp/arm-search': file:./projects/arm-search.tgz '@rush-temp/arm-security': file:./projects/arm-security.tgz + '@rush-temp/arm-securityinsight': file:./projects/arm-securityinsight.tgz '@rush-temp/arm-servicebus': file:./projects/arm-servicebus.tgz '@rush-temp/arm-servicefabric': file:./projects/arm-servicefabric.tgz '@rush-temp/arm-sql': file:./projects/arm-sql.tgz @@ -297,6 +298,7 @@ dependencies: '@rush-temp/arm-resources-subscriptions': file:projects/arm-resources-subscriptions.tgz '@rush-temp/arm-search': file:projects/arm-search.tgz '@rush-temp/arm-security': file:projects/arm-security.tgz + '@rush-temp/arm-securityinsight': file:projects/arm-securityinsight.tgz '@rush-temp/arm-servicebus': file:projects/arm-servicebus.tgz '@rush-temp/arm-servicefabric': file:projects/arm-servicefabric.tgz '@rush-temp/arm-sql': file:projects/arm-sql.tgz @@ -1514,6 +1516,7 @@ packages: /@opentelemetry/node/0.22.0_@opentelemetry+api@1.0.3: resolution: {integrity: sha512-+HhGbDruQ7cwejVOIYyxRa28uosnG8W95NiQZ6qE8PXXPsDSyGeftAPbtYpGit0H2f5hrVcMlwmWHeAo9xkSLA==} engines: {node: '>=8.0.0'} + deprecated: Package renamed to @opentelemetry/sdk-trace-node peerDependencies: '@opentelemetry/api': ^1.0.0 dependencies: @@ -10491,6 +10494,30 @@ packages: - supports-color dev: false + file:projects/arm-securityinsight.tgz: + resolution: {integrity: sha512-+lNrTLwSxSagCvWMpZ2amzQEaM2JEL47LMnUwtolKkKw0F/PjY5NG/xSU5Ap9jtNfm2Xedysgyg6LBDYElULiQ==, tarball: file:projects/arm-securityinsight.tgz} + name: '@rush-temp/arm-securityinsight' + version: 0.0.0 + dependencies: + '@azure-tools/test-recorder': 1.0.2 + '@microsoft/api-extractor': 7.19.2 + '@rollup/plugin-commonjs': 11.0.2_rollup@1.32.1 + '@rollup/plugin-json': 4.1.0_rollup@1.32.1 + '@rollup/plugin-multi-entry': 3.0.1_rollup@1.32.1 + '@rollup/plugin-node-resolve': 8.4.0_rollup@1.32.1 + cross-env: 7.0.3 + mkdirp: 1.0.4 + mocha: 7.2.0 + rimraf: 3.0.2 + rollup: 1.32.1 + rollup-plugin-sourcemaps: 0.4.2_rollup@1.32.1 + tslib: 2.3.1 + typescript: 4.2.4 + uglify-js: 3.14.5 + transitivePeerDependencies: + - supports-color + dev: false + file:projects/arm-servicebus.tgz: resolution: {integrity: sha512-xUyJSlaPZccUpQ99rOf2TIUziaa7K1Ch4vcz0Jp+Dj/eam95rdQFtidaAoubJTI+Wcom0OsKDHWVqLbUyS8GpA==, tarball: file:projects/arm-servicebus.tgz} name: '@rush-temp/arm-servicebus' diff --git a/rush.json b/rush.json index f6a4dab1109b..52ca4170d56e 100644 --- a/rush.json +++ b/rush.json @@ -1335,6 +1335,11 @@ "packageName": "@azure/arm-machinelearningexperimentation", "projectFolder": "sdk/machinelearningexperimentation/arm-machinelearningexperimentation", "versionPolicyName": "management" + }, + { + "packageName": "@azure/arm-securityinsight", + "projectFolder": "sdk/securityinsight/arm-securityinsight", + "versionPolicyName": "management" } ] } \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md new file mode 100644 index 000000000000..4984c30923d6 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md @@ -0,0 +1,5 @@ +# Release History + +## 1.0.0-beta.1 (2022-01-18) + +The package of @azure/arm-securityinsight is using our next generation design principles. To learn more, please refer to our documentation [Quick Start](https://aka.ms/js-track2-quickstart). diff --git a/sdk/securityinsight/arm-securityinsight/LICENSE b/sdk/securityinsight/arm-securityinsight/LICENSE new file mode 100644 index 000000000000..5d1d36e0af80 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2022 Microsoft + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/README.md b/sdk/securityinsight/arm-securityinsight/README.md new file mode 100644 index 000000000000..6d7ac3813890 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/README.md @@ -0,0 +1,98 @@ +# Azure Service client library for JavaScript + +This package contains an isomorphic SDK (runs both in Node.js and in browsers) for Azure Service client. + +API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider + +[Source code](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/securityinsight/arm-securityinsight) | +[Package (NPM)](https://www.npmjs.com/package/@azure/arm-securityinsight) | +[API reference documentation](https://docs.microsoft.com/javascript/api/@azure/arm-securityinsight?view=azure-node-preview) | +[Samples](https://github.com/Azure-Samples/azure-samples-js-management) + +## Getting started + +### Currently supported environments + +- [LTS versions of Node.js](https://nodejs.org/about/releases/) +- Latest versions of Safari, Chrome, Edge and Firefox. + +### Prerequisites + +- An [Azure subscription][azure_sub]. + +### Install the `@azure/arm-securityinsight` package + +Install the Azure Service client library for JavaScript with `npm`: + +```bash +npm install @azure/arm-securityinsight +``` + +### Create and authenticate a `SecurityInsights` + +To create a client object to access the Azure Service API, you will need the `endpoint` of your Azure Service resource and a `credential`. The Azure Service client can use Azure Active Directory credentials to authenticate. +You can find the endpoint for your Azure Service resource in the [Azure Portal][azure_portal]. + +You can authenticate with Azure Active Directory using a credential from the [@azure/identity][azure_identity] library or [an existing AAD Token](https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-with-a-pre-fetched-access-token). + +To use the [DefaultAzureCredential][defaultazurecredential] provider shown below, or other credential providers provided with the Azure SDK, please install the `@azure/identity` package: + +```bash +npm install @azure/identity +``` + +You will also need to **register a new AAD application and grant access to Azure Service** by assigning the suitable role to your service principal (note: roles such as `"Owner"` will not grant the necessary permissions). +Set the values of the client ID, tenant ID, and client secret of the AAD application as environment variables: `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_SECRET`. + +For more information about how to create an Azure AD Application check out [this guide](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal). + +```javascript +const { SecurityInsights } = require("@azure/arm-securityinsight"); +const { DefaultAzureCredential } = require("@azure/identity"); +const subscriptionId = "00000000-0000-0000-0000-000000000000"; +const client = new SecurityInsights(new DefaultAzureCredential(), subscriptionId); +``` + + +### JavaScript Bundle +To use this client library in the browser, first you need to use a bundler. For details on how to do this, please refer to our [bundling documentation](https://aka.ms/AzureSDKBundling). + +## Key concepts + +### SecurityInsights + +`SecurityInsights` is the primary interface for developers using the Azure Service client library. Explore the methods on this client object to understand the different features of the Azure Service service that you can access. + +## Troubleshooting + +### Logging + +Enabling logging may help uncover useful information about failures. In order to see a log of HTTP requests and responses, set the `AZURE_LOG_LEVEL` environment variable to `info`. Alternatively, logging can be enabled at runtime by calling `setLogLevel` in the `@azure/logger`: + +```javascript +const { setLogLevel } = require("@azure/logger"); +setLogLevel("info"); +``` + +For more detailed instructions on how to enable logs, you can look at the [@azure/logger package docs](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/core/logger). + +## Next steps + +Please take a look at the [samples](https://github.com/Azure-Samples/azure-samples-js-management) directory for detailed examples on how to use this library. + +## Contributing + +If you'd like to contribute to this library, please read the [contributing guide](https://github.com/Azure/azure-sdk-for-js/blob/main/CONTRIBUTING.md) to learn more about how to build and test the code. + +## Related projects + +- [Microsoft Azure SDK for JavaScript](https://github.com/Azure/azure-sdk-for-js) + +![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-js%2Fsdk%2Fsecurityinsight%2Farm-securityinsight%2FREADME.png) + +[azure_cli]: https://docs.microsoft.com/cli/azure +[azure_sub]: https://azure.microsoft.com/free/ +[azure_sub]: https://azure.microsoft.com/free/ +[azure_portal]: https://portal.azure.com +[azure_identity]: https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity +[defaultazurecredential]: https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/identity/identity#defaultazurecredential diff --git a/sdk/securityinsight/arm-securityinsight/_meta.json b/sdk/securityinsight/arm-securityinsight/_meta.json new file mode 100644 index 000000000000..2cb8e180fed1 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/_meta.json @@ -0,0 +1,7 @@ +{ + "commit": "b22a0d0386d37f1e048187a6f45873d1830e74ac", + "readme": "specification/securityinsights/resource-manager/readme.md", + "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=/home/vsts/work/1/s/azure-sdk-for-js ../azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.16.20220105.1", + "repository_url": "https://github.com/Azure/azure-rest-api-specs.git", + "use": "@autorest/typescript@6.0.0-alpha.16.20220105.1" +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/api-extractor.json b/sdk/securityinsight/arm-securityinsight/api-extractor.json new file mode 100644 index 000000000000..ba4f20f727f2 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/api-extractor.json @@ -0,0 +1,31 @@ +{ + "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json", + "mainEntryPointFilePath": "./dist-esm/src/index.d.ts", + "docModel": { + "enabled": true + }, + "apiReport": { + "enabled": true, + "reportFolder": "./review" + }, + "dtsRollup": { + "enabled": true, + "untrimmedFilePath": "", + "publicTrimmedFilePath": "./types/arm-securityinsight.d.ts" + }, + "messages": { + "tsdocMessageReporting": { + "default": { + "logLevel": "none" + } + }, + "extractorMessageReporting": { + "ae-missing-release-tag": { + "logLevel": "none" + }, + "ae-unresolved-link": { + "logLevel": "none" + } + } + } +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/package.json b/sdk/securityinsight/arm-securityinsight/package.json new file mode 100644 index 000000000000..764262587022 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/package.json @@ -0,0 +1,100 @@ +{ + "name": "@azure/arm-securityinsight", + "sdk-type": "mgmt", + "author": "Microsoft Corporation", + "description": "A generated SDK for SecurityInsights.", + "version": "1.0.0-beta.1", + "engines": { + "node": ">=12.0.0" + }, + "dependencies": { + "@azure/core-paging": "^1.2.0", + "@azure/core-client": "^1.0.0", + "@azure/core-auth": "^1.3.0", + "@azure/core-rest-pipeline": "^1.1.0", + "tslib": "^2.2.0" + }, + "keywords": [ + "node", + "azure", + "typescript", + "browser", + "isomorphic" + ], + "license": "MIT", + "main": "./dist/index.js", + "module": "./dist-esm/src/index.js", + "types": "./types/arm-securityinsight.d.ts", + "devDependencies": { + "@microsoft/api-extractor": "^7.18.11", + "@rollup/plugin-commonjs": "11.0.2", + "@rollup/plugin-json": "^4.0.0", + "@rollup/plugin-multi-entry": "^3.0.0", + "@rollup/plugin-node-resolve": "^8.0.0", + "mkdirp": "^1.0.4", + "rollup": "^1.16.3", + "rollup-plugin-sourcemaps": "^0.4.2", + "typescript": "~4.2.0", + "uglify-js": "^3.4.9", + "rimraf": "^3.0.0", + "@azure/identity": "^2.0.1", + "@azure-tools/test-recorder": "^1.0.0", + "mocha": "^7.1.1", + "cross-env": "^7.0.2" + }, + "homepage": "https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/securityinsight/arm-securityinsight", + "repository": { + "type": "git", + "url": "https://github.com/Azure/azure-sdk-for-js.git" + }, + "bugs": { + "url": "https://github.com/Azure/azure-sdk-for-js/issues" + }, + "files": [ + "dist/**/*.js", + "dist/**/*.js.map", + "dist/**/*.d.ts", + "dist/**/*.d.ts.map", + "dist-esm/**/*.js", + "dist-esm/**/*.js.map", + "dist-esm/**/*.d.ts", + "dist-esm/**/*.d.ts.map", + "src/**/*.ts", + "README.md", + "LICENSE", + "rollup.config.js", + "tsconfig.json", + "review/*", + "CHANGELOG.md", + "types/*" + ], + "scripts": { + "build": "npm run clean && tsc && rollup -c 2>&1 && npm run minify && mkdirp ./review && npm run extract-api", + "minify": "uglifyjs -c -m --comments --source-map \"content='./dist/index.js.map'\" -o ./dist/index.min.js ./dist/index.js", + "prepack": "npm run build", + "pack": "npm pack 2>&1", + "extract-api": "api-extractor run --local", + "lint": "echo skipped", + "audit": "echo skipped", + "clean": "rimraf dist dist-browser dist-esm test-dist temp types *.tgz *.log", + "build:node": "echo skipped", + "build:browser": "echo skipped", + "build:test": "echo skipped", + "build:samples": "echo skipped.", + "check-format": "echo skipped", + "execute:samples": "echo skipped", + "format": "echo skipped", + "test": "npm run integration-test", + "test:node": "echo skipped", + "test:browser": "echo skipped", + "unit-test": "npm run unit-test:node && npm run unit-test:browser", + "unit-test:node": "cross-env TEST_MODE=playback npm run integration-test:node", + "unit-test:browser": "echo skipped", + "integration-test": "npm run integration-test:node && npm run integration-test:browser", + "integration-test:node": "mocha -r esm --require ts-node/register --timeout 1200000 --full-trace test/*.ts --reporter ../../../common/tools/mocha-multi-reporter.js", + "integration-test:browser": "echo skipped", + "docs": "echo skipped" + }, + "sideEffects": false, + "autoPublish": true +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md new file mode 100644 index 000000000000..3f53f5eedf6a --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md @@ -0,0 +1,5128 @@ +## API Report File for "@azure/arm-securityinsight" + +> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/). + +```ts + +import * as coreAuth from '@azure/core-auth'; +import * as coreClient from '@azure/core-client'; +import { PagedAsyncIterableIterator } from '@azure/core-paging'; + +// @public +export type AADCheckRequirements = DataConnectorsCheckRequirements & { + kind: "AzureActiveDirectory"; + tenantId?: string; +}; + +// @public +export type AADCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type AADDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: AlertsDataTypeOfDataConnector; +}; + +// @public +export type AADDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; + +// @public +export type AatpCheckRequirements = DataConnectorsCheckRequirements & { + kind: "AzureAdvancedThreatProtection"; + tenantId?: string; +}; + +// @public +export type AatpCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type AatpDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: AlertsDataTypeOfDataConnector; +}; + +// @public +export type AatpDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; + +// @public +export type AccountEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly aadTenantId?: string; + readonly aadUserId?: string; + readonly accountName?: string; + readonly displayName?: string; + readonly hostEntityId?: string; + readonly isDomainJoined?: boolean; + readonly ntDomain?: string; + readonly objectGuid?: string; + readonly puid?: string; + readonly sid?: string; + readonly upnSuffix?: string; + readonly dnsDomain?: string; +}; + +// @public +export type AccountEntityProperties = EntityCommonProperties & { + readonly aadTenantId?: string; + readonly aadUserId?: string; + readonly accountName?: string; + readonly displayName?: string; + readonly hostEntityId?: string; + readonly isDomainJoined?: boolean; + readonly ntDomain?: string; + readonly objectGuid?: string; + readonly puid?: string; + readonly sid?: string; + readonly upnSuffix?: string; + readonly dnsDomain?: string; +}; + +// @public +export interface ActionPropertiesBase { + logicAppResourceId: string; +} + +// @public +export type ActionRequest = ResourceWithEtag & { + logicAppResourceId?: string; + triggerUri?: string; +}; + +// @public +export type ActionRequestProperties = ActionPropertiesBase & { + triggerUri: string; +}; + +// @public +export type ActionResponse = ResourceWithEtag & { + logicAppResourceId?: string; + workflowId?: string; +}; + +// @public +export type ActionResponseProperties = ActionPropertiesBase & { + workflowId?: string; +}; + +// @public +export interface Actions { + createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, action: ActionRequest, options?: ActionsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: ActionsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: ActionsGetOptionalParams): Promise; + listByAlertRule(resourceGroupName: string, workspaceName: string, ruleId: string, options?: ActionsListByAlertRuleOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface ActionsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ActionsCreateOrUpdateResponse = ActionResponse; + +// @public +export interface ActionsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface ActionsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ActionsGetResponse = ActionResponse; + +// @public +export interface ActionsList { + readonly nextLink?: string; + value: ActionResponse[]; +} + +// @public +export interface ActionsListByAlertRuleNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ActionsListByAlertRuleNextResponse = ActionsList; + +// @public +export interface ActionsListByAlertRuleOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ActionsListByAlertRuleResponse = ActionsList; + +// @public +export type ActionType = string; + +// @public +export type ActivityCustomEntityQuery = CustomEntityQuery & { + title?: string; + content?: string; + description?: string; + queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; + inputEntityType?: EntityType; + requiredInputFieldsSets?: string[][]; + entitiesFilter?: { + [propertyName: string]: string[]; + }; + templateName?: string; + enabled?: boolean; + readonly createdTimeUtc?: Date; + readonly lastModifiedTimeUtc?: Date; +}; + +// @public +export interface ActivityEntityQueriesPropertiesQueryDefinitions { + query?: string; +} + +// @public +export type ActivityEntityQuery = EntityQuery & { + title?: string; + content?: string; + description?: string; + queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; + inputEntityType?: EntityType; + requiredInputFieldsSets?: string[][]; + entitiesFilter?: { + [propertyName: string]: string[]; + }; + templateName?: string; + enabled?: boolean; + readonly createdTimeUtc?: Date; + readonly lastModifiedTimeUtc?: Date; +}; + +// @public +export type ActivityEntityQueryTemplate = EntityQueryTemplate & { + title?: string; + content?: string; + description?: string; + queryDefinitions?: ActivityEntityQueryTemplatePropertiesQueryDefinitions; + dataTypes?: DataTypeDefinitions[]; + inputEntityType?: EntityType; + requiredInputFieldsSets?: string[][]; + entitiesFilter?: { + [propertyName: string]: string[]; + }; +}; + +// @public +export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { + query?: string; + summarizeBy?: string; +} + +// @public +export type ActivityTimelineItem = EntityTimelineItem & { + kind: "Activity"; + queryId: string; + bucketStartTimeUTC: Date; + bucketEndTimeUTC: Date; + firstActivityTimeUTC: Date; + lastActivityTimeUTC: Date; + content: string; + title: string; +}; + +// @public +export type AlertDetail = string; + +// @public +export interface AlertDetailsOverride { + alertDescriptionFormat?: string; + alertDisplayNameFormat?: string; + alertSeverityColumnName?: string; + alertTacticsColumnName?: string; +} + +// @public +export type AlertRule = ResourceWithEtag & { + kind: AlertRuleKind; +}; + +// @public +export type AlertRuleKind = string; + +// @public +export interface AlertRules { + createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: AlertRuleUnion, options?: AlertRulesCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, ruleId: string, options?: AlertRulesDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, ruleId: string, options?: AlertRulesGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: AlertRulesListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface AlertRulesCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AlertRulesCreateOrUpdateResponse = AlertRuleUnion; + +// @public +export interface AlertRulesDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface AlertRulesGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AlertRulesGetResponse = AlertRuleUnion; + +// @public +export interface AlertRulesList { + readonly nextLink?: string; + value: AlertRuleUnion[]; +} + +// @public +export interface AlertRulesListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AlertRulesListNextResponse = AlertRulesList; + +// @public +export interface AlertRulesListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AlertRulesListResponse = AlertRulesList; + +// @public +export type AlertRuleTemplate = Resource & { + kind: AlertRuleKind; +}; + +// @public +export interface AlertRuleTemplateDataSource { + connectorId?: string; + dataTypes?: string[]; +} + +// @public +export interface AlertRuleTemplatePropertiesBase { + alertRulesCreatedByTemplateCount?: number; + readonly createdDateUTC?: Date; + description?: string; + displayName?: string; + readonly lastUpdatedDateUTC?: Date; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; +} + +// @public +export interface AlertRuleTemplates { + get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, options?: AlertRuleTemplatesGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: AlertRuleTemplatesListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface AlertRuleTemplatesGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AlertRuleTemplatesGetResponse = AlertRuleTemplateUnion; + +// @public +export interface AlertRuleTemplatesList { + readonly nextLink?: string; + value: AlertRuleTemplateUnion[]; +} + +// @public +export interface AlertRuleTemplatesListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList; + +// @public +export interface AlertRuleTemplatesListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList; + +// @public (undocumented) +export type AlertRuleTemplateUnion = AlertRuleTemplate | MLBehaviorAnalyticsAlertRuleTemplate | FusionAlertRuleTemplate | ThreatIntelligenceAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate | NrtAlertRuleTemplate; + +// @public (undocumented) +export type AlertRuleUnion = AlertRule | MLBehaviorAnalyticsAlertRule | FusionAlertRule | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule | NrtAlertRule; + +// @public +export interface AlertsDataTypeOfDataConnector { + alerts: DataConnectorDataTypeCommon; +} + +// @public +export type AlertSeverity = string; + +// @public +export type AlertStatus = string; + +// @public +export type Anomalies = Settings & { + readonly isEnabled?: boolean; +}; + +// @public +export type AntispamMailDirection = string; + +// @public +export type ASCCheckRequirements = DataConnectorsCheckRequirements & { + kind: "AzureSecurityCenter"; + subscriptionId?: string; +}; + +// @public +export type ASCDataConnector = DataConnector & { + dataTypes?: AlertsDataTypeOfDataConnector; + subscriptionId?: string; +}; + +// @public +export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & { + subscriptionId?: string; +}; + +// @public +export type AttackTactic = string; + +// @public (undocumented) +export type AutomationRule = ResourceWithEtag & { + displayName: string; + order: number; + triggeringLogic: AutomationRuleTriggeringLogic; + actions: AutomationRuleActionUnion[]; + readonly lastModifiedTimeUtc?: Date; + readonly createdTimeUtc?: Date; + readonly lastModifiedBy?: ClientInfo; + readonly createdBy?: ClientInfo; +}; + +// @public +export interface AutomationRuleAction { + actionType: "ModifyProperties" | "RunPlaybook"; + // (undocumented) + order: number; +} + +// @public (undocumented) +export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction; + +// @public +export interface AutomationRuleCondition { + conditionType: "Property"; +} + +// @public (undocumented) +export type AutomationRuleConditionUnion = AutomationRuleCondition | PropertyConditionProperties; + +// @public +export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { + actionType: "ModifyProperties"; + severity?: IncidentSeverity; + status?: IncidentStatus; + classification?: IncidentClassification; + classificationReason?: IncidentClassificationReason; + classificationComment?: string; + owner?: IncidentPropertiesActionOwnerInfo; + labels?: IncidentLabel[]; +}; + +// @public +export type AutomationRulePropertyConditionSupportedOperator = string; + +// @public +export type AutomationRulePropertyConditionSupportedProperty = string; + +// @public +export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { + actionType: "RunPlaybook"; + logicAppResourceId?: string; + tenantId?: string; +}; + +// @public +export interface AutomationRules { + createOrUpdate(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: AutomationRulesListOptionalParams): PagedAsyncIterableIterator; + manualTriggerPlaybook(resourceGroupName: string, workspaceName: string, incidentIdentifier: string, options?: AutomationRulesManualTriggerPlaybookOptionalParams): Promise; +} + +// @public +export interface AutomationRulesCreateOrUpdateOptionalParams extends coreClient.OperationOptions { + automationRuleToUpsert?: AutomationRule; +} + +// @public +export type AutomationRulesCreateOrUpdateResponse = AutomationRule; + +// @public +export interface AutomationRulesDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AutomationRulesDeleteResponse = Record; + +// @public +export interface AutomationRulesGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AutomationRulesGetResponse = AutomationRule; + +// @public (undocumented) +export interface AutomationRulesList { + // (undocumented) + nextLink?: string; + // (undocumented) + value?: AutomationRule[]; +} + +// @public +export interface AutomationRulesListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AutomationRulesListNextResponse = AutomationRulesList; + +// @public +export interface AutomationRulesListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type AutomationRulesListResponse = AutomationRulesList; + +// @public +export interface AutomationRulesManualTriggerPlaybookOptionalParams extends coreClient.OperationOptions { + // (undocumented) + requestBody?: ManualTriggerRequestBody; +} + +// @public +export type AutomationRulesManualTriggerPlaybookResponse = Record; + +// @public +export interface AutomationRuleTriggeringLogic { + conditions?: AutomationRuleConditionUnion[]; + expirationTimeUtc?: Date; + isEnabled: boolean; + // (undocumented) + triggersOn: TriggersOn; + // (undocumented) + triggersWhen: TriggersWhen; +} + +// @public +export interface Availability { + isPreview?: boolean; + status?: "1"; +} + +// @public +export type AwsCloudTrailCheckRequirements = DataConnectorsCheckRequirements & { + kind: "AmazonWebServicesCloudTrail"; +}; + +// @public +export type AwsCloudTrailDataConnector = DataConnector & { + awsRoleArn?: string; + dataTypes?: AwsCloudTrailDataConnectorDataTypes; +}; + +// @public +export interface AwsCloudTrailDataConnectorDataTypes { + logs: AwsCloudTrailDataConnectorDataTypesLogs; +} + +// @public +export type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +// @public +export type AwsS3CheckRequirements = DataConnectorsCheckRequirements & { + kind: "AmazonWebServicesS3"; +}; + +// @public +export type AwsS3DataConnector = DataConnector & { + destinationTable?: string; + sqsUrls?: string[]; + roleArn?: string; + dataTypes?: AwsS3DataConnectorDataTypes; +}; + +// @public +export interface AwsS3DataConnectorDataTypes { + logs: AwsS3DataConnectorDataTypesLogs; +} + +// @public +export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +// @public +export type AzureResourceEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly resourceId?: string; + readonly subscriptionId?: string; +}; + +// @public +export type AzureResourceEntityProperties = EntityCommonProperties & { + readonly resourceId?: string; + readonly subscriptionId?: string; +}; + +// @public +export type Bookmark = ResourceWithEtag & { + created?: Date; + createdBy?: UserInfo; + displayName?: string; + labels?: string[]; + notes?: string; + query?: string; + queryResult?: string; + updated?: Date; + updatedBy?: UserInfo; + eventTime?: Date; + queryStartTime?: Date; + queryEndTime?: Date; + incidentInfo?: IncidentInfo; + entityMappings?: BookmarkEntityMappings[]; + tactics?: AttackTactic[]; + techniques?: string[]; +}; + +// @public +export interface BookmarkEntityMappings { + entityType?: string; + fieldMappings?: EntityFieldMapping[]; +} + +// @public +export type BookmarkExpandOperationResponse = BookmarkExpandResponse; + +// @public +export interface BookmarkExpandOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface BookmarkExpandParameters { + endTime?: Date; + expansionId?: string; + startTime?: Date; +} + +// @public +export interface BookmarkExpandResponse { + metaData?: ExpansionResultsMetadata; + value?: BookmarkExpandResponseValue; +} + +// @public +export interface BookmarkExpandResponseValue { + edges?: ConnectedEntity[]; + entities?: EntityUnion[]; +} + +// @public +export interface BookmarkList { + readonly nextLink?: string; + value: Bookmark[]; +} + +// @public +export interface BookmarkOperations { + expand(resourceGroupName: string, workspaceName: string, bookmarkId: string, parameters: BookmarkExpandParameters, options?: BookmarkExpandOptionalParams): Promise; +} + +// @public +export interface BookmarkRelations { + createOrUpdate(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, relation: Relation, options?: BookmarkRelationsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, options?: BookmarkRelationsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, options?: BookmarkRelationsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarkRelationsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface BookmarkRelationsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type BookmarkRelationsCreateOrUpdateResponse = Relation; + +// @public +export interface BookmarkRelationsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface BookmarkRelationsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type BookmarkRelationsGetResponse = Relation; + +// @public +export interface BookmarkRelationsListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type BookmarkRelationsListNextResponse = RelationList; + +// @public +export interface BookmarkRelationsListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type BookmarkRelationsListResponse = RelationList; + +// @public +export interface Bookmarks { + createOrUpdate(resourceGroupName: string, workspaceName: string, bookmarkId: string, bookmark: Bookmark, options?: BookmarksCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarksDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarksGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: BookmarksListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface BookmarksCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type BookmarksCreateOrUpdateResponse = Bookmark; + +// @public +export interface BookmarksDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface BookmarksGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type BookmarksGetResponse = Bookmark; + +// @public +export interface BookmarksListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type BookmarksListNextResponse = BookmarkList; + +// @public +export interface BookmarksListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type BookmarksListResponse = BookmarkList; + +// @public +export type BookmarkTimelineItem = EntityTimelineItem & { + kind: "Bookmark"; + azureResourceId: string; + displayName?: string; + notes?: string; + endTimeUtc?: Date; + startTimeUtc?: Date; + eventTime?: Date; + createdBy?: UserInfo; + labels?: string[]; +}; + +// @public +export interface ClientInfo { + email?: string; + name?: string; + objectId?: string; + userPrincipalName?: string; +} + +// @public +export type CloudApplicationEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly appId?: number; + readonly appName?: string; + readonly instanceName?: string; +}; + +// @public +export type CloudApplicationEntityProperties = EntityCommonProperties & { + readonly appId?: number; + readonly appName?: string; + readonly instanceName?: string; +}; + +// @public +export interface CloudError { + error?: CloudErrorBody; +} + +// @public +export interface CloudErrorBody { + readonly code?: string; + readonly message?: string; +} + +// @public +export type CodelessApiPollingDataConnector = DataConnector & { + connectorUiConfig?: CodelessUiConnectorConfigProperties; + pollingConfig?: CodelessConnectorPollingConfigProperties; +}; + +// @public +export interface CodelessConnectorPollingAuthProperties { + apiKeyIdentifier?: string; + apiKeyName?: string; + authorizationEndpoint?: string; + authorizationEndpointQueryParameters?: Record; + authType: string; + flowName?: string; + isApiKeyInPostPayload?: string; + isClientSecretInHeader?: boolean; + redirectionEndpoint?: string; + scope?: string; + tokenEndpoint?: string; + tokenEndpointHeaders?: Record; + tokenEndpointQueryParameters?: Record; +} + +// @public +export interface CodelessConnectorPollingConfigProperties { + auth: CodelessConnectorPollingAuthProperties; + isActive?: boolean; + paging?: CodelessConnectorPollingPagingProperties; + request: CodelessConnectorPollingRequestProperties; + response?: CodelessConnectorPollingResponseProperties; +} + +// @public +export interface CodelessConnectorPollingPagingProperties { + nextPageParaName?: string; + nextPageTokenJsonPath?: string; + pageCountAttributePath?: string; + pageSize?: number; + pageSizeParaName?: string; + pageTimeStampAttributePath?: string; + pageTotalCountAttributePath?: string; + pagingType: string; + searchTheLatestTimeStampFromEventsList?: string; +} + +// @public +export interface CodelessConnectorPollingRequestProperties { + apiEndpoint: string; + endTimeAttributeName?: string; + headers?: Record; + httpMethod: string; + queryParameters?: Record; + queryParametersTemplate?: string; + queryTimeFormat: string; + queryWindowInMin: number; + rateLimitQps?: number; + retryCount?: number; + startTimeAttributeName?: string; + timeoutInSeconds?: number; +} + +// @public +export interface CodelessConnectorPollingResponseProperties { + eventsJsonPaths: string[]; + isGzipCompressed?: boolean; + successStatusJsonPath?: string; + successStatusValue?: string; +} + +// @public +export interface CodelessUiConnectorConfigProperties { + availability: Availability; + connectivityCriteria: CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem[]; + customImage?: string; + dataTypes: CodelessUiConnectorConfigPropertiesDataTypesItem[]; + descriptionMarkdown: string; + graphQueries: CodelessUiConnectorConfigPropertiesGraphQueriesItem[]; + graphQueriesTableName: string; + instructionSteps: CodelessUiConnectorConfigPropertiesInstructionStepsItem[]; + permissions: Permissions_2; + publisher: string; + sampleQueries: CodelessUiConnectorConfigPropertiesSampleQueriesItem[]; + title: string; +} + +// @public (undocumented) +export type CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem = ConnectivityCriteria & {}; + +// @public (undocumented) +export type CodelessUiConnectorConfigPropertiesDataTypesItem = LastDataReceivedDataType & {}; + +// @public (undocumented) +export type CodelessUiConnectorConfigPropertiesGraphQueriesItem = GraphQueries & {}; + +// @public (undocumented) +export type CodelessUiConnectorConfigPropertiesInstructionStepsItem = InstructionSteps & {}; + +// @public (undocumented) +export type CodelessUiConnectorConfigPropertiesSampleQueriesItem = SampleQueries & {}; + +// @public +export type CodelessUiDataConnector = DataConnector & { + connectorUiConfig?: CodelessUiConnectorConfigProperties; +}; + +// @public +export type ConditionType = string; + +// @public +export type ConfidenceLevel = string; + +// @public +export type ConfidenceScoreStatus = string; + +// @public +export type ConnectAuthKind = string; + +// @public +export interface ConnectedEntity { + additionalData?: Record; + targetEntityId?: string; +} + +// @public +export interface ConnectivityCriteria { + type?: ConnectivityType; + value?: string[]; +} + +// @public +export type ConnectivityType = string; + +// @public +export interface ConnectorInstructionModelBase { + parameters?: Record; + type: SettingType; +} + +// @public +export interface ContentPathMap { + contentType?: ContentType; + path?: string; +} + +// @public +export type ContentType = string; + +// @public +export type CreatedByType = string; + +// @public +export type CustomEntityQuery = ResourceWithEtag & { + kind: CustomEntityQueryKind; +}; + +// @public +export type CustomEntityQueryKind = string; + +// @public (undocumented) +export type CustomEntityQueryUnion = CustomEntityQuery | ActivityCustomEntityQuery; + +// @public +export type Customs = CustomsPermission & {}; + +// @public +export interface CustomsPermission { + description?: string; + name?: string; +} + +// @public +export type DataConnector = ResourceWithEtag & { + kind: DataConnectorKind; +}; + +// @public +export type DataConnectorAuthorizationState = string; + +// @public +export interface DataConnectorConnectBody { + apiKey?: string; + authorizationCode?: string; + clientId?: string; + clientSecret?: string; + kind?: ConnectAuthKind; + password?: string; + // (undocumented) + requestConfigUserInputValues?: Record[]; + userName?: string; +} + +// @public +export interface DataConnectorDataTypeCommon { + state: DataTypeState; +} + +// @public +export type DataConnectorKind = string; + +// @public +export type DataConnectorLicenseState = string; + +// @public +export interface DataConnectorList { + readonly nextLink?: string; + value: DataConnectorUnion[]; +} + +// @public +export interface DataConnectorRequirementsState { + authorizationState?: DataConnectorAuthorizationState; + licenseState?: DataConnectorLicenseState; +} + +// @public +export interface DataConnectors { + connect(resourceGroupName: string, workspaceName: string, dataConnectorId: string, connectBody: DataConnectorConnectBody, options?: DataConnectorsConnectOptionalParams): Promise; + createOrUpdate(resourceGroupName: string, workspaceName: string, dataConnectorId: string, dataConnector: DataConnectorUnion, options?: DataConnectorsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsDeleteOptionalParams): Promise; + disconnect(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsDisconnectOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: DataConnectorsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface DataConnectorsCheckRequirements { + kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "Office365Project" | "OfficePowerBI" | "ThreatIntelligence" | "ThreatIntelligenceTaxii"; +} + +// @public +export interface DataConnectorsCheckRequirementsOperations { + post(resourceGroupName: string, workspaceName: string, dataConnectorsCheckRequirements: DataConnectorsCheckRequirementsUnion, options?: DataConnectorsCheckRequirementsPostOptionalParams): Promise; +} + +// @public +export interface DataConnectorsCheckRequirementsPostOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; + +// @public (undocumented) +export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | Office365ProjectCheckRequirements | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; + +// @public +export interface DataConnectorsConnectOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface DataConnectorsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; + +// @public +export interface DataConnectorsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface DataConnectorsDisconnectOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface DataConnectorsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type DataConnectorsGetResponse = DataConnectorUnion; + +// @public +export interface DataConnectorsListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type DataConnectorsListNextResponse = DataConnectorList; + +// @public +export interface DataConnectorsListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type DataConnectorsListResponse = DataConnectorList; + +// @public +export interface DataConnectorTenantId { + tenantId: string; +} + +// @public (undocumented) +export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | Office365ProjectDataConnector | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; + +// @public +export interface DataConnectorWithAlertsProperties { + dataTypes?: AlertsDataTypeOfDataConnector; +} + +// @public +export interface DataTypeDefinitions { + dataType?: string; +} + +// @public +export type DataTypeState = string; + +// @public +export type DeliveryAction = "Unknown" | "DeliveredAsSpam" | "Delivered" | "Blocked" | "Replaced"; + +// @public +export type DeliveryLocation = "Unknown" | "Inbox" | "JunkFolder" | "DeletedFolder" | "Quarantine" | "External" | "Failed" | "Dropped" | "Forwarded"; + +// @public +export type DnsEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly dnsServerIpEntityId?: string; + readonly domainName?: string; + readonly hostIpAddressEntityId?: string; + readonly ipAddressEntityIds?: string[]; +}; + +// @public +export type DnsEntityProperties = EntityCommonProperties & { + readonly dnsServerIpEntityId?: string; + readonly domainName?: string; + readonly hostIpAddressEntityId?: string; + readonly ipAddressEntityIds?: string[]; +}; + +// @public +export interface DomainWhois { + get(resourceGroupName: string, domain: string, options?: DomainWhoisGetOptionalParams): Promise; +} + +// @public +export interface DomainWhoisGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type DomainWhoisGetResponse = EnrichmentDomainWhois; + +// @public +export type Dynamics365CheckRequirements = DataConnectorsCheckRequirements & { + kind: "Dynamics365"; + tenantId?: string; +}; + +// @public +export type Dynamics365CheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type Dynamics365DataConnector = DataConnector & { + tenantId?: string; + dataTypes?: Dynamics365DataConnectorDataTypes; +}; + +// @public +export interface Dynamics365DataConnectorDataTypes { + dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities; +} + +// @public +export type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {}; + +// @public +export type Dynamics365DataConnectorProperties = DataConnectorTenantId & { + dataTypes: Dynamics365DataConnectorDataTypes; +}; + +// @public +export type ElevationToken = "Default" | "Full" | "Limited"; + +// @public +export interface EnrichmentDomainWhois { + created?: Date; + domain?: string; + expires?: Date; + parsedWhois?: EnrichmentDomainWhoisDetails; + server?: string; + updated?: Date; +} + +// @public +export interface EnrichmentDomainWhoisContact { + city?: string; + country?: string; + email?: string; + fax?: string; + name?: string; + org?: string; + phone?: string; + postal?: string; + state?: string; + street?: string[]; +} + +// @public +export interface EnrichmentDomainWhoisContacts { + admin?: EnrichmentDomainWhoisContact; + billing?: EnrichmentDomainWhoisContact; + registrant?: EnrichmentDomainWhoisContact; + tech?: EnrichmentDomainWhoisContact; +} + +// @public +export interface EnrichmentDomainWhoisDetails { + contacts?: EnrichmentDomainWhoisContacts; + nameServers?: string[]; + registrar?: EnrichmentDomainWhoisRegistrarDetails; + statuses?: string[]; +} + +// @public +export interface EnrichmentDomainWhoisRegistrarDetails { + abuseContactEmail?: string; + abuseContactPhone?: string; + ianaId?: string; + name?: string; + url?: string; + whoisServer?: string; +} + +// @public +export interface EnrichmentIpGeodata { + asn?: string; + carrier?: string; + city?: string; + cityCf?: number; + continent?: string; + country?: string; + countryCf?: number; + ipAddr?: string; + ipRoutingType?: string; + latitude?: string; + longitude?: string; + organization?: string; + organizationType?: string; + region?: string; + state?: string; + stateCf?: number; + stateCode?: string; +} + +// @public +export interface Entities { + expand(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityExpandParameters, options?: EntitiesExpandOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, entityId: string, options?: EntitiesGetOptionalParams): Promise; + getInsights(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityGetInsightsParameters, options?: EntitiesGetInsightsOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: EntitiesListOptionalParams): PagedAsyncIterableIterator; + queries(resourceGroupName: string, workspaceName: string, entityId: string, kind: EntityItemQueryKind, options?: EntitiesQueriesOptionalParams): Promise; +} + +// @public +export interface EntitiesExpandOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntitiesExpandResponse = EntityExpandResponse; + +// @public +export interface EntitiesGetInsightsOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntitiesGetInsightsResponse = EntityGetInsightsResponse; + +// @public +export interface EntitiesGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntitiesGetResponse = EntityUnion; + +// @public +export interface EntitiesGetTimeline { + list(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityTimelineParameters, options?: EntitiesGetTimelineListOptionalParams): Promise; +} + +// @public +export interface EntitiesGetTimelineListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntitiesGetTimelineListResponse = EntityTimelineResponse; + +// @public +export interface EntitiesListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntitiesListNextResponse = EntityList; + +// @public +export interface EntitiesListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntitiesListResponse = EntityList; + +// @public +export interface EntitiesQueriesOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntitiesQueriesResponse = GetQueriesResponse; + +// @public +export interface EntitiesRelations { + list(resourceGroupName: string, workspaceName: string, entityId: string, options?: EntitiesRelationsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface EntitiesRelationsListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type EntitiesRelationsListNextResponse = RelationList; + +// @public +export interface EntitiesRelationsListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type EntitiesRelationsListResponse = RelationList; + +// @public +export type Entity = Resource & { + kind: EntityKind; +}; + +// @public +export type EntityAnalytics = Settings & { + readonly isEnabled?: boolean; +}; + +// @public +export interface EntityCommonProperties { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; +} + +// @public +export interface EntityEdges { + additionalData?: { + [propertyName: string]: Record; + }; + targetEntityId?: string; +} + +// @public +export interface EntityExpandParameters { + endTime?: Date; + expansionId?: string; + startTime?: Date; +} + +// @public +export interface EntityExpandResponse { + metaData?: ExpansionResultsMetadata; + value?: EntityExpandResponseValue; +} + +// @public +export interface EntityExpandResponseValue { + edges?: EntityEdges[]; + entities?: EntityUnion[]; +} + +// @public +export interface EntityFieldMapping { + identifier?: string; + value?: string; +} + +// @public +export interface EntityGetInsightsParameters { + addDefaultExtendedTimeRange?: boolean; + endTime: Date; + insightQueryIds?: string[]; + startTime: Date; +} + +// @public +export interface EntityGetInsightsResponse { + metaData?: GetInsightsResultsMetadata; + value?: EntityInsightItem[]; +} + +// @public +export interface EntityInsightItem { + chartQueryResults?: InsightsTableResult[]; + queryId?: string; + queryTimeInterval?: EntityInsightItemQueryTimeInterval; + tableQueryResults?: InsightsTableResult; +} + +// @public +export interface EntityInsightItemQueryTimeInterval { + endTime?: Date; + startTime?: Date; +} + +// @public +export type EntityItemQueryKind = string; + +// @public +export type EntityKind = string; + +// @public +export interface EntityList { + readonly nextLink?: string; + value: EntityUnion[]; +} + +// @public +export interface EntityMapping { + entityType?: EntityMappingType; + fieldMappings?: FieldMapping[]; +} + +// @public +export type EntityMappingType = string; + +// @public +export interface EntityQueries { + createOrUpdate(resourceGroupName: string, workspaceName: string, entityQueryId: string, entityQuery: CustomEntityQueryUnion, options?: EntityQueriesCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, entityQueryId: string, options?: EntityQueriesDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, entityQueryId: string, options?: EntityQueriesGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: EntityQueriesListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface EntityQueriesCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; + +// @public +export interface EntityQueriesDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface EntityQueriesGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntityQueriesGetResponse = EntityQueryUnion; + +// @public +export interface EntityQueriesListNextOptionalParams extends coreClient.OperationOptions { + kind?: Enum12; +} + +// @public +export type EntityQueriesListNextResponse = EntityQueryList; + +// @public +export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { + kind?: Enum12; +} + +// @public +export type EntityQueriesListResponse = EntityQueryList; + +// @public +export type EntityQuery = ResourceWithEtag & { + kind: EntityQueryKind; +}; + +// @public +export interface EntityQueryItem { + readonly id?: string; + kind: "Insight"; + name?: string; + type?: string; +} + +// @public +export interface EntityQueryItemProperties { + dataTypes?: EntityQueryItemPropertiesDataTypesItem[]; + entitiesFilter?: Record; + inputEntityType?: EntityType; + requiredInputFieldsSets?: string[][]; +} + +// @public (undocumented) +export interface EntityQueryItemPropertiesDataTypesItem { + dataType?: string; +} + +// @public (undocumented) +export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem; + +// @public +export type EntityQueryKind = string; + +// @public +export interface EntityQueryList { + readonly nextLink?: string; + value: EntityQueryUnion[]; +} + +// @public +export type EntityQueryTemplate = Resource & { + kind: EntityQueryTemplateKind; +}; + +// @public +export type EntityQueryTemplateKind = string; + +// @public +export interface EntityQueryTemplateList { + readonly nextLink?: string; + value: EntityQueryTemplateUnion[]; +} + +// @public +export interface EntityQueryTemplates { + get(resourceGroupName: string, workspaceName: string, entityQueryTemplateId: string, options?: EntityQueryTemplatesGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: EntityQueryTemplatesListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface EntityQueryTemplatesGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; + +// @public +export interface EntityQueryTemplatesListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; + +// @public +export interface EntityQueryTemplatesListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; + +// @public (undocumented) +export type EntityQueryTemplateUnion = EntityQueryTemplate | ActivityEntityQueryTemplate; + +// @public (undocumented) +export type EntityQueryUnion = EntityQuery | ExpansionEntityQuery | ActivityEntityQuery; + +// @public +export interface EntityRelations { + getRelation(resourceGroupName: string, workspaceName: string, entityId: string, relationName: string, options?: EntityRelationsGetRelationOptionalParams): Promise; +} + +// @public +export interface EntityRelationsGetRelationOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type EntityRelationsGetRelationResponse = Relation; + +// @public +export interface EntityTimelineItem { + kind: "Activity" | "Bookmark" | "SecurityAlert"; +} + +// @public (undocumented) +export type EntityTimelineItemUnion = EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | SecurityAlertTimelineItem; + +// @public +export type EntityTimelineKind = string; + +// @public +export interface EntityTimelineParameters { + endTime: Date; + kinds?: EntityTimelineKind[]; + numberOfBucket?: number; + startTime: Date; +} + +// @public +export interface EntityTimelineResponse { + metaData?: TimelineResultsMetadata; + value?: EntityTimelineItemUnion[]; +} + +// @public +export type EntityType = string; + +// @public (undocumented) +export type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity; + +// @public +export type Enum12 = string; + +// @public +export interface ErrorAdditionalInfo { + readonly info?: Record; + readonly type?: string; +} + +// @public +export interface ErrorDetail { + readonly additionalInfo?: ErrorAdditionalInfo[]; + readonly code?: string; + readonly details?: ErrorDetail[]; + readonly message?: string; + readonly target?: string; +} + +// @public +export interface ErrorResponse { + error?: ErrorDetail; +} + +// @public +export type EventGroupingAggregationKind = string; + +// @public +export interface EventGroupingSettings { + aggregationKind?: EventGroupingAggregationKind; +} + +// @public +export type ExpansionEntityQuery = EntityQuery & { + dataSources?: string[]; + displayName?: string; + inputEntityType?: EntityType; + inputFields?: string[]; + outputEntityTypes?: EntityType[]; + queryTemplate?: string; +}; + +// @public +export interface ExpansionResultAggregation { + aggregationType?: string; + count: number; + displayName?: string; + entityKind: EntityKind; +} + +// @public +export interface ExpansionResultsMetadata { + aggregations?: ExpansionResultAggregation[]; +} + +// @public +export type EyesOn = Settings & { + readonly isEnabled?: boolean; +}; + +// @public +export interface FieldMapping { + columnName?: string; + identifier?: string; +} + +// @public +export type FileEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly directory?: string; + readonly fileHashEntityIds?: string[]; + readonly fileName?: string; + readonly hostEntityId?: string; +}; + +// @public +export type FileEntityProperties = EntityCommonProperties & { + readonly directory?: string; + readonly fileHashEntityIds?: string[]; + readonly fileName?: string; + readonly hostEntityId?: string; +}; + +// @public +export type FileHashAlgorithm = string; + +// @public +export type FileHashEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly algorithm?: FileHashAlgorithm; + readonly hashValue?: string; +}; + +// @public +export type FileHashEntityProperties = EntityCommonProperties & { + readonly algorithm?: FileHashAlgorithm; + readonly hashValue?: string; +}; + +// @public +export type FusionAlertRule = AlertRule & { + alertRuleTemplateName?: string; + readonly description?: string; + readonly displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; + readonly severity?: AlertSeverity; + readonly tactics?: AttackTactic[]; +}; + +// @public +export type FusionAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly lastUpdatedDateUTC?: Date; + readonly createdDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + severity?: AlertSeverity; + tactics?: AttackTactic[]; +}; + +// @public +export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { + severity: AlertSeverity; + tactics?: AttackTactic[]; +}; + +// @public +export interface GeoLocation { + readonly asn?: number; + readonly city?: string; + readonly countryCode?: string; + readonly countryName?: string; + readonly latitude?: number; + readonly longitude?: number; + readonly state?: string; +} + +// @public +export interface GetInsightsError { + errorMessage: string; + kind: "Insight"; + queryId?: string; +} + +// @public +export interface GetInsightsResultsMetadata { + errors?: GetInsightsError[]; + totalCount: number; +} + +// @public +export interface GetQueriesResponse { + value?: EntityQueryItemUnion[]; +} + +// @public +export interface GraphQueries { + baseQuery?: string; + legend?: string; + metricName?: string; +} + +// @public +export interface GroupingConfiguration { + enabled: boolean; + groupByAlertDetails?: AlertDetail[]; + groupByCustomDetails?: string[]; + groupByEntities?: EntityMappingType[]; + lookbackDuration: string; + matchingMethod: MatchingMethod; + reopenClosedIncident: boolean; +} + +// @public +export type HostEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly azureID?: string; + readonly dnsDomain?: string; + readonly hostName?: string; + readonly isDomainJoined?: boolean; + readonly netBiosName?: string; + readonly ntDomain?: string; + readonly omsAgentID?: string; + osFamily?: OSFamily; + readonly osVersion?: string; +}; + +// @public +export type HostEntityProperties = EntityCommonProperties & { + readonly azureID?: string; + readonly dnsDomain?: string; + readonly hostName?: string; + readonly isDomainJoined?: boolean; + readonly netBiosName?: string; + readonly ntDomain?: string; + readonly omsAgentID?: string; + osFamily?: OSFamily; + readonly osVersion?: string; +}; + +// @public +export type HuntingBookmark = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + created?: Date; + createdBy?: UserInfo; + displayName?: string; + eventTime?: Date; + labels?: string[]; + notes?: string; + query?: string; + queryResult?: string; + updated?: Date; + updatedBy?: UserInfo; + incidentInfo?: IncidentInfo; +}; + +// @public +export type HuntingBookmarkProperties = EntityCommonProperties & { + created?: Date; + createdBy?: UserInfo; + displayName: string; + eventTime?: Date; + labels?: string[]; + notes?: string; + query: string; + queryResult?: string; + updated?: Date; + updatedBy?: UserInfo; + incidentInfo?: IncidentInfo; +}; + +// @public +export type Incident = ResourceWithEtag & { + readonly additionalData?: IncidentAdditionalData; + classification?: IncidentClassification; + classificationComment?: string; + classificationReason?: IncidentClassificationReason; + readonly createdTimeUtc?: Date; + description?: string; + firstActivityTimeUtc?: Date; + readonly incidentUrl?: string; + readonly incidentNumber?: number; + labels?: IncidentLabel[]; + providerName?: string; + providerIncidentId?: string; + lastActivityTimeUtc?: Date; + readonly lastModifiedTimeUtc?: Date; + owner?: IncidentOwnerInfo; + readonly relatedAnalyticRuleIds?: string[]; + severity?: IncidentSeverity; + status?: IncidentStatus; + teamInformation?: TeamInformation; + title?: string; +}; + +// @public +export interface IncidentAdditionalData { + readonly alertProductNames?: string[]; + readonly alertsCount?: number; + readonly bookmarksCount?: number; + readonly commentsCount?: number; + readonly providerIncidentUrl?: string; + readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; +} + +// @public +export interface IncidentAlertList { + value: SecurityAlert[]; +} + +// @public +export interface IncidentBookmarkList { + value: HuntingBookmark[]; +} + +// @public +export type IncidentClassification = string; + +// @public +export type IncidentClassificationReason = string; + +// @public +export type IncidentComment = ResourceWithEtag & { + readonly createdTimeUtc?: Date; + readonly lastModifiedTimeUtc?: Date; + message?: string; + readonly author?: ClientInfo; +}; + +// @public +export interface IncidentCommentList { + readonly nextLink?: string; + value: IncidentComment[]; +} + +// @public +export interface IncidentComments { + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: IncidentComment, options?: IncidentCommentsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentCommentsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface IncidentCommentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentCommentsCreateOrUpdateResponse = IncidentComment; + +// @public +export interface IncidentCommentsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface IncidentCommentsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentCommentsGetResponse = IncidentComment; + +// @public +export interface IncidentCommentsListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type IncidentCommentsListNextResponse = IncidentCommentList; + +// @public +export interface IncidentCommentsListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type IncidentCommentsListResponse = IncidentCommentList; + +// @public +export interface IncidentConfiguration { + createIncident: boolean; + groupingConfiguration?: GroupingConfiguration; +} + +// @public +export interface IncidentEntitiesResponse { + entities?: EntityUnion[]; + metaData?: IncidentEntitiesResultsMetadata[]; +} + +// @public +export interface IncidentEntitiesResultsMetadata { + count: number; + entityKind: EntityKind; +} + +// @public +export interface IncidentInfo { + incidentId?: string; + relationName?: string; + severity?: IncidentSeverity; + title?: string; +} + +// @public +export interface IncidentLabel { + labelName: string; + readonly labelType?: IncidentLabelType; +} + +// @public +export type IncidentLabelType = string; + +// @public +export interface IncidentList { + readonly nextLink?: string; + value: Incident[]; +} + +// @public +export interface IncidentOwnerInfo { + assignedTo?: string; + email?: string; + objectId?: string; + readonly ownerType?: OwnerType; + userPrincipalName?: string; +} + +// @public +export type IncidentOwnerType = string; + +// @public (undocumented) +export interface IncidentPropertiesActionOwnerInfo { + // (undocumented) + assignedTo?: string; + // (undocumented) + email?: string; + // (undocumented) + objectId?: string; + // (undocumented) + ownerType?: IncidentOwnerType; + // (undocumented) + userPrincipalName?: string; +} + +// @public +export interface IncidentRelations { + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Relation, options?: IncidentRelationsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: IncidentRelationsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: IncidentRelationsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentRelationsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface IncidentRelationsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentRelationsCreateOrUpdateResponse = Relation; + +// @public +export interface IncidentRelationsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface IncidentRelationsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentRelationsGetResponse = Relation; + +// @public +export interface IncidentRelationsListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type IncidentRelationsListNextResponse = RelationList; + +// @public +export interface IncidentRelationsListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type IncidentRelationsListResponse = RelationList; + +// @public +export interface Incidents { + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Incident, options?: IncidentsCreateOrUpdateOptionalParams): Promise; + createTeam(resourceGroupName: string, workspaceName: string, incidentId: string, teamProperties: TeamProperties, options?: IncidentsCreateTeamOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: IncidentsListOptionalParams): PagedAsyncIterableIterator; + listAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListAlertsOptionalParams): Promise; + listBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListBookmarksOptionalParams): Promise; + listEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListEntitiesOptionalParams): Promise; +} + +// @public +export interface IncidentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentsCreateOrUpdateResponse = Incident; + +// @public +export interface IncidentsCreateTeamOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentsCreateTeamResponse = TeamInformation; + +// @public +export interface IncidentsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentSeverity = string; + +// @public +export interface IncidentsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentsGetResponse = Incident; + +// @public +export interface IncidentsListAlertsOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentsListAlertsResponse = IncidentAlertList; + +// @public +export interface IncidentsListBookmarksOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentsListBookmarksResponse = IncidentBookmarkList; + +// @public +export interface IncidentsListEntitiesOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentsListEntitiesResponse = IncidentEntitiesResponse; + +// @public +export interface IncidentsListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type IncidentsListNextResponse = IncidentList; + +// @public +export interface IncidentsListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type IncidentsListResponse = IncidentList; + +// @public +export type IncidentStatus = string; + +// @public +export type InsightQueryItem = EntityQueryItem & { + kind: "Insight"; + properties?: InsightQueryItemProperties; +}; + +// @public +export type InsightQueryItemProperties = EntityQueryItemProperties & { + displayName?: string; + description?: string; + baseQuery?: string; + tableQuery?: InsightQueryItemPropertiesTableQuery; + chartQuery?: Record; + additionalQuery?: InsightQueryItemPropertiesAdditionalQuery; + defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange; + referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange; +}; + +// @public +export interface InsightQueryItemPropertiesAdditionalQuery { + query?: string; + text?: string; +} + +// @public +export interface InsightQueryItemPropertiesDefaultTimeRange { + afterRange?: string; + beforeRange?: string; +} + +// @public +export interface InsightQueryItemPropertiesReferenceTimeRange { + beforeRange?: string; +} + +// @public +export interface InsightQueryItemPropertiesTableQuery { + columnsDefinitions?: InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem[]; + queriesDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem[]; +} + +// @public (undocumented) +export interface InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem { + header?: string; + outputType?: OutputType; + supportDeepLink?: boolean; +} + +// @public (undocumented) +export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem { + filter?: string; + linkColumnsDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem[]; + project?: string; + summarize?: string; +} + +// @public (undocumented) +export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem { + projectedName?: string; + query?: string; +} + +// @public +export interface InsightsTableResult { + columns?: InsightsTableResultColumnsItem[]; + rows?: string[][]; +} + +// @public (undocumented) +export interface InsightsTableResultColumnsItem { + name?: string; + type?: string; +} + +// @public +export interface InstructionSteps { + description?: string; + instructions?: InstructionStepsInstructionsItem[]; + title?: string; +} + +// @public (undocumented) +export type InstructionStepsInstructionsItem = ConnectorInstructionModelBase & {}; + +// @public +export type IoTDeviceEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly deviceId?: string; + readonly deviceName?: string; + readonly source?: string; + readonly iotSecurityAgentId?: string; + readonly deviceType?: string; + readonly vendor?: string; + readonly edgeId?: string; + readonly macAddress?: string; + readonly model?: string; + readonly serialNumber?: string; + readonly firmwareVersion?: string; + readonly operatingSystem?: string; + readonly iotHubEntityId?: string; + readonly hostEntityId?: string; + readonly ipAddressEntityId?: string; + readonly threatIntelligence?: ThreatIntelligence[]; + readonly protocols?: string[]; +}; + +// @public +export type IoTDeviceEntityProperties = EntityCommonProperties & { + readonly deviceId?: string; + readonly deviceName?: string; + readonly source?: string; + readonly iotSecurityAgentId?: string; + readonly deviceType?: string; + readonly vendor?: string; + readonly edgeId?: string; + readonly macAddress?: string; + readonly model?: string; + readonly serialNumber?: string; + readonly firmwareVersion?: string; + readonly operatingSystem?: string; + readonly iotHubEntityId?: string; + readonly hostEntityId?: string; + readonly ipAddressEntityId?: string; + readonly threatIntelligence?: ThreatIntelligence[]; + readonly protocols?: string[]; +}; + +// @public +export type IpEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly address?: string; + readonly location?: GeoLocation; + readonly threatIntelligence?: ThreatIntelligence[]; +}; + +// @public +export type IpEntityProperties = EntityCommonProperties & { + readonly address?: string; + readonly location?: GeoLocation; + readonly threatIntelligence?: ThreatIntelligence[]; +}; + +// @public +export interface IPGeodata { + get(resourceGroupName: string, ipAddress: string, options?: IPGeodataGetOptionalParams): Promise; +} + +// @public +export interface IPGeodataGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IPGeodataGetResponse = EnrichmentIpGeodata; + +// @public +export type KillChainIntent = string; + +// @public +export type Kind = string; + +// @public +export enum KnownActionType { + ModifyProperties = "ModifyProperties", + RunPlaybook = "RunPlaybook" +} + +// @public +export enum KnownAlertDetail { + DisplayName = "DisplayName", + Severity = "Severity" +} + +// @public +export enum KnownAlertRuleKind { + // (undocumented) + Fusion = "Fusion", + // (undocumented) + MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation", + // (undocumented) + MLBehaviorAnalytics = "MLBehaviorAnalytics", + // (undocumented) + NRT = "NRT", + // (undocumented) + Scheduled = "Scheduled", + // (undocumented) + ThreatIntelligence = "ThreatIntelligence" +} + +// @public +export enum KnownAlertSeverity { + High = "High", + Informational = "Informational", + Low = "Low", + Medium = "Medium" +} + +// @public +export enum KnownAlertStatus { + Dismissed = "Dismissed", + InProgress = "InProgress", + New = "New", + Resolved = "Resolved", + Unknown = "Unknown" +} + +// @public +export enum KnownAntispamMailDirection { + Inbound = "Inbound", + Intraorg = "Intraorg", + Outbound = "Outbound", + Unknown = "Unknown" +} + +// @public +export enum KnownAttackTactic { + // (undocumented) + Collection = "Collection", + // (undocumented) + CommandAndControl = "CommandAndControl", + // (undocumented) + CredentialAccess = "CredentialAccess", + // (undocumented) + DefenseEvasion = "DefenseEvasion", + // (undocumented) + Discovery = "Discovery", + // (undocumented) + Execution = "Execution", + // (undocumented) + Exfiltration = "Exfiltration", + // (undocumented) + Impact = "Impact", + // (undocumented) + InitialAccess = "InitialAccess", + // (undocumented) + LateralMovement = "LateralMovement", + // (undocumented) + Persistence = "Persistence", + // (undocumented) + PreAttack = "PreAttack", + // (undocumented) + PrivilegeEscalation = "PrivilegeEscalation" +} + +// @public +export enum KnownAutomationRulePropertyConditionSupportedOperator { + Contains = "Contains", + EndsWith = "EndsWith", + Equals = "Equals", + NotContains = "NotContains", + NotEndsWith = "NotEndsWith", + NotEquals = "NotEquals", + NotStartsWith = "NotStartsWith", + StartsWith = "StartsWith" +} + +// @public +export enum KnownAutomationRulePropertyConditionSupportedProperty { + AccountAadTenantId = "AccountAadTenantId", + AccountAadUserId = "AccountAadUserId", + AccountName = "AccountName", + AccountNTDomain = "AccountNTDomain", + AccountObjectGuid = "AccountObjectGuid", + AccountPuid = "AccountPUID", + AccountSid = "AccountSid", + AccountUPNSuffix = "AccountUPNSuffix", + AlertProductNames = "AlertProductNames", + AzureResourceResourceId = "AzureResourceResourceId", + AzureResourceSubscriptionId = "AzureResourceSubscriptionId", + CloudApplicationAppId = "CloudApplicationAppId", + CloudApplicationAppName = "CloudApplicationAppName", + DNSDomainName = "DNSDomainName", + FileDirectory = "FileDirectory", + FileHashValue = "FileHashValue", + FileName = "FileName", + HostAzureID = "HostAzureID", + HostName = "HostName", + HostNetBiosName = "HostNetBiosName", + HostNTDomain = "HostNTDomain", + HostOSVersion = "HostOSVersion", + IncidentDescription = "IncidentDescription", + IncidentLabel = "IncidentLabel", + IncidentProviderName = "IncidentProviderName", + IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", + IncidentSeverity = "IncidentSeverity", + IncidentStatus = "IncidentStatus", + IncidentTactics = "IncidentTactics", + IncidentTitle = "IncidentTitle", + IoTDeviceId = "IoTDeviceId", + IoTDeviceModel = "IoTDeviceModel", + IoTDeviceName = "IoTDeviceName", + IoTDeviceOperatingSystem = "IoTDeviceOperatingSystem", + IoTDeviceType = "IoTDeviceType", + IoTDeviceVendor = "IoTDeviceVendor", + IPAddress = "IPAddress", + MailboxDisplayName = "MailboxDisplayName", + MailboxPrimaryAddress = "MailboxPrimaryAddress", + MailboxUPN = "MailboxUPN", + MailMessageDeliveryAction = "MailMessageDeliveryAction", + MailMessageDeliveryLocation = "MailMessageDeliveryLocation", + MailMessageP1Sender = "MailMessageP1Sender", + MailMessageP2Sender = "MailMessageP2Sender", + MailMessageRecipient = "MailMessageRecipient", + MailMessageSenderIP = "MailMessageSenderIP", + MailMessageSubject = "MailMessageSubject", + MalwareCategory = "MalwareCategory", + MalwareName = "MalwareName", + ProcessCommandLine = "ProcessCommandLine", + ProcessId = "ProcessId", + RegistryKey = "RegistryKey", + RegistryValueData = "RegistryValueData", + Url = "Url" +} + +// @public +export enum KnownConditionType { + Property = "Property" +} + +// @public +export enum KnownConfidenceLevel { + High = "High", + Low = "Low", + Unknown = "Unknown" +} + +// @public +export enum KnownConfidenceScoreStatus { + Final = "Final", + InProcess = "InProcess", + NotApplicable = "NotApplicable", + NotFinal = "NotFinal" +} + +// @public +export enum KnownConnectAuthKind { + // (undocumented) + APIKey = "APIKey", + // (undocumented) + Basic = "Basic", + // (undocumented) + OAuth2 = "OAuth2" +} + +// @public +export enum KnownConnectivityType { + // (undocumented) + IsConnectedQuery = "IsConnectedQuery" +} + +// @public +export enum KnownContentType { + // (undocumented) + AnalyticRule = "AnalyticRule", + // (undocumented) + Workbook = "Workbook" +} + +// @public +export enum KnownCreatedByType { + // (undocumented) + Application = "Application", + // (undocumented) + Key = "Key", + // (undocumented) + ManagedIdentity = "ManagedIdentity", + // (undocumented) + User = "User" +} + +// @public +export enum KnownCustomEntityQueryKind { + // (undocumented) + Activity = "Activity" +} + +// @public +export enum KnownDataConnectorAuthorizationState { + // (undocumented) + Invalid = "Invalid", + // (undocumented) + Valid = "Valid" +} + +// @public +export enum KnownDataConnectorKind { + // (undocumented) + AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", + // (undocumented) + AmazonWebServicesS3 = "AmazonWebServicesS3", + // (undocumented) + APIPolling = "APIPolling", + // (undocumented) + AzureActiveDirectory = "AzureActiveDirectory", + // (undocumented) + AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", + // (undocumented) + AzureSecurityCenter = "AzureSecurityCenter", + // (undocumented) + Dynamics365 = "Dynamics365", + // (undocumented) + GenericUI = "GenericUI", + // (undocumented) + MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", + // (undocumented) + MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection", + // (undocumented) + MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence", + // (undocumented) + MicrosoftThreatProtection = "MicrosoftThreatProtection", + // (undocumented) + Office365 = "Office365", + // (undocumented) + Office365Project = "Office365Project", + // (undocumented) + OfficeATP = "OfficeATP", + // (undocumented) + OfficeIRM = "OfficeIRM", + // (undocumented) + OfficePowerBI = "OfficePowerBI", + // (undocumented) + ThreatIntelligence = "ThreatIntelligence", + // (undocumented) + ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii" +} + +// @public +export enum KnownDataConnectorLicenseState { + // (undocumented) + Invalid = "Invalid", + // (undocumented) + Unknown = "Unknown", + // (undocumented) + Valid = "Valid" +} + +// @public +export enum KnownDataTypeState { + // (undocumented) + Disabled = "Disabled", + // (undocumented) + Enabled = "Enabled" +} + +// @public +export enum KnownEntityItemQueryKind { + Insight = "Insight" +} + +// @public +export enum KnownEntityKind { + Account = "Account", + AzureResource = "AzureResource", + Bookmark = "Bookmark", + CloudApplication = "CloudApplication", + DnsResolution = "DnsResolution", + File = "File", + FileHash = "FileHash", + Host = "Host", + IoTDevice = "IoTDevice", + Ip = "Ip", + Mailbox = "Mailbox", + MailCluster = "MailCluster", + MailMessage = "MailMessage", + Malware = "Malware", + Process = "Process", + RegistryKey = "RegistryKey", + RegistryValue = "RegistryValue", + SecurityAlert = "SecurityAlert", + SecurityGroup = "SecurityGroup", + SubmissionMail = "SubmissionMail", + Url = "Url" +} + +// @public +export enum KnownEntityMappingType { + Account = "Account", + AzureResource = "AzureResource", + CloudApplication = "CloudApplication", + DNS = "DNS", + File = "File", + FileHash = "FileHash", + Host = "Host", + IP = "IP", + Mailbox = "Mailbox", + MailCluster = "MailCluster", + MailMessage = "MailMessage", + Malware = "Malware", + Process = "Process", + RegistryKey = "RegistryKey", + RegistryValue = "RegistryValue", + SecurityGroup = "SecurityGroup", + SubmissionMail = "SubmissionMail", + URL = "URL" +} + +// @public +export enum KnownEntityQueryKind { + // (undocumented) + Activity = "Activity", + // (undocumented) + Expansion = "Expansion", + // (undocumented) + Insight = "Insight" +} + +// @public +export enum KnownEntityQueryTemplateKind { + // (undocumented) + Activity = "Activity" +} + +// @public +export enum KnownEntityTimelineKind { + Activity = "Activity", + Bookmark = "Bookmark", + SecurityAlert = "SecurityAlert" +} + +// @public +export enum KnownEntityType { + Account = "Account", + AzureResource = "AzureResource", + CloudApplication = "CloudApplication", + DNS = "DNS", + File = "File", + FileHash = "FileHash", + Host = "Host", + HuntingBookmark = "HuntingBookmark", + IoTDevice = "IoTDevice", + IP = "IP", + Mailbox = "Mailbox", + MailCluster = "MailCluster", + MailMessage = "MailMessage", + Malware = "Malware", + Process = "Process", + RegistryKey = "RegistryKey", + RegistryValue = "RegistryValue", + SecurityAlert = "SecurityAlert", + SecurityGroup = "SecurityGroup", + SubmissionMail = "SubmissionMail", + URL = "URL" +} + +// @public +export enum KnownEnum12 { + // (undocumented) + Activity = "Activity", + // (undocumented) + Expansion = "Expansion" +} + +// @public +export enum KnownEventGroupingAggregationKind { + // (undocumented) + AlertPerResult = "AlertPerResult", + // (undocumented) + SingleAlert = "SingleAlert" +} + +// @public +export enum KnownFileHashAlgorithm { + MD5 = "MD5", + SHA1 = "SHA1", + SHA256 = "SHA256", + SHA256AC = "SHA256AC", + Unknown = "Unknown" +} + +// @public +export enum KnownIncidentClassification { + // (undocumented) + BenignPositive = "BenignPositive", + // (undocumented) + FalsePositive = "FalsePositive", + // (undocumented) + TruePositive = "TruePositive", + // (undocumented) + Undetermined = "Undetermined" +} + +// @public +export enum KnownIncidentClassificationReason { + // (undocumented) + InaccurateData = "InaccurateData", + // (undocumented) + IncorrectAlertLogic = "IncorrectAlertLogic", + // (undocumented) + SuspiciousActivity = "SuspiciousActivity", + // (undocumented) + SuspiciousButExpected = "SuspiciousButExpected" +} + +// @public +export enum KnownIncidentLabelType { + System = "System", + User = "User" +} + +// @public +export enum KnownIncidentOwnerType { + // (undocumented) + Group = "Group", + // (undocumented) + Unknown = "Unknown", + // (undocumented) + User = "User" +} + +// @public +export enum KnownIncidentSeverity { + // (undocumented) + High = "High", + // (undocumented) + Informational = "Informational", + // (undocumented) + Low = "Low", + // (undocumented) + Medium = "Medium" +} + +// @public +export enum KnownIncidentStatus { + // (undocumented) + Active = "Active", + // (undocumented) + Closed = "Closed", + // (undocumented) + New = "New" +} + +// @public +export enum KnownKillChainIntent { + Collection = "Collection", + CommandAndControl = "CommandAndControl", + CredentialAccess = "CredentialAccess", + DefenseEvasion = "DefenseEvasion", + Discovery = "Discovery", + Execution = "Execution", + Exfiltration = "Exfiltration", + Exploitation = "Exploitation", + Impact = "Impact", + LateralMovement = "LateralMovement", + Persistence = "Persistence", + PrivilegeEscalation = "PrivilegeEscalation", + Probing = "Probing", + Unknown = "Unknown" +} + +// @public +export enum KnownKind { + // (undocumented) + AnalyticsRule = "AnalyticsRule", + // (undocumented) + AnalyticsRuleTemplate = "AnalyticsRuleTemplate", + // (undocumented) + DataConnector = "DataConnector", + // (undocumented) + DataType = "DataType", + // (undocumented) + HuntingQuery = "HuntingQuery", + // (undocumented) + InvestigationQuery = "InvestigationQuery", + // (undocumented) + Parser = "Parser", + // (undocumented) + Playbook = "Playbook", + // (undocumented) + PlaybookTemplate = "PlaybookTemplate", + // (undocumented) + Solution = "Solution", + // (undocumented) + Watchlist = "Watchlist", + // (undocumented) + WatchlistTemplate = "WatchlistTemplate", + // (undocumented) + Workbook = "Workbook", + // (undocumented) + WorkbookTemplate = "WorkbookTemplate" +} + +// @public +export enum KnownMatchingMethod { + AllEntities = "AllEntities", + AnyAlert = "AnyAlert", + Selected = "Selected" +} + +// @public +export enum KnownMicrosoftSecurityProductName { + // (undocumented) + AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection", + // (undocumented) + AzureAdvancedThreatProtection = "Azure Advanced Threat Protection", + // (undocumented) + AzureSecurityCenter = "Azure Security Center", + // (undocumented) + AzureSecurityCenterForIoT = "Azure Security Center for IoT", + // (undocumented) + MicrosoftCloudAppSecurity = "Microsoft Cloud App Security", + // (undocumented) + MicrosoftDefenderAdvancedThreatProtection = "Microsoft Defender Advanced Threat Protection", + // (undocumented) + Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection" +} + +// @public +export enum KnownOperator { + // (undocumented) + AND = "AND", + // (undocumented) + OR = "OR" +} + +// @public +export enum KnownOutputType { + // (undocumented) + Date = "Date", + // (undocumented) + Entity = "Entity", + // (undocumented) + Number = "Number", + // (undocumented) + String = "String" +} + +// @public +export enum KnownOwnerType { + Group = "Group", + Unknown = "Unknown", + User = "User" +} + +// @public +export enum KnownPermissionProviderScope { + // (undocumented) + ResourceGroup = "ResourceGroup", + // (undocumented) + Subscription = "Subscription", + // (undocumented) + Workspace = "Workspace" +} + +// @public +export enum KnownPollingFrequency { + OnceADay = "OnceADay", + OnceAMinute = "OnceAMinute", + OnceAnHour = "OnceAnHour" +} + +// @public +export enum KnownProviderName { + // (undocumented) + MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings", + // (undocumented) + MicrosoftAuthorizationPolicyAssignments = "Microsoft.Authorization/policyAssignments", + // (undocumented) + MicrosoftOperationalInsightsSolutions = "Microsoft.OperationalInsights/solutions", + // (undocumented) + MicrosoftOperationalInsightsWorkspaces = "Microsoft.OperationalInsights/workspaces", + // (undocumented) + MicrosoftOperationalInsightsWorkspacesDatasources = "Microsoft.OperationalInsights/workspaces/datasources", + // (undocumented) + MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys" +} + +// @public +export enum KnownRegistryHive { + HkeyA = "HKEY_A", + HkeyClassesRoot = "HKEY_CLASSES_ROOT", + HkeyCurrentConfig = "HKEY_CURRENT_CONFIG", + HkeyCurrentUser = "HKEY_CURRENT_USER", + HkeyCurrentUserLocalSettings = "HKEY_CURRENT_USER_LOCAL_SETTINGS", + HkeyLocalMachine = "HKEY_LOCAL_MACHINE", + HkeyPerformanceData = "HKEY_PERFORMANCE_DATA", + HkeyPerformanceNlstext = "HKEY_PERFORMANCE_NLSTEXT", + HkeyPerformanceText = "HKEY_PERFORMANCE_TEXT", + HkeyUsers = "HKEY_USERS" +} + +// @public +export enum KnownRegistryValueKind { + Binary = "Binary", + DWord = "DWord", + ExpandString = "ExpandString", + MultiString = "MultiString", + None = "None", + QWord = "QWord", + String = "String", + Unknown = "Unknown" +} + +// @public +export enum KnownRepoType { + // (undocumented) + DevOps = "DevOps", + // (undocumented) + Github = "Github" +} + +// @public +export enum KnownSettingKind { + // (undocumented) + Anomalies = "Anomalies", + // (undocumented) + EntityAnalytics = "EntityAnalytics", + // (undocumented) + EyesOn = "EyesOn", + // (undocumented) + Ueba = "Ueba" +} + +// @public +export enum KnownSettingType { + // (undocumented) + CopyableLabel = "CopyableLabel", + // (undocumented) + InfoMessage = "InfoMessage", + // (undocumented) + InstructionStepsGroup = "InstructionStepsGroup" +} + +// @public +export enum KnownSkuKind { + // (undocumented) + CapacityReservation = "CapacityReservation", + // (undocumented) + PerGB = "PerGB" +} + +// @public +export enum KnownSource { + // (undocumented) + LocalFile = "Local file", + // (undocumented) + RemoteStorage = "Remote storage" +} + +// @public +export enum KnownSourceKind { + // (undocumented) + Community = "Community", + // (undocumented) + LocalWorkspace = "LocalWorkspace", + // (undocumented) + Solution = "Solution", + // (undocumented) + SourceRepository = "SourceRepository" +} + +// @public +export enum KnownSupportTier { + // (undocumented) + Community = "Community", + // (undocumented) + Microsoft = "Microsoft", + // (undocumented) + Partner = "Partner" +} + +// @public +export enum KnownTemplateStatus { + Available = "Available", + Installed = "Installed", + NotAvailable = "NotAvailable" +} + +// @public +export enum KnownThreatIntelligenceResourceKindEnum { + Indicator = "indicator" +} + +// @public +export enum KnownThreatIntelligenceSortingCriteriaEnum { + // (undocumented) + Ascending = "ascending", + // (undocumented) + Descending = "descending", + // (undocumented) + Unsorted = "unsorted" +} + +// @public +export enum KnownTriggersOn { + Incidents = "Incidents" +} + +// @public +export enum KnownTriggersWhen { + Created = "Created" +} + +// @public +export enum KnownUebaDataSources { + // (undocumented) + AuditLogs = "AuditLogs", + // (undocumented) + AzureActivity = "AzureActivity", + // (undocumented) + SecurityEvent = "SecurityEvent", + // (undocumented) + SigninLogs = "SigninLogs" +} + +// @public +export interface LastDataReceivedDataType { + lastDataReceivedQuery?: string; + name?: string; +} + +// @public +export type MailboxEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly mailboxPrimaryAddress?: string; + readonly displayName?: string; + readonly upn?: string; + readonly externalDirectoryObjectId?: string; +}; + +// @public +export type MailboxEntityProperties = EntityCommonProperties & { + readonly mailboxPrimaryAddress?: string; + readonly displayName?: string; + readonly upn?: string; + readonly externalDirectoryObjectId?: string; +}; + +// @public +export type MailClusterEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly networkMessageIds?: string[]; + readonly countByDeliveryStatus?: Record; + readonly countByThreatType?: Record; + readonly countByProtectionStatus?: Record; + readonly threats?: string[]; + readonly query?: string; + readonly queryTime?: Date; + readonly mailCount?: number; + readonly isVolumeAnomaly?: boolean; + readonly source?: string; + readonly clusterSourceIdentifier?: string; + readonly clusterSourceType?: string; + readonly clusterQueryStartTime?: Date; + readonly clusterQueryEndTime?: Date; + readonly clusterGroup?: string; +}; + +// @public +export type MailClusterEntityProperties = EntityCommonProperties & { + readonly networkMessageIds?: string[]; + readonly countByDeliveryStatus?: Record; + readonly countByThreatType?: Record; + readonly countByProtectionStatus?: Record; + readonly threats?: string[]; + readonly query?: string; + readonly queryTime?: Date; + readonly mailCount?: number; + readonly isVolumeAnomaly?: boolean; + readonly source?: string; + readonly clusterSourceIdentifier?: string; + readonly clusterSourceType?: string; + readonly clusterQueryStartTime?: Date; + readonly clusterQueryEndTime?: Date; + readonly clusterGroup?: string; +}; + +// @public +export type MailMessageEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly fileEntityIds?: string[]; + readonly recipient?: string; + readonly urls?: string[]; + readonly threats?: string[]; + readonly p1Sender?: string; + readonly p1SenderDisplayName?: string; + readonly p1SenderDomain?: string; + readonly senderIP?: string; + readonly p2Sender?: string; + readonly p2SenderDisplayName?: string; + readonly p2SenderDomain?: string; + readonly receiveDate?: Date; + readonly networkMessageId?: string; + readonly internetMessageId?: string; + readonly subject?: string; + readonly language?: string; + readonly threatDetectionMethods?: string[]; + bodyFingerprintBin1?: number; + bodyFingerprintBin2?: number; + bodyFingerprintBin3?: number; + bodyFingerprintBin4?: number; + bodyFingerprintBin5?: number; + antispamDirection?: AntispamMailDirection; + deliveryAction?: DeliveryAction; + deliveryLocation?: DeliveryLocation; +}; + +// @public +export type MailMessageEntityProperties = EntityCommonProperties & { + readonly fileEntityIds?: string[]; + readonly recipient?: string; + readonly urls?: string[]; + readonly threats?: string[]; + readonly p1Sender?: string; + readonly p1SenderDisplayName?: string; + readonly p1SenderDomain?: string; + readonly senderIP?: string; + readonly p2Sender?: string; + readonly p2SenderDisplayName?: string; + readonly p2SenderDomain?: string; + readonly receiveDate?: Date; + readonly networkMessageId?: string; + readonly internetMessageId?: string; + readonly subject?: string; + readonly language?: string; + readonly threatDetectionMethods?: string[]; + bodyFingerprintBin1?: number; + bodyFingerprintBin2?: number; + bodyFingerprintBin3?: number; + bodyFingerprintBin4?: number; + bodyFingerprintBin5?: number; + antispamDirection?: AntispamMailDirection; + deliveryAction?: DeliveryAction; + deliveryLocation?: DeliveryLocation; +}; + +// @public +export type MalwareEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly category?: string; + readonly fileEntityIds?: string[]; + readonly malwareName?: string; + readonly processEntityIds?: string[]; +}; + +// @public +export type MalwareEntityProperties = EntityCommonProperties & { + readonly category?: string; + readonly fileEntityIds?: string[]; + readonly malwareName?: string; + readonly processEntityIds?: string[]; +}; + +// @public (undocumented) +export interface ManualTriggerRequestBody { + // (undocumented) + logicAppsResourceId?: string; + // (undocumented) + tenantId?: string; +} + +// @public +export type MatchingMethod = string; + +// @public +export type McasCheckRequirements = DataConnectorsCheckRequirements & { + kind: "MicrosoftCloudAppSecurity"; + tenantId?: string; +}; + +// @public +export type McasCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type McasDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: McasDataConnectorDataTypes; +}; + +// @public +export type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & { + discoveryLogs?: DataConnectorDataTypeCommon; +}; + +// @public +export type McasDataConnectorProperties = DataConnectorTenantId & { + dataTypes: McasDataConnectorDataTypes; +}; + +// @public +export type MdatpCheckRequirements = DataConnectorsCheckRequirements & { + kind: "MicrosoftDefenderAdvancedThreatProtection"; + tenantId?: string; +}; + +// @public +export type MdatpCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type MdatpDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: AlertsDataTypeOfDataConnector; +}; + +// @public +export type MdatpDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; + +// @public +export interface Metadata { + create(resourceGroupName: string, workspaceName: string, metadataName: string, metadata: MetadataModel, options?: MetadataCreateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, metadataName: string, options?: MetadataDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, metadataName: string, options?: MetadataGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: MetadataListOptionalParams): PagedAsyncIterableIterator; + update(resourceGroupName: string, workspaceName: string, metadataName: string, metadataPatch: MetadataPatch, options?: MetadataUpdateOptionalParams): Promise; +} + +// @public +export interface MetadataAuthor { + email?: string; + link?: string; + name?: string; +} + +// @public +export interface MetadataCategories { + domains?: string[]; + verticals?: string[]; +} + +// @public +export interface MetadataCreateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type MetadataCreateResponse = MetadataModel; + +// @public +export interface MetadataDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface MetadataDependencies { + contentId?: string; + criteria?: MetadataDependencies[]; + kind?: Kind; + name?: string; + operator?: Operator; + version?: string; +} + +// @public +export interface MetadataGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type MetadataGetResponse = MetadataModel; + +// @public +export interface MetadataList { + readonly nextLink?: string; + value: MetadataModel[]; +} + +// @public +export interface MetadataListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skip?: number; + top?: number; +} + +// @public +export type MetadataListNextResponse = MetadataList; + +// @public +export interface MetadataListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skip?: number; + top?: number; +} + +// @public +export type MetadataListResponse = MetadataList; + +// @public +export type MetadataModel = ResourceWithEtag & { + contentId?: string; + parentId?: string; + version?: string; + kind?: Kind; + source?: MetadataSource; + author?: MetadataAuthor; + support?: MetadataSupport; + dependencies?: MetadataDependencies; + categories?: MetadataCategories; + providers?: string[]; + firstPublishDate?: Date; + lastPublishDate?: Date; +}; + +// @public +export type MetadataPatch = ResourceWithEtag & { + contentId?: string; + parentId?: string; + version?: string; + kind?: Kind; + source?: MetadataSource; + author?: MetadataAuthor; + support?: MetadataSupport; + dependencies?: MetadataDependencies; + categories?: MetadataCategories; + providers?: string[]; + firstPublishDate?: Date; + lastPublishDate?: Date; +}; + +// @public +export interface MetadataSource { + kind: SourceKind; + name?: string; + sourceId?: string; +} + +// @public +export interface MetadataSupport { + email?: string; + link?: string; + name?: string; + tier: SupportTier; +} + +// @public +export interface MetadataUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type MetadataUpdateResponse = MetadataModel; + +// @public +export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & { + displayNamesFilter?: string[]; + displayNamesExcludeFilter?: string[]; + productFilter?: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; + alertRuleTemplateName?: string; + description?: string; + displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; +}; + +// @public +export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { + displayNamesExcludeFilter?: string[]; + displayNamesFilter?: string[]; + productFilter: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; +} + +// @public +export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & { + alertRuleTemplateName?: string; + description?: string; + displayName: string; + enabled: boolean; + readonly lastModifiedUtc?: Date; +}; + +// @public +export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly lastUpdatedDateUTC?: Date; + readonly createdDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + displayNamesFilter?: string[]; + displayNamesExcludeFilter?: string[]; + productFilter?: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; +}; + +// @public +export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {}; + +// @public +export type MicrosoftSecurityProductName = string; + +// @public +export type MLBehaviorAnalyticsAlertRule = AlertRule & { + alertRuleTemplateName?: string; + readonly description?: string; + readonly displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; + readonly severity?: AlertSeverity; + readonly tactics?: AttackTactic[]; +}; + +// @public +export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly lastUpdatedDateUTC?: Date; + readonly createdDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + severity?: AlertSeverity; + tactics?: AttackTactic[]; +}; + +// @public +export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { + severity: AlertSeverity; + tactics?: AttackTactic[]; +}; + +// @public +export type MstiCheckRequirements = DataConnectorsCheckRequirements & { + kind: "MicrosoftThreatIntelligence"; + tenantId?: string; +}; + +// @public +export type MstiCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type MstiDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: MstiDataConnectorDataTypes; +}; + +// @public +export interface MstiDataConnectorDataTypes { + bingSafetyPhishingURL: MstiDataConnectorDataTypesBingSafetyPhishingURL; + microsoftEmergingThreatFeed: MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed; +} + +// @public +export type MstiDataConnectorDataTypesBingSafetyPhishingURL = DataConnectorDataTypeCommon & { + lookbackPeriod: string; +}; + +// @public +export type MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed = DataConnectorDataTypeCommon & { + lookbackPeriod: string; +}; + +// @public +export type MstiDataConnectorProperties = DataConnectorTenantId & { + dataTypes: MstiDataConnectorDataTypes; +}; + +// @public +export type MtpCheckRequirements = DataConnectorsCheckRequirements & { + kind: "MicrosoftThreatProtection"; + tenantId?: string; +}; + +// @public +export type MTPCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type MTPDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: MTPDataConnectorDataTypes; +}; + +// @public +export interface MTPDataConnectorDataTypes { + incidents: MTPDataConnectorDataTypesIncidents; +} + +// @public +export type MTPDataConnectorDataTypesIncidents = DataConnectorDataTypeCommon & {}; + +// @public +export type MTPDataConnectorProperties = DataConnectorTenantId & { + dataTypes: MTPDataConnectorDataTypes; +}; + +// @public +export type NrtAlertRule = AlertRule & { + alertRuleTemplateName?: string; + templateVersion?: string; + description?: string; + query?: string; + displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; + suppressionDuration?: string; + suppressionEnabled?: boolean; + severity?: AlertSeverity; + tactics?: AttackTactic[]; + incidentConfiguration?: IncidentConfiguration; + customDetails?: { + [propertyName: string]: string; + }; + entityMappings?: EntityMapping[]; + alertDetailsOverride?: AlertDetailsOverride; +}; + +// @public +export type NrtAlertRuleProperties = QueryBasedAlertRuleProperties & {}; + +// @public +export type NrtAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly lastUpdatedDateUTC?: Date; + readonly createdDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + query?: string; + severity?: AlertSeverity; + tactics?: AttackTactic[]; + version?: string; + customDetails?: { + [propertyName: string]: string; + }; + entityMappings?: EntityMapping[]; + alertDetailsOverride?: AlertDetailsOverride; +}; + +// @public +export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & {}; + +// @public +export type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & { + kind: "Office365Project"; + tenantId?: string; +}; + +// @public +export type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export interface Office365ProjectConnectorDataTypes { + logs: Office365ProjectConnectorDataTypesLogs; +} + +// @public +export type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +// @public +export type Office365ProjectDataConnector = DataConnector & { + dataTypes?: Office365ProjectConnectorDataTypes; +}; + +// @public +export type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & { + kind: "OfficeATP"; + tenantId?: string; +}; + +// @public +export type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type OfficeATPDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: AlertsDataTypeOfDataConnector; +}; + +// @public +export type OfficeATPDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; + +// @public +export type OfficeConsent = Resource & { + tenantId?: string; + consentId?: string; +}; + +// @public +export interface OfficeConsentList { + readonly nextLink?: string; + value: OfficeConsent[]; +} + +// @public +export interface OfficeConsents { + delete(resourceGroupName: string, workspaceName: string, consentId: string, options?: OfficeConsentsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, consentId: string, options?: OfficeConsentsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: OfficeConsentsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface OfficeConsentsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface OfficeConsentsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type OfficeConsentsGetResponse = OfficeConsent; + +// @public +export interface OfficeConsentsListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type OfficeConsentsListNextResponse = OfficeConsentList; + +// @public +export interface OfficeConsentsListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type OfficeConsentsListResponse = OfficeConsentList; + +// @public +export type OfficeDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: OfficeDataConnectorDataTypes; +}; + +// @public +export interface OfficeDataConnectorDataTypes { + exchange: OfficeDataConnectorDataTypesExchange; + sharePoint: OfficeDataConnectorDataTypesSharePoint; + teams: OfficeDataConnectorDataTypesTeams; +} + +// @public +export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; + +// @public +export type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {}; + +// @public +export type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {}; + +// @public +export type OfficeDataConnectorProperties = DataConnectorTenantId & { + dataTypes: OfficeDataConnectorDataTypes; +}; + +// @public +export type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & { + kind: "OfficeIRM"; + tenantId?: string; +}; + +// @public +export type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type OfficeIRMDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: AlertsDataTypeOfDataConnector; +}; + +// @public +export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; + +// @public +export type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & { + kind: "OfficePowerBI"; + tenantId?: string; +}; + +// @public +export type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export interface OfficePowerBIConnectorDataTypes { + logs: OfficePowerBIConnectorDataTypesLogs; +} + +// @public +export type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +// @public +export type OfficePowerBIDataConnector = DataConnector & { + dataTypes?: OfficePowerBIConnectorDataTypes; +}; + +// @public +export interface Operation { + display?: OperationDisplay; + isDataAction?: boolean; + name?: string; + origin?: string; +} + +// @public +export interface OperationDisplay { + description?: string; + operation?: string; + provider?: string; + resource?: string; +} + +// @public +export interface Operations { + list(options?: OperationsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface OperationsList { + readonly nextLink?: string; + value: Operation[]; +} + +// @public +export interface OperationsListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type OperationsListNextResponse = OperationsList; + +// @public +export interface OperationsListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type OperationsListResponse = OperationsList; + +// @public +export type Operator = string; + +// @public +export type OSFamily = "Linux" | "Windows" | "Android" | "IOS" | "Unknown"; + +// @public +export type OutputType = string; + +// @public +export type OwnerType = string; + +// @public +export type PermissionProviderScope = string; + +// @public +interface Permissions_2 { + customs?: PermissionsCustomsItem[]; + resourceProvider?: PermissionsResourceProviderItem[]; +} +export { Permissions_2 as Permissions } + +// @public (undocumented) +export type PermissionsCustomsItem = Customs & {}; + +// @public (undocumented) +export type PermissionsResourceProviderItem = ResourceProvider & {}; + +// @public +export type PollingFrequency = string; + +// @public +export type ProcessEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly accountEntityId?: string; + readonly commandLine?: string; + readonly creationTimeUtc?: Date; + elevationToken?: ElevationToken; + readonly hostEntityId?: string; + readonly hostLogonSessionEntityId?: string; + readonly imageFileEntityId?: string; + readonly parentProcessEntityId?: string; + readonly processId?: string; +}; + +// @public +export type ProcessEntityProperties = EntityCommonProperties & { + readonly accountEntityId?: string; + readonly commandLine?: string; + readonly creationTimeUtc?: Date; + elevationToken?: ElevationToken; + readonly hostEntityId?: string; + readonly hostLogonSessionEntityId?: string; + readonly imageFileEntityId?: string; + readonly parentProcessEntityId?: string; + readonly processId?: string; +}; + +// @public +export interface ProductSettings { + delete(resourceGroupName: string, workspaceName: string, settingsName: string, options?: ProductSettingsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, settingsName: string, options?: ProductSettingsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: ProductSettingsListOptionalParams): Promise; + update(resourceGroupName: string, workspaceName: string, settingsName: string, settings: SettingsUnion, options?: ProductSettingsUpdateOptionalParams): Promise; +} + +// @public +export interface ProductSettingsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface ProductSettingsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ProductSettingsGetResponse = SettingsUnion; + +// @public +export interface ProductSettingsListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ProductSettingsListResponse = SettingList; + +// @public +export interface ProductSettingsUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ProductSettingsUpdateResponse = SettingsUnion; + +// @public +export type PropertyConditionProperties = AutomationRuleCondition & { + conditionType: "Property"; + propertyName?: AutomationRulePropertyConditionSupportedProperty; + operator?: AutomationRulePropertyConditionSupportedOperator; + propertyValues?: string[]; +}; + +// @public +export type ProviderName = string; + +// @public +export interface QueryBasedAlertRuleProperties { + alertDetailsOverride?: AlertDetailsOverride; + alertRuleTemplateName?: string; + customDetails?: { + [propertyName: string]: string; + }; + description?: string; + displayName: string; + enabled: boolean; + entityMappings?: EntityMapping[]; + incidentConfiguration?: IncidentConfiguration; + readonly lastModifiedUtc?: Date; + query?: string; + severity?: AlertSeverity; + suppressionDuration: string; + suppressionEnabled: boolean; + tactics?: AttackTactic[]; + templateVersion?: string; +} + +// @public +export interface QueryBasedAlertRuleTemplateProperties { + alertDetailsOverride?: AlertDetailsOverride; + customDetails?: { + [propertyName: string]: string; + }; + entityMappings?: EntityMapping[]; + query?: string; + severity?: AlertSeverity; + tactics?: AttackTactic[]; + version?: string; +} + +// @public +export type RegistryHive = string; + +// @public +export type RegistryKeyEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly hive?: RegistryHive; + readonly key?: string; +}; + +// @public +export type RegistryKeyEntityProperties = EntityCommonProperties & { + readonly hive?: RegistryHive; + readonly key?: string; +}; + +// @public +export type RegistryValueEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly keyEntityId?: string; + readonly valueData?: string; + readonly valueName?: string; + readonly valueType?: RegistryValueKind; +}; + +// @public +export type RegistryValueEntityProperties = EntityCommonProperties & { + readonly keyEntityId?: string; + readonly valueData?: string; + readonly valueName?: string; + readonly valueType?: RegistryValueKind; +}; + +// @public +export type RegistryValueKind = string; + +// @public +export type Relation = ResourceWithEtag & { + relatedResourceId?: string; + readonly relatedResourceName?: string; + readonly relatedResourceType?: string; + readonly relatedResourceKind?: string; +}; + +// @public +export interface RelationList { + readonly nextLink?: string; + value: Relation[]; +} + +// @public +export interface Repo { + branches?: string[]; + fullName?: string; + url?: string; +} + +// @public +export interface RepoList { + readonly nextLink?: string; + value: Repo[]; +} + +// @public +export interface Repository { + branch?: string; + deploymentLogsUrl?: string; + displayUrl?: string; + pathMapping?: ContentPathMap[]; + url?: string; +} + +// @public +export type RepoType = string; + +// @public +export interface RequiredPermissions { + action?: boolean; + delete?: boolean; + read?: boolean; + write?: boolean; +} + +// @public +export interface Resource { + readonly id?: string; + readonly name?: string; + readonly systemData?: SystemData; + readonly type?: string; +} + +// @public +export interface ResourceProvider { + permissionsDisplayText?: string; + provider?: ProviderName; + providerDisplayName?: string; + requiredPermissions?: RequiredPermissions; + scope?: PermissionProviderScope; +} + +// @public +export type ResourceWithEtag = Resource & { + etag?: string; +}; + +// @public +export interface SampleQueries { + description?: string; + query?: string; +} + +// @public +export type ScheduledAlertRule = AlertRule & { + queryFrequency?: string; + queryPeriod?: string; + triggerOperator?: TriggerOperator; + triggerThreshold?: number; + eventGroupingSettings?: EventGroupingSettings; + alertRuleTemplateName?: string; + templateVersion?: string; + description?: string; + query?: string; + displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; + suppressionDuration?: string; + suppressionEnabled?: boolean; + severity?: AlertSeverity; + tactics?: AttackTactic[]; + incidentConfiguration?: IncidentConfiguration; + customDetails?: { + [propertyName: string]: string; + }; + entityMappings?: EntityMapping[]; + alertDetailsOverride?: AlertDetailsOverride; +}; + +// @public +export interface ScheduledAlertRuleCommonProperties { + eventGroupingSettings?: EventGroupingSettings; + queryFrequency?: string; + queryPeriod?: string; + triggerOperator?: TriggerOperator; + triggerThreshold?: number; +} + +// @public +export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & QueryBasedAlertRuleProperties & {}; + +// @public +export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly lastUpdatedDateUTC?: Date; + readonly createdDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + query?: string; + severity?: AlertSeverity; + tactics?: AttackTactic[]; + version?: string; + customDetails?: { + [propertyName: string]: string; + }; + entityMappings?: EntityMapping[]; + alertDetailsOverride?: AlertDetailsOverride; + queryFrequency?: string; + queryPeriod?: string; + triggerOperator?: TriggerOperator; + triggerThreshold?: number; + eventGroupingSettings?: EventGroupingSettings; +}; + +// @public +export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & ScheduledAlertRuleCommonProperties & {}; + +// @public +export type SecurityAlert = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly alertDisplayName?: string; + readonly alertType?: string; + readonly compromisedEntity?: string; + readonly confidenceLevel?: ConfidenceLevel; + readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[]; + readonly confidenceScore?: number; + readonly confidenceScoreStatus?: ConfidenceScoreStatus; + readonly description?: string; + readonly endTimeUtc?: Date; + readonly intent?: KillChainIntent; + readonly providerAlertId?: string; + readonly processingEndTime?: Date; + readonly productComponentName?: string; + readonly productName?: string; + readonly productVersion?: string; + readonly remediationSteps?: string[]; + severity?: AlertSeverity; + readonly startTimeUtc?: Date; + readonly status?: AlertStatus; + readonly systemAlertId?: string; + readonly tactics?: AttackTactic[]; + readonly timeGenerated?: Date; + readonly vendorName?: string; + readonly alertLink?: string; + readonly resourceIdentifiers?: Record[]; +}; + +// @public +export type SecurityAlertProperties = EntityCommonProperties & { + readonly alertDisplayName?: string; + readonly alertType?: string; + readonly compromisedEntity?: string; + readonly confidenceLevel?: ConfidenceLevel; + readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[]; + readonly confidenceScore?: number; + readonly confidenceScoreStatus?: ConfidenceScoreStatus; + readonly description?: string; + readonly endTimeUtc?: Date; + readonly intent?: KillChainIntent; + readonly providerAlertId?: string; + readonly processingEndTime?: Date; + readonly productComponentName?: string; + readonly productName?: string; + readonly productVersion?: string; + readonly remediationSteps?: string[]; + severity?: AlertSeverity; + readonly startTimeUtc?: Date; + readonly status?: AlertStatus; + readonly systemAlertId?: string; + readonly tactics?: AttackTactic[]; + readonly timeGenerated?: Date; + readonly vendorName?: string; + readonly alertLink?: string; + readonly resourceIdentifiers?: Record[]; +}; + +// @public +export interface SecurityAlertPropertiesConfidenceReasonsItem { + readonly reason?: string; + readonly reasonType?: string; +} + +// @public +export type SecurityAlertTimelineItem = EntityTimelineItem & { + kind: "SecurityAlert"; + azureResourceId: string; + productName?: string; + description?: string; + displayName: string; + severity: AlertSeverity; + endTimeUtc: Date; + startTimeUtc: Date; + timeGenerated: Date; + alertType: string; +}; + +// @public +export type SecurityGroupEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly distinguishedName?: string; + readonly objectGuid?: string; + readonly sid?: string; +}; + +// @public +export type SecurityGroupEntityProperties = EntityCommonProperties & { + readonly distinguishedName?: string; + readonly objectGuid?: string; + readonly sid?: string; +}; + +// @public (undocumented) +export class SecurityInsights extends coreClient.ServiceClient { + // (undocumented) + $host: string; + constructor(credentials: coreAuth.TokenCredential, subscriptionId: string, options?: SecurityInsightsOptionalParams); + // (undocumented) + actions: Actions; + // (undocumented) + alertRules: AlertRules; + // (undocumented) + alertRuleTemplates: AlertRuleTemplates; + // (undocumented) + apiVersion: string; + // (undocumented) + automationRules: AutomationRules; + // (undocumented) + bookmarkOperations: BookmarkOperations; + // (undocumented) + bookmarkRelations: BookmarkRelations; + // (undocumented) + bookmarks: Bookmarks; + // (undocumented) + dataConnectors: DataConnectors; + // (undocumented) + dataConnectorsCheckRequirementsOperations: DataConnectorsCheckRequirementsOperations; + // (undocumented) + domainWhois: DomainWhois; + // (undocumented) + entities: Entities; + // (undocumented) + entitiesGetTimeline: EntitiesGetTimeline; + // (undocumented) + entitiesRelations: EntitiesRelations; + // (undocumented) + entityQueries: EntityQueries; + // (undocumented) + entityQueryTemplates: EntityQueryTemplates; + // (undocumented) + entityRelations: EntityRelations; + // (undocumented) + incidentComments: IncidentComments; + // (undocumented) + incidentRelations: IncidentRelations; + // (undocumented) + incidents: Incidents; + // (undocumented) + iPGeodata: IPGeodata; + // (undocumented) + metadata: Metadata; + // (undocumented) + officeConsents: OfficeConsents; + // (undocumented) + operations: Operations; + // (undocumented) + productSettings: ProductSettings; + // (undocumented) + sentinelOnboardingStates: SentinelOnboardingStates; + // (undocumented) + sourceControlOperations: SourceControlOperations; + // (undocumented) + sourceControls: SourceControls; + // (undocumented) + subscriptionId: string; + // (undocumented) + threatIntelligenceIndicator: ThreatIntelligenceIndicator; + // (undocumented) + threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; + // (undocumented) + threatIntelligenceIndicators: ThreatIntelligenceIndicators; + // (undocumented) + watchlistItems: WatchlistItems; + // (undocumented) + watchlists: Watchlists; +} + +// @public +export interface SecurityInsightsOptionalParams extends coreClient.ServiceClientOptions { + $host?: string; + apiVersion?: string; + endpoint?: string; +} + +// @public +export type SentinelOnboardingState = ResourceWithEtag & { + customerManagedKey?: boolean; +}; + +// @public +export interface SentinelOnboardingStates { + create(resourceGroupName: string, workspaceName: string, sentinelOnboardingStateName: string, options?: SentinelOnboardingStatesCreateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, sentinelOnboardingStateName: string, options?: SentinelOnboardingStatesDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, sentinelOnboardingStateName: string, options?: SentinelOnboardingStatesGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: SentinelOnboardingStatesListOptionalParams): Promise; +} + +// @public +export interface SentinelOnboardingStatesCreateOptionalParams extends coreClient.OperationOptions { + sentinelOnboardingStateParameter?: SentinelOnboardingState; +} + +// @public +export type SentinelOnboardingStatesCreateResponse = SentinelOnboardingState; + +// @public +export interface SentinelOnboardingStatesDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface SentinelOnboardingStatesGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type SentinelOnboardingStatesGetResponse = SentinelOnboardingState; + +// @public +export interface SentinelOnboardingStatesList { + value: SentinelOnboardingState[]; +} + +// @public +export interface SentinelOnboardingStatesListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList; + +// @public +export type SettingKind = string; + +// @public +export interface SettingList { + value: SettingsUnion[]; +} + +// @public +export type Settings = ResourceWithEtag & { + kind: SettingKind; +}; + +// @public (undocumented) +export type SettingsUnion = Settings | Anomalies | EyesOn | EntityAnalytics | Ueba; + +// @public +export type SettingType = string; + +// @public +export interface Sku { + capacityReservationLevel?: number; + name?: SkuKind; +} + +// @public +export type SkuKind = string; + +// @public +export type Source = string; + +// @public +export type SourceControl = ResourceWithEtag & { + idPropertiesId?: string; + displayName?: string; + description?: string; + repoType?: RepoType; + contentTypes?: ContentType[]; + repository?: Repository; +}; + +// @public +export interface SourceControlList { + readonly nextLink?: string; + value: SourceControl[]; +} + +// @public +export interface SourceControlListRepositoriesNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type SourceControlListRepositoriesNextResponse = RepoList; + +// @public +export interface SourceControlListRepositoriesOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type SourceControlListRepositoriesResponse = RepoList; + +// @public +export interface SourceControlOperations { + listRepositories(resourceGroupName: string, workspaceName: string, repoType: RepoType, options?: SourceControlListRepositoriesOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface SourceControls { + create(resourceGroupName: string, workspaceName: string, sourceControlId: string, sourceControl: SourceControl, options?: SourceControlsCreateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, sourceControlId: string, options?: SourceControlsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, sourceControlId: string, options?: SourceControlsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: SourceControlsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface SourceControlsCreateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type SourceControlsCreateResponse = SourceControl; + +// @public +export interface SourceControlsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface SourceControlsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type SourceControlsGetResponse = SourceControl; + +// @public +export interface SourceControlsListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type SourceControlsListNextResponse = SourceControlList; + +// @public +export interface SourceControlsListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type SourceControlsListResponse = SourceControlList; + +// @public +export type SourceKind = string; + +// @public +export type SubmissionMailEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly networkMessageId?: string; + readonly submissionId?: string; + readonly submitter?: string; + readonly submissionDate?: Date; + readonly timestamp?: Date; + readonly recipient?: string; + readonly sender?: string; + readonly senderIp?: string; + readonly subject?: string; + readonly reportType?: string; +}; + +// @public +export type SubmissionMailEntityProperties = EntityCommonProperties & { + readonly networkMessageId?: string; + readonly submissionId?: string; + readonly submitter?: string; + readonly submissionDate?: Date; + readonly timestamp?: Date; + readonly recipient?: string; + readonly sender?: string; + readonly senderIp?: string; + readonly subject?: string; + readonly reportType?: string; +}; + +// @public +export type SupportTier = string; + +// @public +export interface SystemData { + createdAt?: Date; + createdBy?: string; + createdByType?: CreatedByType; + lastModifiedAt?: Date; + lastModifiedBy?: string; + lastModifiedByType?: CreatedByType; +} + +// @public +export interface TeamInformation { + readonly description?: string; + readonly name?: string; + readonly primaryChannelUrl?: string; + readonly teamCreationTimeUtc?: Date; + readonly teamId?: string; +} + +// @public +export interface TeamProperties { + groupIds?: string[]; + memberIds?: string[]; + teamDescription?: string; + teamName: string; +} + +// @public +export type TemplateStatus = string; + +// @public +export interface ThreatIntelligence { + readonly confidence?: number; + readonly providerName?: string; + readonly reportLink?: string; + readonly threatDescription?: string; + readonly threatName?: string; + readonly threatType?: string; +} + +// @public +export type ThreatIntelligenceAlertRule = AlertRule & { + alertRuleTemplateName?: string; + readonly description?: string; + readonly displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; + readonly severity?: AlertSeverity; + readonly tactics?: AttackTactic[]; +}; + +// @public +export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly lastUpdatedDateUTC?: Date; + readonly createdDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + severity?: AlertSeverity; + tactics?: AttackTactic[]; +}; + +// @public +export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { + severity: AlertSeverity; + tactics?: AttackTactic[]; +}; + +// @public +export interface ThreatIntelligenceAppendTags { + threatIntelligenceTags?: string[]; +} + +// @public +export interface ThreatIntelligenceExternalReference { + description?: string; + externalId?: string; + hashes?: { + [propertyName: string]: string; + }; + sourceName?: string; + url?: string; +} + +// @public +export interface ThreatIntelligenceFilteringCriteria { + ids?: string[]; + includeDisabled?: boolean; + keywords?: string[]; + maxConfidence?: number; + maxValidUntil?: string; + minConfidence?: number; + minValidUntil?: string; + pageSize?: number; + patternTypes?: string[]; + skipToken?: string; + sortBy?: ThreatIntelligenceSortingCriteria[]; + sources?: string[]; + threatTypes?: string[]; +} + +// @public +export interface ThreatIntelligenceGranularMarkingModel { + language?: string; + markingRef?: number; + selectors?: string[]; +} + +// @public +export interface ThreatIntelligenceIndicator { + appendTags(resourceGroupName: string, workspaceName: string, name: string, threatIntelligenceAppendTags: ThreatIntelligenceAppendTags, options?: ThreatIntelligenceIndicatorAppendTagsOptionalParams): Promise; + create(resourceGroupName: string, workspaceName: string, name: string, threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, options?: ThreatIntelligenceIndicatorCreateOptionalParams): Promise; + createIndicator(resourceGroupName: string, workspaceName: string, threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, options?: ThreatIntelligenceIndicatorCreateIndicatorOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, name: string, options?: ThreatIntelligenceIndicatorDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, name: string, options?: ThreatIntelligenceIndicatorGetOptionalParams): Promise; + listQueryIndicators(resourceGroupName: string, workspaceName: string, threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams): PagedAsyncIterableIterator; + replaceTags(resourceGroupName: string, workspaceName: string, name: string, threatIntelligenceReplaceTags: ThreatIntelligenceIndicatorModelForRequestBody, options?: ThreatIntelligenceIndicatorReplaceTagsOptionalParams): Promise; +} + +// @public +export interface ThreatIntelligenceIndicatorAppendTagsOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface ThreatIntelligenceIndicatorCreateIndicatorOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ThreatIntelligenceIndicatorCreateIndicatorResponse = ThreatIntelligenceInformationUnion; + +// @public +export interface ThreatIntelligenceIndicatorCreateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ThreatIntelligenceIndicatorCreateResponse = ThreatIntelligenceInformationUnion; + +// @public +export interface ThreatIntelligenceIndicatorDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface ThreatIntelligenceIndicatorGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ThreatIntelligenceIndicatorGetResponse = ThreatIntelligenceInformationUnion; + +// @public +export interface ThreatIntelligenceIndicatorMetrics { + list(resourceGroupName: string, workspaceName: string, options?: ThreatIntelligenceIndicatorMetricsListOptionalParams): Promise; +} + +// @public +export interface ThreatIntelligenceIndicatorMetricsListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList; + +// @public +export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + threatIntelligenceTags?: string[]; + lastUpdatedTimeUtc?: string; + source?: string; + displayName?: string; + description?: string; + indicatorTypes?: string[]; + pattern?: string; + patternType?: string; + patternVersion?: string; + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + parsedPattern?: ThreatIntelligenceParsedPattern[]; + externalId?: string; + createdByRef?: string; + defanged?: boolean; + externalLastUpdatedTimeUtc?: string; + externalReferences?: ThreatIntelligenceExternalReference[]; + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + labels?: string[]; + revoked?: boolean; + confidence?: number; + objectMarkingRefs?: string[]; + language?: string; + threatTypes?: string[]; + validFrom?: string; + validUntil?: string; + created?: string; + modified?: string; + extensions?: { + [propertyName: string]: any; + }; +}; + +// @public +export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { + etag?: string; + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + threatIntelligenceTags?: string[]; + lastUpdatedTimeUtc?: string; + source?: string; + displayName?: string; + description?: string; + indicatorTypes?: string[]; + pattern?: string; + patternType?: string; + patternVersion?: string; + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + parsedPattern?: ThreatIntelligenceParsedPattern[]; + externalId?: string; + createdByRef?: string; + defanged?: boolean; + externalLastUpdatedTimeUtc?: string; + externalReferences?: ThreatIntelligenceExternalReference[]; + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + labels?: string[]; + revoked?: boolean; + confidence?: number; + objectMarkingRefs?: string[]; + language?: string; + threatTypes?: string[]; + validFrom?: string; + validUntil?: string; + created?: string; + modified?: string; + extensions?: { + [propertyName: string]: any; + }; +}; + +// @public +export type ThreatIntelligenceIndicatorProperties = EntityCommonProperties & { + threatIntelligenceTags?: string[]; + lastUpdatedTimeUtc?: string; + source?: string; + displayName?: string; + description?: string; + indicatorTypes?: string[]; + pattern?: string; + patternType?: string; + patternVersion?: string; + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + parsedPattern?: ThreatIntelligenceParsedPattern[]; + externalId?: string; + createdByRef?: string; + defanged?: boolean; + externalLastUpdatedTimeUtc?: string; + externalReferences?: ThreatIntelligenceExternalReference[]; + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + labels?: string[]; + revoked?: boolean; + confidence?: number; + objectMarkingRefs?: string[]; + language?: string; + threatTypes?: string[]; + validFrom?: string; + validUntil?: string; + created?: string; + modified?: string; + extensions?: { + [propertyName: string]: any; + }; +}; + +// @public +export interface ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ThreatIntelligenceIndicatorQueryIndicatorsNextResponse = ThreatIntelligenceInformationList; + +// @public +export interface ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ThreatIntelligenceIndicatorQueryIndicatorsResponse = ThreatIntelligenceInformationList; + +// @public +export interface ThreatIntelligenceIndicatorReplaceTagsOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type ThreatIntelligenceIndicatorReplaceTagsResponse = ThreatIntelligenceInformationUnion; + +// @public +export interface ThreatIntelligenceIndicators { + list(resourceGroupName: string, workspaceName: string, options?: ThreatIntelligenceIndicatorsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface ThreatIntelligenceIndicatorsListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type ThreatIntelligenceIndicatorsListNextResponse = ThreatIntelligenceInformationList; + +// @public +export interface ThreatIntelligenceIndicatorsListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; +} + +// @public +export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList; + +// @public +export type ThreatIntelligenceInformation = ResourceWithEtag & ThreatIntelligenceResourceKind & {}; + +// @public +export interface ThreatIntelligenceInformationList { + readonly nextLink?: string; + value: ThreatIntelligenceInformationUnion[]; +} + +// @public (undocumented) +export type ThreatIntelligenceInformationUnion = ThreatIntelligenceInformation | ThreatIntelligenceIndicatorModel; + +// @public +export interface ThreatIntelligenceKillChainPhase { + killChainName?: string; + phaseName?: string; +} + +// @public +export interface ThreatIntelligenceMetric { + lastUpdatedTimeUtc?: string; + patternTypeMetrics?: ThreatIntelligenceMetricEntity[]; + sourceMetrics?: ThreatIntelligenceMetricEntity[]; + threatTypeMetrics?: ThreatIntelligenceMetricEntity[]; +} + +// @public +export interface ThreatIntelligenceMetricEntity { + metricName?: string; + metricValue?: number; +} + +// @public +export interface ThreatIntelligenceMetrics { + properties?: ThreatIntelligenceMetric; +} + +// @public +export interface ThreatIntelligenceMetricsList { + value: ThreatIntelligenceMetrics[]; +} + +// @public +export interface ThreatIntelligenceParsedPattern { + patternTypeKey?: string; + patternTypeValues?: ThreatIntelligenceParsedPatternTypeValue[]; +} + +// @public +export interface ThreatIntelligenceParsedPatternTypeValue { + value?: string; + valueType?: string; +} + +// @public +export interface ThreatIntelligenceResourceKind { + kind: ThreatIntelligenceResourceKindEnum; +} + +// @public +export type ThreatIntelligenceResourceKindEnum = string; + +// @public +export interface ThreatIntelligenceSortingCriteria { + itemKey?: string; + sortOrder?: ThreatIntelligenceSortingCriteriaEnum; +} + +// @public +export type ThreatIntelligenceSortingCriteriaEnum = string; + +// @public +export type TICheckRequirements = DataConnectorsCheckRequirements & { + kind: "ThreatIntelligence"; + tenantId?: string; +}; + +// @public +export type TICheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type TIDataConnector = DataConnector & { + tenantId?: string; + tipLookbackPeriod?: Date; + dataTypes?: TIDataConnectorDataTypes; +}; + +// @public +export interface TIDataConnectorDataTypes { + indicators: TIDataConnectorDataTypesIndicators; +} + +// @public +export type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {}; + +// @public +export type TIDataConnectorProperties = DataConnectorTenantId & { + tipLookbackPeriod?: Date; + dataTypes: TIDataConnectorDataTypes; +}; + +// @public +export interface TimelineAggregation { + count: number; + kind: EntityTimelineKind; +} + +// @public +export interface TimelineError { + errorMessage: string; + kind: EntityTimelineKind; + queryId?: string; +} + +// @public +export interface TimelineResultsMetadata { + aggregations: TimelineAggregation[]; + errors?: TimelineError[]; + totalCount: number; +} + +// @public +export type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & { + kind: "ThreatIntelligenceTaxii"; + tenantId?: string; +}; + +// @public +export type TiTaxiiCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export type TiTaxiiDataConnector = DataConnector & { + tenantId?: string; + workspaceId?: string; + friendlyName?: string; + taxiiServer?: string; + collectionId?: string; + userName?: string; + password?: string; + taxiiLookbackPeriod?: Date; + pollingFrequency?: PollingFrequency; + dataTypes?: TiTaxiiDataConnectorDataTypes; +}; + +// @public +export interface TiTaxiiDataConnectorDataTypes { + taxiiClient: TiTaxiiDataConnectorDataTypesTaxiiClient; +} + +// @public +export type TiTaxiiDataConnectorDataTypesTaxiiClient = DataConnectorDataTypeCommon & {}; + +// @public +export type TiTaxiiDataConnectorProperties = DataConnectorTenantId & { + workspaceId?: string; + friendlyName?: string; + taxiiServer?: string; + collectionId?: string; + userName?: string; + password?: string; + taxiiLookbackPeriod?: Date; + pollingFrequency: PollingFrequency | null; + dataTypes: TiTaxiiDataConnectorDataTypes; +}; + +// @public +export type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual"; + +// @public +export type TriggersOn = string; + +// @public +export type TriggersWhen = string; + +// @public +export type Ueba = Settings & { + dataSources?: UebaDataSources[]; +}; + +// @public +export type UebaDataSources = string; + +// @public +export type UrlEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly url?: string; +}; + +// @public +export type UrlEntityProperties = EntityCommonProperties & { + readonly url?: string; +}; + +// @public +export interface UserInfo { + readonly email?: string; + readonly name?: string; + objectId?: string; +} + +// @public +export type Watchlist = ResourceWithEtag & { + watchlistId?: string; + displayName?: string; + provider?: string; + source?: Source; + created?: Date; + updated?: Date; + createdBy?: UserInfo; + updatedBy?: UserInfo; + description?: string; + watchlistType?: string; + watchlistAlias?: string; + isDeleted?: boolean; + labels?: string[]; + defaultDuration?: string; + tenantId?: string; + numberOfLinesToSkip?: number; + rawContent?: string; + itemsSearchKey?: string; + contentType?: string; + uploadStatus?: string; + watchlistItemsCount?: number; +}; + +// @public +export type WatchlistItem = ResourceWithEtag & { + watchlistItemType?: string; + watchlistItemId?: string; + tenantId?: string; + isDeleted?: boolean; + created?: Date; + updated?: Date; + createdBy?: UserInfo; + updatedBy?: UserInfo; + itemsKeyValue?: Record; + entityMapping?: Record; +}; + +// @public +export interface WatchlistItemList { + readonly nextLink?: string; + value: WatchlistItem[]; +} + +// @public +export interface WatchlistItems { + createOrUpdate(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, watchlistItem: WatchlistItem, options?: WatchlistItemsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options?: WatchlistItemsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options?: WatchlistItemsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistItemsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface WatchlistItemsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem; + +// @public +export interface WatchlistItemsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface WatchlistItemsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type WatchlistItemsGetResponse = WatchlistItem; + +// @public +export interface WatchlistItemsListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type WatchlistItemsListNextResponse = WatchlistItemList; + +// @public +export interface WatchlistItemsListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type WatchlistItemsListResponse = WatchlistItemList; + +// @public +export interface WatchlistList { + readonly nextLink?: string; + value: Watchlist[]; +} + +// @public +export interface Watchlists { + createOrUpdate(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlist: Watchlist, options?: WatchlistsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: WatchlistsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface WatchlistsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type WatchlistsCreateOrUpdateResponse = Watchlist; + +// @public +export interface WatchlistsDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface WatchlistsGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type WatchlistsGetResponse = Watchlist; + +// @public +export interface WatchlistsListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type WatchlistsListNextResponse = WatchlistList; + +// @public +export interface WatchlistsListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type WatchlistsListResponse = WatchlistList; + +// (No @packageDocumentation comment for this package) + +``` diff --git a/sdk/securityinsight/arm-securityinsight/rollup.config.js b/sdk/securityinsight/arm-securityinsight/rollup.config.js new file mode 100644 index 000000000000..9be1955eb7f1 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/rollup.config.js @@ -0,0 +1,188 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import nodeResolve from "@rollup/plugin-node-resolve"; +import cjs from "@rollup/plugin-commonjs"; +import sourcemaps from "rollup-plugin-sourcemaps"; +import multiEntry from "@rollup/plugin-multi-entry"; +import json from "@rollup/plugin-json"; + +import nodeBuiltins from "builtin-modules"; + +/** + * Gets the proper configuration needed for rollup's commonJS plugin for @opentelemetry/api. + * + * NOTE: this manual configuration is only needed because OpenTelemetry uses an + * __exportStar downleveled helper function to declare its exports which confuses + * rollup's automatic discovery mechanism. + * + * @returns an object reference that can be `...`'d into your cjs() configuration. + */ +export function openTelemetryCommonJs() { + const namedExports = {}; + + for (const key of [ + "@opentelemetry/api", + "@azure/core-tracing/node_modules/@opentelemetry/api" + ]) { + namedExports[key] = [ + "SpanKind", + "TraceFlags", + "getSpan", + "setSpan", + "SpanStatusCode", + "getSpanContext", + "setSpanContext" + ]; + } + + const releasedOpenTelemetryVersions = ["0.10.2", "1.0.0-rc.0"]; + + for (const version of releasedOpenTelemetryVersions) { + namedExports[ + // working around a limitation in the rollup common.js plugin - it's not able to resolve these modules so the named exports listed above will not get applied. We have to drill down to the actual path. + `../../../common/temp/node_modules/.pnpm/@opentelemetry/api@${version}/node_modules/@opentelemetry/api/build/src/index.js` + ] = [ + "SpanKind", + "TraceFlags", + "getSpan", + "setSpan", + "StatusCode", + "CanonicalCode", + "getSpanContext", + "setSpanContext" + ]; + } + + return namedExports; +} + +// #region Warning Handler + +/** + * A function that can determine whether a rollupwarning should be ignored. If + * the function returns `true`, then the warning will not be displayed. + */ + +function ignoreNiseSinonEvalWarnings(warning) { + return ( + warning.code === "EVAL" && + warning.id && + (warning.id.includes("node_modules/nise") || + warning.id.includes("node_modules/sinon")) === true + ); +} + +function ignoreChaiCircularDependencyWarnings(warning) { + return ( + warning.code === "CIRCULAR_DEPENDENCY" && + warning.importer && warning.importer.includes("node_modules/chai") === true + ); +} + +const warningInhibitors = [ + ignoreChaiCircularDependencyWarnings, + ignoreNiseSinonEvalWarnings +]; + +/** + * Construct a warning handler for the shared rollup configuration + * that ignores certain warnings that are not relevant to testing. + */ +function makeOnWarnForTesting() { + return (warning, warn) => { + // If every inhibitor returns false (i.e. no inhibitors), then show the warning + if (warningInhibitors.every((inhib) => !inhib(warning))) { + warn(warning); + } + }; +} + +// #endregion + +function makeBrowserTestConfig() { + const config = { + input: { + include: ["dist-esm/test/**/*.spec.js"], + exclude: ["dist-esm/test/**/node/**"] + }, + output: { + file: `dist-test/index.browser.js`, + format: "umd", + sourcemap: true + }, + preserveSymlinks: false, + plugins: [ + multiEntry({ exports: false }), + nodeResolve({ + mainFields: ["module", "browser"] + }), + cjs({ + namedExports: { + // Chai's strange internal architecture makes it impossible to statically + // analyze its exports. + chai: [ + "version", + "use", + "util", + "config", + "expect", + "should", + "assert" + ], + ...openTelemetryCommonJs() + } + }), + json(), + sourcemaps() + //viz({ filename: "dist-test/browser-stats.html", sourcemap: true }) + ], + onwarn: makeOnWarnForTesting(), + // Disable tree-shaking of test code. In rollup-plugin-node-resolve@5.0.0, + // rollup started respecting the "sideEffects" field in package.json. Since + // our package.json sets "sideEffects=false", this also applies to test + // code, which causes all tests to be removed by tree-shaking. + treeshake: false + }; + + return config; +} + +const defaultConfigurationOptions = { + disableBrowserBundle: false +}; + +export function makeConfig(pkg, options) { + options = { + ...defaultConfigurationOptions, + ...(options || {}) + }; + + const baseConfig = { + // Use the package's module field if it has one + input: pkg["module"] || "dist-esm/src/index.js", + external: [ + ...nodeBuiltins, + ...Object.keys(pkg.dependencies), + ...Object.keys(pkg.devDependencies) + ], + output: { file: "dist/index.js", format: "cjs", sourcemap: true }, + preserveSymlinks: false, + plugins: [sourcemaps(), nodeResolve(), cjs()] + }; + + const config = [baseConfig]; + + if (!options.disableBrowserBundle) { + config.push(makeBrowserTestConfig()); + } + + return config; +} + +export default makeConfig(require("./package.json")); diff --git a/sdk/securityinsight/arm-securityinsight/src/index.ts b/sdk/securityinsight/arm-securityinsight/src/index.ts new file mode 100644 index 000000000000..50cc92ce15d9 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/index.ts @@ -0,0 +1,12 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +/// +export * from "./models"; +export { SecurityInsights } from "./securityInsights"; +export * from "./operationsInterfaces"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/index.ts b/sdk/securityinsight/arm-securityinsight/src/models/index.ts new file mode 100644 index 000000000000..ed5120002208 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/index.ts @@ -0,0 +1,8448 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import * as coreClient from "@azure/core-client"; + +export type AutomationRuleConditionUnion = + | AutomationRuleCondition + | PropertyConditionProperties; +export type AutomationRuleActionUnion = + | AutomationRuleAction + | AutomationRuleModifyPropertiesAction + | AutomationRuleRunPlaybookAction; +export type EntityTimelineItemUnion = + | EntityTimelineItem + | ActivityTimelineItem + | BookmarkTimelineItem + | SecurityAlertTimelineItem; +export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem; +export type DataConnectorsCheckRequirementsUnion = + | DataConnectorsCheckRequirements + | AADCheckRequirements + | AatpCheckRequirements + | ASCCheckRequirements + | AwsCloudTrailCheckRequirements + | AwsS3CheckRequirements + | Dynamics365CheckRequirements + | McasCheckRequirements + | MdatpCheckRequirements + | MstiCheckRequirements + | MtpCheckRequirements + | OfficeATPCheckRequirements + | OfficeIRMCheckRequirements + | Office365ProjectCheckRequirements + | OfficePowerBICheckRequirements + | TICheckRequirements + | TiTaxiiCheckRequirements; +export type AlertRuleTemplateUnion = + | AlertRuleTemplate + | MLBehaviorAnalyticsAlertRuleTemplate + | FusionAlertRuleTemplate + | ThreatIntelligenceAlertRuleTemplate + | MicrosoftSecurityIncidentCreationAlertRuleTemplate + | ScheduledAlertRuleTemplate + | NrtAlertRuleTemplate; +export type EntityUnion = + | Entity + | SecurityAlert + | HuntingBookmark + | AccountEntity + | AzureResourceEntity + | CloudApplicationEntity + | DnsEntity + | FileEntity + | FileHashEntity + | HostEntity + | IoTDeviceEntity + | IpEntity + | MailboxEntity + | MailClusterEntity + | MailMessageEntity + | MalwareEntity + | ProcessEntity + | RegistryKeyEntity + | RegistryValueEntity + | SecurityGroupEntity + | SubmissionMailEntity + | UrlEntity; +export type EntityQueryTemplateUnion = + | EntityQueryTemplate + | ActivityEntityQueryTemplate; +export type ThreatIntelligenceInformationUnion = + | ThreatIntelligenceInformation + | ThreatIntelligenceIndicatorModel; +export type AlertRuleUnion = + | AlertRule + | MLBehaviorAnalyticsAlertRule + | FusionAlertRule + | ThreatIntelligenceAlertRule + | MicrosoftSecurityIncidentCreationAlertRule + | ScheduledAlertRule + | NrtAlertRule; +export type EntityQueryUnion = + | EntityQuery + | ExpansionEntityQuery + | ActivityEntityQuery; +export type CustomEntityQueryUnion = + | CustomEntityQuery + | ActivityCustomEntityQuery; +export type SettingsUnion = + | Settings + | Anomalies + | EyesOn + | EntityAnalytics + | Ueba; +export type DataConnectorUnion = + | DataConnector + | AADDataConnector + | MstiDataConnector + | MTPDataConnector + | AatpDataConnector + | ASCDataConnector + | AwsCloudTrailDataConnector + | AwsS3DataConnector + | McasDataConnector + | Dynamics365DataConnector + | OfficeATPDataConnector + | Office365ProjectDataConnector + | OfficePowerBIDataConnector + | OfficeIRMDataConnector + | MdatpDataConnector + | OfficeDataConnector + | TIDataConnector + | TiTaxiiDataConnector + | CodelessUiDataConnector + | CodelessApiPollingDataConnector; + +/** List all the alert rules. */ +export interface AlertRulesList { + /** + * URL to fetch the next set of alert rules. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of alert rules. */ + value: AlertRuleUnion[]; +} + +/** Common fields that are returned in the response for all Azure Resource Manager resources */ +export interface Resource { + /** + * Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly id?: string; + /** + * The name of the resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly name?: string; + /** + * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly type?: string; + /** + * Azure Resource Manager metadata containing createdBy and modifiedBy information. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly systemData?: SystemData; +} + +/** Metadata pertaining to creation and last modification of the resource. */ +export interface SystemData { + /** The identity that created the resource. */ + createdBy?: string; + /** The type of identity that created the resource. */ + createdByType?: CreatedByType; + /** The timestamp of resource creation (UTC). */ + createdAt?: Date; + /** The identity that last modified the resource. */ + lastModifiedBy?: string; + /** The type of identity that last modified the resource. */ + lastModifiedByType?: CreatedByType; + /** The timestamp of resource last modification (UTC) */ + lastModifiedAt?: Date; +} + +/** Error response structure. */ +export interface CloudError { + /** Error data */ + error?: CloudErrorBody; +} + +/** Error details. */ +export interface CloudErrorBody { + /** + * An identifier for the error. Codes are invariant and are intended to be consumed programmatically. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly code?: string; + /** + * A message describing the error, intended to be suitable for display in a user interface. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly message?: string; +} + +/** List all the actions. */ +export interface ActionsList { + /** + * URL to fetch the next set of actions. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of actions. */ + value: ActionResponse[]; +} + +/** Action property bag base. */ +export interface ActionPropertiesBase { + /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */ + logicAppResourceId: string; +} + +/** List all the alert rule templates. */ +export interface AlertRuleTemplatesList { + /** + * URL to fetch the next set of alert rule templates. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of alert rule templates. */ + value: AlertRuleTemplateUnion[]; +} + +/** Describes automation rule triggering logic */ +export interface AutomationRuleTriggeringLogic { + /** Determines whether the automation rule is enabled or disabled */ + isEnabled: boolean; + /** Determines when the automation rule should automatically expire and be disabled. */ + expirationTimeUtc?: Date; + triggersOn: TriggersOn; + triggersWhen: TriggersWhen; + /** The conditions to evaluate to determine if the automation rule should be triggered on a given object */ + conditions?: AutomationRuleConditionUnion[]; +} + +/** Describes an automation rule condition */ +export interface AutomationRuleCondition { + /** Polymorphic discriminator, which specifies the different types this object can be */ + conditionType: "Property"; +} + +/** Describes an automation rule action */ +export interface AutomationRuleAction { + /** Polymorphic discriminator, which specifies the different types this object can be */ + actionType: "ModifyProperties" | "RunPlaybook"; + order: number; +} + +/** Information on the client (user or application) that made some action */ +export interface ClientInfo { + /** The email of the client. */ + email?: string; + /** The name of the client. */ + name?: string; + /** The object id of the client. */ + objectId?: string; + /** The user principal name of the client. */ + userPrincipalName?: string; +} + +export interface AutomationRulesList { + value?: AutomationRule[]; + nextLink?: string; +} + +export interface ManualTriggerRequestBody { + tenantId?: string; + logicAppsResourceId?: string; +} + +/** List all the bookmarks. */ +export interface BookmarkList { + /** + * URL to fetch the next set of bookmarks. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of bookmarks. */ + value: Bookmark[]; +} + +/** User information that made some action */ +export interface UserInfo { + /** + * The email of the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly email?: string; + /** + * The name of the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly name?: string; + /** The object id of the user. */ + objectId?: string; +} + +/** Describes related incident information for the bookmark */ +export interface IncidentInfo { + /** Incident Id */ + incidentId?: string; + /** The severity of the incident */ + severity?: IncidentSeverity; + /** The title of the incident */ + title?: string; + /** Relation Name */ + relationName?: string; +} + +/** Describes the entity mappings of a single entity */ +export interface BookmarkEntityMappings { + /** The entity type */ + entityType?: string; + /** Array of fields mapping for that entity type */ + fieldMappings?: EntityFieldMapping[]; +} + +/** Map identifiers of a single entity */ +export interface EntityFieldMapping { + /** Alert V3 identifier */ + identifier?: string; + /** The value of the identifier */ + value?: string; +} + +/** List of relations. */ +export interface RelationList { + /** + * URL to fetch the next set of relations. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of relations. */ + value: Relation[]; +} + +/** The parameters required to execute an expand operation on the given bookmark. */ +export interface BookmarkExpandParameters { + /** The end date filter, so the only expansion results returned are before this date. */ + endTime?: Date; + /** The Id of the expansion to perform. */ + expansionId?: string; + /** The start date filter, so the only expansion results returned are after this date. */ + startTime?: Date; +} + +/** The entity expansion result operation response. */ +export interface BookmarkExpandResponse { + /** The metadata from the expansion operation results. */ + metaData?: ExpansionResultsMetadata; + /** The expansion result values. */ + value?: BookmarkExpandResponseValue; +} + +/** Expansion result metadata. */ +export interface ExpansionResultsMetadata { + /** Information of the aggregated nodes in the expansion result. */ + aggregations?: ExpansionResultAggregation[]; +} + +/** Information of a specific aggregation in the expansion result. */ +export interface ExpansionResultAggregation { + /** The common type of the aggregation. (for e.g. entity field name) */ + aggregationType?: string; + /** Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. */ + count: number; + /** The display name of the aggregation by type. */ + displayName?: string; + /** The kind of the aggregated entity. */ + entityKind: EntityKind; +} + +/** The expansion result values. */ +export interface BookmarkExpandResponseValue { + /** Array of the expansion result entities. */ + entities?: EntityUnion[]; + /** Array of expansion result connected entities */ + edges?: ConnectedEntity[]; +} + +/** Expansion result connected entities */ +export interface ConnectedEntity { + /** Entity Id of the connected entity */ + targetEntityId?: string; + /** key-value pairs for a connected entity mapping */ + additionalData?: Record; +} + +/** Geodata information for a given IP address */ +export interface EnrichmentIpGeodata { + /** The autonomous system number associated with this IP address */ + asn?: string; + /** The name of the carrier for this IP address */ + carrier?: string; + /** The city this IP address is located in */ + city?: string; + /** A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100 */ + cityCf?: number; + /** The continent this IP address is located on */ + continent?: string; + /** The county this IP address is located in */ + country?: string; + /** A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100 */ + countryCf?: number; + /** The dotted-decimal or colon-separated string representation of the IP address */ + ipAddr?: string; + /** A description of the connection type of this IP address */ + ipRoutingType?: string; + /** The latitude of this IP address */ + latitude?: string; + /** The longitude of this IP address */ + longitude?: string; + /** The name of the organization for this IP address */ + organization?: string; + /** The type of the organization for this IP address */ + organizationType?: string; + /** The geographic region this IP address is located in */ + region?: string; + /** The state this IP address is located in */ + state?: string; + /** A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100 */ + stateCf?: number; + /** The abbreviated name for the state this IP address is located in */ + stateCode?: string; +} + +/** Whois information for a given domain and associated metadata */ +export interface EnrichmentDomainWhois { + /** The domain for this whois record */ + domain?: string; + /** The hostname of this registrar's whois server */ + server?: string; + /** The timestamp at which this record was created */ + created?: Date; + /** The timestamp at which this record was last updated */ + updated?: Date; + /** The timestamp at which this record will expire */ + expires?: Date; + /** The whois record for a given domain */ + parsedWhois?: EnrichmentDomainWhoisDetails; +} + +/** The whois record for a given domain */ +export interface EnrichmentDomainWhoisDetails { + /** The registrar associated with this domain */ + registrar?: EnrichmentDomainWhoisRegistrarDetails; + /** The set of contacts associated with this domain */ + contacts?: EnrichmentDomainWhoisContacts; + /** A list of name servers associated with this domain */ + nameServers?: string[]; + /** The set of status flags for this whois record */ + statuses?: string[]; +} + +/** The registrar associated with this domain */ +export interface EnrichmentDomainWhoisRegistrarDetails { + /** The name of this registrar */ + name?: string; + /** This registrar's abuse contact email */ + abuseContactEmail?: string; + /** This registrar's abuse contact phone number */ + abuseContactPhone?: string; + /** This registrar's Internet Assigned Numbers Authority id */ + ianaId?: string; + /** This registrar's URL */ + url?: string; + /** The hostname of this registrar's whois server */ + whoisServer?: string; +} + +/** The set of contacts associated with this domain */ +export interface EnrichmentDomainWhoisContacts { + /** The admin contact for this whois record */ + admin?: EnrichmentDomainWhoisContact; + /** The billing contact for this whois record */ + billing?: EnrichmentDomainWhoisContact; + /** The registrant contact for this whois record */ + registrant?: EnrichmentDomainWhoisContact; + /** The technical contact for this whois record */ + tech?: EnrichmentDomainWhoisContact; +} + +/** An individual contact associated with this domain */ +export interface EnrichmentDomainWhoisContact { + /** The name of this contact */ + name?: string; + /** The organization for this contact */ + org?: string; + /** A list describing the street address for this contact */ + street?: string[]; + /** The city for this contact */ + city?: string; + /** The state for this contact */ + state?: string; + /** The postal code for this contact */ + postal?: string; + /** The country for this contact */ + country?: string; + /** The phone number for this contact */ + phone?: string; + /** The fax number for this contact */ + fax?: string; + /** The email address for this contact */ + email?: string; +} + +/** List of all the entities. */ +export interface EntityList { + /** + * URL to fetch the next set of entities. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of entities. */ + value: EntityUnion[]; +} + +/** The parameters required to execute an expand operation on the given entity. */ +export interface EntityExpandParameters { + /** The end date filter, so the only expansion results returned are before this date. */ + endTime?: Date; + /** The Id of the expansion to perform. */ + expansionId?: string; + /** The start date filter, so the only expansion results returned are after this date. */ + startTime?: Date; +} + +/** The entity expansion result operation response. */ +export interface EntityExpandResponse { + /** The metadata from the expansion operation results. */ + metaData?: ExpansionResultsMetadata; + /** The expansion result values. */ + value?: EntityExpandResponseValue; +} + +/** The expansion result values. */ +export interface EntityExpandResponseValue { + /** Array of the expansion result entities. */ + entities?: EntityUnion[]; + /** Array of edges that connects the entity to the list of entities. */ + edges?: EntityEdges[]; +} + +/** The edge that connects the entity to the other entity. */ +export interface EntityEdges { + /** The target entity Id. */ + targetEntityId?: string; + /** A bag of custom fields that should be part of the entity and will be presented to the user. */ + additionalData?: { [propertyName: string]: Record }; +} + +/** The parameters required to execute s timeline operation on the given entity. */ +export interface EntityTimelineParameters { + /** Array of timeline Item kinds. */ + kinds?: EntityTimelineKind[]; + /** The start timeline date, so the results returned are after this date. */ + startTime: Date; + /** The end timeline date, so the results returned are before this date. */ + endTime: Date; + /** The number of bucket for timeline queries aggregation. */ + numberOfBucket?: number; +} + +/** The entity timeline result operation response. */ +export interface EntityTimelineResponse { + /** The metadata from the timeline operation results. */ + metaData?: TimelineResultsMetadata; + /** The timeline result values. */ + value?: EntityTimelineItemUnion[]; +} + +/** Expansion result metadata. */ +export interface TimelineResultsMetadata { + /** the total items found for the timeline request */ + totalCount: number; + /** timeline aggregation per kind */ + aggregations: TimelineAggregation[]; + /** information about the failure queries */ + errors?: TimelineError[]; +} + +/** timeline aggregation information per kind */ +export interface TimelineAggregation { + /** the total items found for a kind */ + count: number; + /** the query kind */ + kind: EntityTimelineKind; +} + +/** Timeline Query Errors. */ +export interface TimelineError { + /** the query kind */ + kind: EntityTimelineKind; + /** the query id */ + queryId?: string; + /** the error message */ + errorMessage: string; +} + +/** Entity timeline Item. */ +export interface EntityTimelineItem { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "Activity" | "Bookmark" | "SecurityAlert"; +} + +/** Retrieve queries for entity result operation response. */ +export interface GetQueriesResponse { + /** The query result values. */ + value?: EntityQueryItemUnion[]; +} + +/** An abstract Query item for entity */ +export interface EntityQueryItem { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "Insight"; + /** + * Query Template ARM ID + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly id?: string; + /** Query Template ARM Name */ + name?: string; + /** ARM Type */ + type?: string; +} + +/** The parameters required to execute insights operation on the given entity. */ +export interface EntityGetInsightsParameters { + /** The start timeline date, so the results returned are after this date. */ + startTime: Date; + /** The end timeline date, so the results returned are before this date. */ + endTime: Date; + /** Indicates if query time range should be extended with default time range of the query. Default value is false */ + addDefaultExtendedTimeRange?: boolean; + /** List of Insights Query Id. If empty, default value is all insights of this entity */ + insightQueryIds?: string[]; +} + +/** The Get Insights result operation response. */ +export interface EntityGetInsightsResponse { + /** The metadata from the get insights operation results. */ + metaData?: GetInsightsResultsMetadata; + /** The insights result values. */ + value?: EntityInsightItem[]; +} + +/** Get Insights result metadata. */ +export interface GetInsightsResultsMetadata { + /** the total items found for the insights request */ + totalCount: number; + /** information about the failed queries */ + errors?: GetInsightsError[]; +} + +/** GetInsights Query Errors. */ +export interface GetInsightsError { + /** the query kind */ + kind: "Insight"; + /** the query id */ + queryId?: string; + /** the error message */ + errorMessage: string; +} + +/** Entity insight Item. */ +export interface EntityInsightItem { + /** The query id of the insight */ + queryId?: string; + /** The Time interval that the query actually executed on. */ + queryTimeInterval?: EntityInsightItemQueryTimeInterval; + /** Query results for table insights query. */ + tableQueryResults?: InsightsTableResult; + /** Query results for table insights query. */ + chartQueryResults?: InsightsTableResult[]; +} + +/** The Time interval that the query actually executed on. */ +export interface EntityInsightItemQueryTimeInterval { + /** Insight query start time */ + startTime?: Date; + /** Insight query end time */ + endTime?: Date; +} + +/** Query results for table insights query. */ +export interface InsightsTableResult { + /** Columns Metadata of the table */ + columns?: InsightsTableResultColumnsItem[]; + /** Rows data of the table */ + rows?: string[][]; +} + +export interface InsightsTableResultColumnsItem { + /** the type of the colum */ + type?: string; + /** the name of the colum */ + name?: string; +} + +/** List of all the entity queries. */ +export interface EntityQueryList { + /** + * URL to fetch the next set of entity queries. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of entity queries. */ + value: EntityQueryUnion[]; +} + +/** List of all the entity query templates. */ +export interface EntityQueryTemplateList { + /** + * URL to fetch the next set of entity query templates. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of entity query templates. */ + value: EntityQueryTemplateUnion[]; +} + +/** List all the incidents. */ +export interface IncidentList { + /** + * URL to fetch the next set of incidents. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of incidents. */ + value: Incident[]; +} + +/** Incident additional data property bag. */ +export interface IncidentAdditionalData { + /** + * The number of alerts in the incident + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly alertsCount?: number; + /** + * The number of bookmarks in the incident + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly bookmarksCount?: number; + /** + * The number of comments in the incident + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly commentsCount?: number; + /** + * List of product names of alerts in the incident + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly alertProductNames?: string[]; + /** + * The provider incident url to the incident in Microsoft 365 Defender portal + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly providerIncidentUrl?: string; + /** + * The tactics associated with incident + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly tactics?: AttackTactic[]; + /** + * The techniques associated with incident's tactics' + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; +} + +/** Represents an incident label */ +export interface IncidentLabel { + /** The name of the label */ + labelName: string; + /** + * The type of the label + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly labelType?: IncidentLabelType; +} + +/** Information on the user an incident is assigned to */ +export interface IncidentOwnerInfo { + /** The email of the user the incident is assigned to. */ + email?: string; + /** The name of the user the incident is assigned to. */ + assignedTo?: string; + /** The object id of the user the incident is assigned to. */ + objectId?: string; + /** The user principal name of the user the incident is assigned to. */ + userPrincipalName?: string; + /** + * The type of the owner the incident is assigned to. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly ownerType?: OwnerType; +} + +/** Describes team information */ +export interface TeamInformation { + /** + * Team ID + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly teamId?: string; + /** + * The primary channel URL of the team + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly primaryChannelUrl?: string; + /** + * The time the team was created + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly teamCreationTimeUtc?: Date; + /** + * The name of the team + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly name?: string; + /** + * The description of the team + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly description?: string; +} + +/** Describes team properties */ +export interface TeamProperties { + /** The name of the team */ + teamName: string; + /** The description of the team */ + teamDescription?: string; + /** List of member IDs to add to the team */ + memberIds?: string[]; + /** List of group IDs to add their members to the team */ + groupIds?: string[]; +} + +/** List of incident alerts. */ +export interface IncidentAlertList { + /** Array of incident alerts. */ + value: SecurityAlert[]; +} + +/** confidence reason item */ +export interface SecurityAlertPropertiesConfidenceReasonsItem { + /** + * The reason's description + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly reason?: string; + /** + * The type (category) of the reason + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly reasonType?: string; +} + +/** Entity common property bag. */ +export interface EntityCommonProperties { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; +} + +/** List of incident bookmarks. */ +export interface IncidentBookmarkList { + /** Array of incident bookmarks. */ + value: HuntingBookmark[]; +} + +/** List of incident comments. */ +export interface IncidentCommentList { + /** + * URL to fetch the next set of comments. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of comments. */ + value: IncidentComment[]; +} + +/** The incident related entities response. */ +export interface IncidentEntitiesResponse { + /** Array of the incident related entities. */ + entities?: EntityUnion[]; + /** The metadata from the incident related entities results. */ + metaData?: IncidentEntitiesResultsMetadata[]; +} + +/** Information of a specific aggregation in the incident related entities result. */ +export interface IncidentEntitiesResultsMetadata { + /** Total number of aggregations of the given kind in the incident related entities result. */ + count: number; + /** The kind of the aggregated entity. */ + entityKind: EntityKind; +} + +/** List of all the metadata. */ +export interface MetadataList { + /** Array of metadata. */ + value: MetadataModel[]; + /** + * URL to fetch the next page of metadata. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; +} + +/** The original source of the content item, where it comes from. */ +export interface MetadataSource { + /** Source type of the content */ + kind: SourceKind; + /** Name of the content source. The repo name, solution name, LA workspace name etc. */ + name?: string; + /** ID of the content source. The solution ID, workspace ID, etc */ + sourceId?: string; +} + +/** Publisher or creator of the content item. */ +export interface MetadataAuthor { + /** Name of the author. Company or person. */ + name?: string; + /** Email of author contact */ + email?: string; + /** Link for author/vendor page */ + link?: string; +} + +/** Support information for the content item. */ +export interface MetadataSupport { + /** Type of support for content item */ + tier: SupportTier; + /** Name of the support contact. Company or person. */ + name?: string; + /** Email of support contact */ + email?: string; + /** Link for support help, like to support page to open a ticket etc. */ + link?: string; +} + +/** Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. */ +export interface MetadataDependencies { + /** Id of the content item we depend on */ + contentId?: string; + /** Type of the content item we depend on */ + kind?: Kind; + /** Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. */ + version?: string; + /** Name of the content item */ + name?: string; + /** Operator used for list of dependencies in criteria array. */ + operator?: Operator; + /** This is the list of dependencies we must fulfill, according to the AND/OR operator */ + criteria?: MetadataDependencies[]; +} + +/** ies for the solution content item */ +export interface MetadataCategories { + /** domain for the solution content item */ + domains?: string[]; + /** Industry verticals for the solution content item */ + verticals?: string[]; +} + +/** List of all the office365 consents. */ +export interface OfficeConsentList { + /** + * URL to fetch the next set of office consents. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of the consents. */ + value: OfficeConsent[]; +} + +/** List of the Sentinel onboarding states */ +export interface SentinelOnboardingStatesList { + /** Array of Sentinel onboarding states */ + value: SentinelOnboardingState[]; +} + +/** List of all the settings. */ +export interface SettingList { + /** Array of settings. */ + value: SettingsUnion[]; +} + +/** List all the source controls. */ +export interface RepoList { + /** + * URL to fetch the next set of repositories. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of repositories. */ + value: Repo[]; +} + +/** Represents a repository. */ +export interface Repo { + /** The url to access the repository. */ + url?: string; + /** The name of the repository. */ + fullName?: string; + /** Array of branches. */ + branches?: string[]; +} + +/** List all the source controls. */ +export interface SourceControlList { + /** + * URL to fetch the next set of source controls. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of source controls. */ + value: SourceControl[]; +} + +/** metadata of a repository. */ +export interface Repository { + /** Url of repository. */ + url?: string; + /** Branch name of repository. */ + branch?: string; + /** Display url of repository. */ + displayUrl?: string; + /** Url to access repository action logs. */ + deploymentLogsUrl?: string; + /** Dictionary of source control content type and path mapping. */ + pathMapping?: ContentPathMap[]; +} + +/** The mapping of content type to a repo path. */ +export interface ContentPathMap { + /** Content type. */ + contentType?: ContentType; + /** The path to the content. */ + path?: string; +} + +/** Describes threat kill chain phase entity */ +export interface ThreatIntelligenceKillChainPhase { + /** Kill chainName name */ + killChainName?: string; + /** Phase name */ + phaseName?: string; +} + +/** Describes parsed pattern entity */ +export interface ThreatIntelligenceParsedPattern { + /** Pattern type key */ + patternTypeKey?: string; + /** Pattern type keys */ + patternTypeValues?: ThreatIntelligenceParsedPatternTypeValue[]; +} + +/** Describes threat kill chain phase entity */ +export interface ThreatIntelligenceParsedPatternTypeValue { + /** Type of the value */ + valueType?: string; + /** Value of parsed pattern */ + value?: string; +} + +/** Describes external reference */ +export interface ThreatIntelligenceExternalReference { + /** External reference description */ + description?: string; + /** External reference ID */ + externalId?: string; + /** External reference source name */ + sourceName?: string; + /** External reference URL */ + url?: string; + /** External reference hashes */ + hashes?: { [propertyName: string]: string }; +} + +/** Describes threat granular marking model entity */ +export interface ThreatIntelligenceGranularMarkingModel { + /** Language granular marking model */ + language?: string; + /** marking reference granular marking model */ + markingRef?: number; + /** granular marking model selectors */ + selectors?: string[]; +} + +/** Describes an entity with kind. */ +export interface ThreatIntelligenceResourceKind { + /** The kind of the entity. */ + kind: ThreatIntelligenceResourceKindEnum; +} + +/** List of all the threat intelligence information objects. */ +export interface ThreatIntelligenceInformationList { + /** + * URL to fetch the next set of information objects. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of threat intelligence information objects. */ + value: ThreatIntelligenceInformationUnion[]; +} + +/** Filtering criteria for querying threat intelligence indicators. */ +export interface ThreatIntelligenceFilteringCriteria { + /** Page size */ + pageSize?: number; + /** Minimum confidence. */ + minConfidence?: number; + /** Maximum confidence. */ + maxConfidence?: number; + /** Start time for ValidUntil filter. */ + minValidUntil?: string; + /** End time for ValidUntil filter. */ + maxValidUntil?: string; + /** Parameter to include/exclude disabled indicators. */ + includeDisabled?: boolean; + /** Columns to sort by and sorting order */ + sortBy?: ThreatIntelligenceSortingCriteria[]; + /** Sources of threat intelligence indicators */ + sources?: string[]; + /** Pattern types */ + patternTypes?: string[]; + /** Threat types of threat intelligence indicators */ + threatTypes?: string[]; + /** Ids of threat intelligence indicators */ + ids?: string[]; + /** Keywords for searching threat intelligence indicators */ + keywords?: string[]; + /** Skip token. */ + skipToken?: string; +} + +/** List of available columns for sorting */ +export interface ThreatIntelligenceSortingCriteria { + /** Column name */ + itemKey?: string; + /** Sorting order (ascending/descending/unsorted). */ + sortOrder?: ThreatIntelligenceSortingCriteriaEnum; +} + +/** List of all the threat intelligence metric fields (type/threat type/source). */ +export interface ThreatIntelligenceMetricsList { + /** Array of threat intelligence metric fields (type/threat type/source). */ + value: ThreatIntelligenceMetrics[]; +} + +/** Threat intelligence metrics. */ +export interface ThreatIntelligenceMetrics { + /** Threat intelligence metrics. */ + properties?: ThreatIntelligenceMetric; +} + +/** Describes threat intelligence metric */ +export interface ThreatIntelligenceMetric { + /** Last updated indicator metric */ + lastUpdatedTimeUtc?: string; + /** Threat type metrics */ + threatTypeMetrics?: ThreatIntelligenceMetricEntity[]; + /** Pattern type metrics */ + patternTypeMetrics?: ThreatIntelligenceMetricEntity[]; + /** Source metrics */ + sourceMetrics?: ThreatIntelligenceMetricEntity[]; +} + +/** Describes threat intelligence metric entity */ +export interface ThreatIntelligenceMetricEntity { + /** Metric name */ + metricName?: string; + /** Metric value */ + metricValue?: number; +} + +/** Array of tags to be appended to the threat intelligence indicator. */ +export interface ThreatIntelligenceAppendTags { + /** List of tags to be appended. */ + threatIntelligenceTags?: string[]; +} + +/** List all the watchlists. */ +export interface WatchlistList { + /** + * URL to fetch the next set of watchlists. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of watchlist. */ + value: Watchlist[]; +} + +/** List all the watchlist items. */ +export interface WatchlistItemList { + /** + * URL to fetch the next set of watchlist item. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of watchlist items. */ + value: WatchlistItem[]; +} + +/** List all the data connectors. */ +export interface DataConnectorList { + /** + * URL to fetch the next set of data connectors. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of data connectors. */ + value: DataConnectorUnion[]; +} + +/** Represents Codeless API Polling data connector. */ +export interface DataConnectorConnectBody { + /** The authentication kind used to poll the data */ + kind?: ConnectAuthKind; + /** The API key of the audit server. */ + apiKey?: string; + /** The client secret of the OAuth 2.0 application. */ + clientSecret?: string; + /** The client id of the OAuth 2.0 application. */ + clientId?: string; + /** The authorization code used in OAuth 2.0 code flow to issue a token. */ + authorizationCode?: string; + /** The user name in the audit log server. */ + userName?: string; + /** The user password in the audit log server. */ + password?: string; + requestConfigUserInputValues?: Record[]; +} + +/** Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). */ +export interface ErrorResponse { + /** The error object. */ + error?: ErrorDetail; +} + +/** The error detail. */ +export interface ErrorDetail { + /** + * The error code. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly code?: string; + /** + * The error message. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly message?: string; + /** + * The error target. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly target?: string; + /** + * The error details. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly details?: ErrorDetail[]; + /** + * The error additional info. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalInfo?: ErrorAdditionalInfo[]; +} + +/** The resource management error additional info. */ +export interface ErrorAdditionalInfo { + /** + * The additional info type. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly type?: string; + /** + * The additional info. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly info?: Record; +} + +/** Data connector requirements properties. */ +export interface DataConnectorsCheckRequirements { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: + | "AzureActiveDirectory" + | "AzureAdvancedThreatProtection" + | "AzureSecurityCenter" + | "AmazonWebServicesCloudTrail" + | "AmazonWebServicesS3" + | "Dynamics365" + | "MicrosoftCloudAppSecurity" + | "MicrosoftDefenderAdvancedThreatProtection" + | "MicrosoftThreatIntelligence" + | "MicrosoftThreatProtection" + | "OfficeATP" + | "OfficeIRM" + | "Office365Project" + | "OfficePowerBI" + | "ThreatIntelligence" + | "ThreatIntelligenceTaxii"; +} + +/** Data connector requirements status. */ +export interface DataConnectorRequirementsState { + /** Authorization state for this connector */ + authorizationState?: DataConnectorAuthorizationState; + /** License state for this connector */ + licenseState?: DataConnectorLicenseState; +} + +/** Lists the operations available in the SecurityInsights RP. */ +export interface OperationsList { + /** + * URL to fetch the next set of operations. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of operations */ + value: Operation[]; +} + +/** Operation provided by provider */ +export interface Operation { + /** Properties of the operation */ + display?: OperationDisplay; + /** Name of the operation */ + name?: string; + /** The origin of the operation */ + origin?: string; + /** Indicates whether the operation is a data action */ + isDataAction?: boolean; +} + +/** Properties of the operation */ +export interface OperationDisplay { + /** Description of the operation */ + description?: string; + /** Operation name */ + operation?: string; + /** Provider name */ + provider?: string; + /** Resource name */ + resource?: string; +} + +/** alert rule template data sources */ +export interface AlertRuleTemplateDataSource { + /** The connector id that provides the following data types */ + connectorId?: string; + /** The data types used by the alert rule template */ + dataTypes?: string[]; +} + +/** Base alert rule template property bag. */ +export interface AlertRuleTemplatePropertiesBase { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; + /** + * The last time that this alert rule template has been updated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The time that this alert rule template has been added. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdDateUTC?: Date; + /** The description of the alert rule template. */ + description?: string; + /** The display name for alert rule template. */ + displayName?: string; + /** The required data sources for this template */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** The alert rule template status. */ + status?: TemplateStatus; +} + +/** Query based alert rule template base property bag. */ +export interface QueryBasedAlertRuleTemplateProperties { + /** The query that creates alerts for this rule. */ + query?: string; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ + version?: string; + /** Dictionary of string key-value pairs of columns to be attached to the alert */ + customDetails?: { [propertyName: string]: string }; + /** Array of the entity mappings of the alert rule */ + entityMappings?: EntityMapping[]; + /** The alert details override settings */ + alertDetailsOverride?: AlertDetailsOverride; +} + +/** Single entity mapping for the alert rule */ +export interface EntityMapping { + /** The V3 type of the mapped entity */ + entityType?: EntityMappingType; + /** array of field mappings for the given entity mapping */ + fieldMappings?: FieldMapping[]; +} + +/** A single field mapping of the mapped entity */ +export interface FieldMapping { + /** the V3 identifier of the entity */ + identifier?: string; + /** the column name to be mapped to the identifier */ + columnName?: string; +} + +/** Settings for how to dynamically override alert static details */ +export interface AlertDetailsOverride { + /** the format containing columns name(s) to override the alert name */ + alertDisplayNameFormat?: string; + /** the format containing columns name(s) to override the alert description */ + alertDescriptionFormat?: string; + /** the column name to take the alert tactics from */ + alertTacticsColumnName?: string; + /** the column name to take the alert severity from */ + alertSeverityColumnName?: string; +} + +/** MicrosoftSecurityIncidentCreation rule common property bag. */ +export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { + /** the alerts' displayNames on which the cases will be generated */ + displayNamesFilter?: string[]; + /** the alerts' displayNames on which the cases will not be generated */ + displayNamesExcludeFilter?: string[]; + /** The alerts' productName on which the cases will be generated */ + productFilter: MicrosoftSecurityProductName; + /** the alerts' severities on which the cases will be generated */ + severitiesFilter?: AlertSeverity[]; +} + +/** Query based alert rule base property bag. */ +export interface QueryBasedAlertRuleProperties { + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ + templateVersion?: string; + /** The description of the alert rule. */ + description?: string; + /** The query that creates alerts for this rule. */ + query?: string; + /** The display name for alerts created by this alert rule. */ + displayName: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled: boolean; + /** + * The last time that this alert rule has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; + /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ + suppressionDuration: string; + /** Determines whether the suppression for this alert rule is enabled or disabled. */ + suppressionEnabled: boolean; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The settings of the incidents that created from alerts triggered by this analytics rule */ + incidentConfiguration?: IncidentConfiguration; + /** Dictionary of string key-value pairs of columns to be attached to the alert */ + customDetails?: { [propertyName: string]: string }; + /** Array of the entity mappings of the alert rule */ + entityMappings?: EntityMapping[]; + /** The alert details override settings */ + alertDetailsOverride?: AlertDetailsOverride; +} + +/** Incident Configuration property bag. */ +export interface IncidentConfiguration { + /** Create incidents from alerts triggered by this analytics rule */ + createIncident: boolean; + /** Set how the alerts that are triggered by this analytics rule, are grouped into incidents */ + groupingConfiguration?: GroupingConfiguration; +} + +/** Grouping configuration property bag. */ +export interface GroupingConfiguration { + /** Grouping enabled */ + enabled: boolean; + /** Re-open closed matching incidents */ + reopenClosedIncident: boolean; + /** Limit the group to alerts created within the lookback duration (in ISO 8601 duration format) */ + lookbackDuration: string; + /** Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. */ + matchingMethod: MatchingMethod; + /** A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used. */ + groupByEntities?: EntityMappingType[]; + /** A list of alert details to group by (when matchingMethod is Selected) */ + groupByAlertDetails?: AlertDetail[]; + /** A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used. */ + groupByCustomDetails?: string[]; +} + +/** Scheduled alert rule template property bag. */ +export interface ScheduledAlertRuleCommonProperties { + /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ + queryFrequency?: string; + /** The period (in ISO 8601 duration format) that this alert rule looks at. */ + queryPeriod?: string; + /** The operation against the threshold that triggers alert rule. */ + triggerOperator?: TriggerOperator; + /** The threshold triggers this alert rule. */ + triggerThreshold?: number; + /** The event grouping settings. */ + eventGroupingSettings?: EventGroupingSettings; +} + +/** Event grouping settings property bag. */ +export interface EventGroupingSettings { + /** The event grouping aggregation kinds */ + aggregationKind?: EventGroupingAggregationKind; +} + +export interface IncidentPropertiesActionOwnerInfo { + objectId?: string; + email?: string; + assignedTo?: string; + userPrincipalName?: string; + ownerType?: IncidentOwnerType; +} + +/** An properties abstract Query item for entity */ +export interface EntityQueryItemProperties { + /** Data types for template */ + dataTypes?: EntityQueryItemPropertiesDataTypesItem[]; + /** The type of the entity */ + inputEntityType?: EntityType; + /** Data types for template */ + requiredInputFieldsSets?: string[][]; + /** The query applied only to entities matching to all filters */ + entitiesFilter?: Record; +} + +export interface EntityQueryItemPropertiesDataTypesItem { + /** Data type name */ + dataType?: string; +} + +/** The insight table query. */ +export interface InsightQueryItemPropertiesTableQuery { + /** List of insight column definitions. */ + columnsDefinitions?: InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem[]; + /** List of insight queries definitions. */ + queriesDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem[]; +} + +export interface InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem { + /** Insight column header. */ + header?: string; + /** Insights Column type. */ + outputType?: OutputType; + /** Is query supports deep-link. */ + supportDeepLink?: boolean; +} + +export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem { + /** Insight column header. */ + filter?: string; + /** Insight column header. */ + summarize?: string; + /** Insight column header. */ + project?: string; + /** Insight column header. */ + linkColumnsDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem[]; +} + +export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem { + /** Insight Link Definition Projected Name. */ + projectedName?: string; + /** Insight Link Definition Query. */ + query?: string; +} + +/** The activity query definitions. */ +export interface InsightQueryItemPropertiesAdditionalQuery { + /** The insight query. */ + query?: string; + /** The insight text. */ + text?: string; +} + +/** The insight chart query. */ +export interface InsightQueryItemPropertiesDefaultTimeRange { + /** The padding for the start time of the query. */ + beforeRange?: string; + /** The padding for the end time of the query. */ + afterRange?: string; +} + +/** The insight chart query. */ +export interface InsightQueryItemPropertiesReferenceTimeRange { + /** Additional query time for looking back. */ + beforeRange?: string; +} + +/** The Activity query definitions */ +export interface ActivityEntityQueriesPropertiesQueryDefinitions { + /** The Activity query to run on a given entity */ + query?: string; +} + +/** The Activity query definitions */ +export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { + /** The Activity query to run on a given entity */ + query?: string; + /** The dimensions we want to summarize the timeline results on, this is comma separated list */ + summarizeBy?: string; +} + +/** The data type definition */ +export interface DataTypeDefinitions { + /** The data type name */ + dataType?: string; +} + +/** The pricing tier of the solution */ +export interface Sku { + /** The kind of the tier */ + name?: SkuKind; + /** The amount of reservation level */ + capacityReservationLevel?: number; +} + +/** Properties data connector on tenant level. */ +export interface DataConnectorTenantId { + /** The tenant id to connect to, and get the data from. */ + tenantId: string; +} + +/** Data connector properties. */ +export interface DataConnectorWithAlertsProperties { + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +} + +/** Alerts data type for data connectors. */ +export interface AlertsDataTypeOfDataConnector { + /** Alerts data type connection. */ + alerts: DataConnectorDataTypeCommon; +} + +/** Common field for data type in data connectors. */ +export interface DataConnectorDataTypeCommon { + /** Describe whether this data type connection is enabled or not. */ + state: DataTypeState; +} + +/** The available data types for Microsoft Threat Intelligence Platforms data connector. */ +export interface MstiDataConnectorDataTypes { + /** Data type for Microsoft Threat Intelligence Platforms data connector. */ + bingSafetyPhishingURL: MstiDataConnectorDataTypesBingSafetyPhishingURL; + /** Data type for Microsoft Threat Intelligence Platforms data connector. */ + microsoftEmergingThreatFeed: MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed; +} + +/** The available data types for Microsoft Threat Protection Platforms data connector. */ +export interface MTPDataConnectorDataTypes { + /** Data type for Microsoft Threat Protection Platforms data connector. */ + incidents: MTPDataConnectorDataTypesIncidents; +} + +/** The available data types for Amazon Web Services CloudTrail data connector. */ +export interface AwsCloudTrailDataConnectorDataTypes { + /** Logs data type. */ + logs: AwsCloudTrailDataConnectorDataTypesLogs; +} + +/** The available data types for Amazon Web Services S3 data connector. */ +export interface AwsS3DataConnectorDataTypes { + /** Logs data type. */ + logs: AwsS3DataConnectorDataTypesLogs; +} + +/** The available data types for Dynamics365 data connector. */ +export interface Dynamics365DataConnectorDataTypes { + /** Common Data Service data type connection. */ + dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities; +} + +/** The available data types for Office Microsoft Project data connector. */ +export interface Office365ProjectConnectorDataTypes { + /** Logs data type. */ + logs: Office365ProjectConnectorDataTypesLogs; +} + +/** The available data types for Office Microsoft PowerBI data connector. */ +export interface OfficePowerBIConnectorDataTypes { + /** Logs data type. */ + logs: OfficePowerBIConnectorDataTypesLogs; +} + +/** The available data types for office data connector. */ +export interface OfficeDataConnectorDataTypes { + /** Exchange data type connection. */ + exchange: OfficeDataConnectorDataTypesExchange; + /** SharePoint data type connection. */ + sharePoint: OfficeDataConnectorDataTypesSharePoint; + /** Teams data type connection. */ + teams: OfficeDataConnectorDataTypesTeams; +} + +/** The available data types for TI (Threat Intelligence) data connector. */ +export interface TIDataConnectorDataTypes { + /** Data type for indicators connection. */ + indicators: TIDataConnectorDataTypesIndicators; +} + +/** The available data types for Threat Intelligence TAXII data connector. */ +export interface TiTaxiiDataConnectorDataTypes { + /** Data type for TAXII connector. */ + taxiiClient: TiTaxiiDataConnectorDataTypesTaxiiClient; +} + +/** Config to describe the instructions blade */ +export interface CodelessUiConnectorConfigProperties { + /** Connector blade title */ + title: string; + /** Connector publisher name */ + publisher: string; + /** Connector description */ + descriptionMarkdown: string; + /** An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery */ + customImage?: string; + /** Name of the table the connector will insert the data to */ + graphQueriesTableName: string; + /** The graph query to show the current data status */ + graphQueries: CodelessUiConnectorConfigPropertiesGraphQueriesItem[]; + /** The sample queries for the connector */ + sampleQueries: CodelessUiConnectorConfigPropertiesSampleQueriesItem[]; + /** Data types to check for last data received */ + dataTypes: CodelessUiConnectorConfigPropertiesDataTypesItem[]; + /** Define the way the connector check connectivity */ + connectivityCriteria: CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem[]; + /** Connector Availability Status */ + availability: Availability; + /** Permissions required for the connector */ + permissions: Permissions; + /** Instruction steps to enable the connector */ + instructionSteps: CodelessUiConnectorConfigPropertiesInstructionStepsItem[]; +} + +/** The graph query to show the current data status */ +export interface GraphQueries { + /** the metric that the query is checking */ + metricName?: string; + /** The legend for the graph */ + legend?: string; + /** The base query for the graph */ + baseQuery?: string; +} + +/** The sample queries for the connector */ +export interface SampleQueries { + /** The sample query description */ + description?: string; + /** the sample query */ + query?: string; +} + +/** Data type for last data received */ +export interface LastDataReceivedDataType { + /** Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder */ + name?: string; + /** Query for indicate last data received */ + lastDataReceivedQuery?: string; +} + +/** Setting for the connector check connectivity */ +export interface ConnectivityCriteria { + /** type of connectivity */ + type?: ConnectivityType; + /** Queries for checking connectivity */ + value?: string[]; +} + +/** Connector Availability Status */ +export interface Availability { + /** The connector Availability Status */ + status?: "1"; + /** Set connector as preview */ + isPreview?: boolean; +} + +/** Permissions required for the connector */ +export interface Permissions { + /** Resource provider permissions required for the connector */ + resourceProvider?: PermissionsResourceProviderItem[]; + /** Customs permissions required for the connector */ + customs?: PermissionsCustomsItem[]; +} + +/** Resource provider permissions required for the connector */ +export interface ResourceProvider { + /** Provider name */ + provider?: ProviderName; + /** Permission description text */ + permissionsDisplayText?: string; + /** Permission provider display name */ + providerDisplayName?: string; + /** Permission provider scope */ + scope?: PermissionProviderScope; + /** Required permissions for the connector */ + requiredPermissions?: RequiredPermissions; +} + +/** Required permissions for the connector */ +export interface RequiredPermissions { + /** action permission */ + action?: boolean; + /** write permission */ + write?: boolean; + /** read permission */ + read?: boolean; + /** delete permission */ + delete?: boolean; +} + +/** Customs permissions required for the connector */ +export interface CustomsPermission { + /** Customs permissions name */ + name?: string; + /** Customs permissions description */ + description?: string; +} + +/** Instruction steps to enable the connector */ +export interface InstructionSteps { + /** Instruction step title */ + title?: string; + /** Instruction step description */ + description?: string; + /** Instruction step details */ + instructions?: InstructionStepsInstructionsItem[]; +} + +/** Instruction step details */ +export interface ConnectorInstructionModelBase { + /** The parameters for the setting */ + parameters?: Record; + /** The kind of the setting */ + type: SettingType; +} + +/** Config to describe the polling config for API poller connector */ +export interface CodelessConnectorPollingConfigProperties { + /** The poller active status */ + isActive?: boolean; + /** Describe the authentication type of the poller */ + auth: CodelessConnectorPollingAuthProperties; + /** Describe the poll request config parameters of the poller */ + request: CodelessConnectorPollingRequestProperties; + /** Describe the poll request paging config of the poller */ + paging?: CodelessConnectorPollingPagingProperties; + /** Describe the response config parameters of the poller */ + response?: CodelessConnectorPollingResponseProperties; +} + +/** Describe the authentication properties needed to successfully authenticate with the server */ +export interface CodelessConnectorPollingAuthProperties { + /** The authentication type */ + authType: string; + /** The header name which the token is sent with */ + apiKeyName?: string; + /** A prefix send in the header before the actual token */ + apiKeyIdentifier?: string; + /** Marks if the key should sent in header */ + isApiKeyInPostPayload?: string; + /** Describes the flow name, for example 'AuthCode' for Oauth 2.0 */ + flowName?: string; + /** The endpoint used to issue a token, used in Oauth 2.0 flow */ + tokenEndpoint?: string; + /** The endpoint used to authorize the user, used in Oauth 2.0 flow */ + authorizationEndpoint?: string; + /** The query parameters used in authorization request, used in Oauth 2.0 flow */ + authorizationEndpointQueryParameters?: Record; + /** The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow */ + redirectionEndpoint?: string; + /** The query headers used in token request, used in Oauth 2.0 flow */ + tokenEndpointHeaders?: Record; + /** The query parameters used in token request, used in Oauth 2.0 flow */ + tokenEndpointQueryParameters?: Record; + /** Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow */ + isClientSecretInHeader?: boolean; + /** The OAuth token scope */ + scope?: string; +} + +/** Describe the request properties needed to successfully pull from the server */ +export interface CodelessConnectorPollingRequestProperties { + /** Describe the endpoint we should pull the data from */ + apiEndpoint: string; + /** Defines the rate limit QPS */ + rateLimitQps?: number; + /** The window interval we will use the pull the data */ + queryWindowInMin: number; + /** The http method type we will use in the poll request, GET or POST */ + httpMethod: string; + /** The time format will be used the query events in a specific window */ + queryTimeFormat: string; + /** Describe the amount of time we should try and poll the data in case of failure */ + retryCount?: number; + /** The number of seconds we will consider as a request timeout */ + timeoutInSeconds?: number; + /** Describe the headers sent in the poll request */ + headers?: Record; + /** Describe the query parameters sent in the poll request */ + queryParameters?: Record; + /** For advanced scenarios for example user name/password embedded in nested JSON payload */ + queryParametersTemplate?: string; + /** This will be used the query events from a start of the time window */ + startTimeAttributeName?: string; + /** This will be used the query events from the end of the time window */ + endTimeAttributeName?: string; +} + +/** Describe the properties needed to make a pagination call */ +export interface CodelessConnectorPollingPagingProperties { + /** Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' */ + pagingType: string; + /** Defines the name of a next page attribute */ + nextPageParaName?: string; + /** Defines the path to a next page token JSON */ + nextPageTokenJsonPath?: string; + /** Defines the path to a page count attribute */ + pageCountAttributePath?: string; + /** Defines the path to a page total count attribute */ + pageTotalCountAttributePath?: string; + /** Defines the path to a paging time stamp attribute */ + pageTimeStampAttributePath?: string; + /** Determines whether to search for the latest time stamp in the events list */ + searchTheLatestTimeStampFromEventsList?: string; + /** Defines the name of the page size parameter */ + pageSizeParaName?: string; + /** Defines the paging size */ + pageSize?: number; +} + +/** Describes the response from the external server */ +export interface CodelessConnectorPollingResponseProperties { + /** Describes the path we should extract the data in the response */ + eventsJsonPaths: string[]; + /** Describes the path we should extract the status code in the response */ + successStatusJsonPath?: string; + /** Describes the path we should extract the status value in the response */ + successStatusValue?: string; + /** Describes if the data in the response is Gzip */ + isGzipCompressed?: boolean; +} + +/** ThreatIntelligence property bag. */ +export interface ThreatIntelligence { + /** + * Confidence (must be between 0 and 1) + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly confidence?: number; + /** + * Name of the provider from whom this Threat Intelligence information was received + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly providerName?: string; + /** + * Report link + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly reportLink?: string; + /** + * Threat description (free text) + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatDescription?: string; + /** + * Threat name (e.g. "Jedobot malware") + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatName?: string; + /** + * Threat type (e.g. "Botnet") + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatType?: string; +} + +/** The geo-location context attached to the ip entity */ +export interface GeoLocation { + /** + * Autonomous System Number + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly asn?: number; + /** + * City name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly city?: string; + /** + * The country code according to ISO 3166 format + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly countryCode?: string; + /** + * Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly countryName?: string; + /** + * The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly latitude?: number; + /** + * The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly longitude?: number; + /** + * State name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly state?: string; +} + +/** An azure resource object with an Etag property */ +export type ResourceWithEtag = Resource & { + /** Etag of the azure resource */ + etag?: string; +}; + +/** Alert rule template. */ +export type AlertRuleTemplate = Resource & { + /** The kind of the alert rule */ + kind: AlertRuleKind; +}; + +/** Specific entity. */ +export type Entity = Resource & { + /** The kind of the entity. */ + kind: EntityKind; +}; + +/** Specific entity query template. */ +export type EntityQueryTemplate = Resource & { + /** the entity query template kind */ + kind: EntityQueryTemplateKind; +}; + +/** Consent for Office365 tenant that already made. */ +export type OfficeConsent = Resource & { + /** The tenantId of the Office365 with the consent. */ + tenantId?: string; + /** Help to easily cascade among the data layers. */ + consentId?: string; +}; + +/** Action property bag. */ +export type ActionResponseProperties = ActionPropertiesBase & { + /** The name of the logic app's workflow. */ + workflowId?: string; +}; + +/** Action property bag. */ +export type ActionRequestProperties = ActionPropertiesBase & { + /** Logic App Callback URL for this specific workflow. */ + triggerUri: string; +}; + +/** Describes an automation rule condition that evaluates a property's value */ +export type PropertyConditionProperties = AutomationRuleCondition & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + conditionType: "Property"; + /** The property to evaluate in an automation rule property condition */ + propertyName?: AutomationRulePropertyConditionSupportedProperty; + operator?: AutomationRulePropertyConditionSupportedOperator; + propertyValues?: string[]; +}; + +/** Describes an automation rule action to modify an object's properties */ +export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + actionType: "ModifyProperties"; + severity?: IncidentSeverity; + status?: IncidentStatus; + classification?: IncidentClassification; + classificationReason?: IncidentClassificationReason; + /** Describes the reason the incident was closed */ + classificationComment?: string; + owner?: IncidentPropertiesActionOwnerInfo; + /** List of labels to add to the incident */ + labels?: IncidentLabel[]; +}; + +/** Describes an automation rule action to run a playbook */ +export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + actionType: "RunPlaybook"; + /** The resource id of the playbook resource */ + logicAppResourceId?: string; + /** The tenant id of the playbook resource */ + tenantId?: string; +}; + +/** Represents Activity timeline item. */ +export type ActivityTimelineItem = EntityTimelineItem & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "Activity"; + /** The activity query id. */ + queryId: string; + /** The grouping bucket start time. */ + bucketStartTimeUTC: Date; + /** The grouping bucket end time. */ + bucketEndTimeUTC: Date; + /** The time of the first activity in the grouping bucket. */ + firstActivityTimeUTC: Date; + /** The time of the last activity in the grouping bucket. */ + lastActivityTimeUTC: Date; + /** The activity timeline content. */ + content: string; + /** The activity timeline title. */ + title: string; +}; + +/** Represents bookmark timeline item. */ +export type BookmarkTimelineItem = EntityTimelineItem & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "Bookmark"; + /** The bookmark azure resource id. */ + azureResourceId: string; + /** The bookmark display name. */ + displayName?: string; + /** The notes of the bookmark */ + notes?: string; + /** The bookmark end time. */ + endTimeUtc?: Date; + /** The bookmark start time. */ + startTimeUtc?: Date; + /** The bookmark event time. */ + eventTime?: Date; + /** Describes a user that created the bookmark */ + createdBy?: UserInfo; + /** List of labels relevant to this bookmark */ + labels?: string[]; +}; + +/** Represents security alert timeline item. */ +export type SecurityAlertTimelineItem = EntityTimelineItem & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "SecurityAlert"; + /** The alert azure resource id. */ + azureResourceId: string; + /** The alert product name. */ + productName?: string; + /** The alert description. */ + description?: string; + /** The alert name. */ + displayName: string; + /** The alert severity. */ + severity: AlertSeverity; + /** The alert end time. */ + endTimeUtc: Date; + /** The alert start time. */ + startTimeUtc: Date; + /** The alert generated time. */ + timeGenerated: Date; + /** The name of the alert type. */ + alertType: string; +}; + +/** Represents Insight Query. */ +export type InsightQueryItem = EntityQueryItem & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "Insight"; + /** Properties bag for InsightQueryItem */ + properties?: InsightQueryItemProperties; +}; + +/** SecurityAlert entity property bag. */ +export type SecurityAlertProperties = EntityCommonProperties & { + /** + * The display name of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly alertDisplayName?: string; + /** + * The type name of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly alertType?: string; + /** + * Display name of the main entity being reported on. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly compromisedEntity?: string; + /** + * The confidence level of this alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly confidenceLevel?: ConfidenceLevel; + /** + * The confidence reasons + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[]; + /** + * The confidence score of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly confidenceScore?: number; + /** + * The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly confidenceScoreStatus?: ConfidenceScoreStatus; + /** + * Alert description. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly description?: string; + /** + * The impact end time of the alert (the time of the last event contributing to the alert). + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly endTimeUtc?: Date; + /** + * Holds the alert intent stage(s) mapping for this alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly intent?: KillChainIntent; + /** + * The identifier of the alert inside the product which generated the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly providerAlertId?: string; + /** + * The time the alert was made available for consumption. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly processingEndTime?: Date; + /** + * The name of a component inside the product which generated the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly productComponentName?: string; + /** + * The name of the product which published this alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly productName?: string; + /** + * The version of the product generating the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly productVersion?: string; + /** + * Manual action items to take to remediate the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly remediationSteps?: string[]; + /** The severity of the alert */ + severity?: AlertSeverity; + /** + * The impact start time of the alert (the time of the first event contributing to the alert). + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly startTimeUtc?: Date; + /** + * The lifecycle status of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly status?: AlertStatus; + /** + * Holds the product identifier of the alert for the product. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly systemAlertId?: string; + /** + * The tactics of the alert + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly tactics?: AttackTactic[]; + /** + * The time the alert was generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly timeGenerated?: Date; + /** + * The name of the vendor that raise the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly vendorName?: string; + /** + * The uri link of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly alertLink?: string; + /** + * The list of resource identifiers of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly resourceIdentifiers?: Record[]; +}; + +/** Describes bookmark properties */ +export type HuntingBookmarkProperties = EntityCommonProperties & { + /** The time the bookmark was created */ + created?: Date; + /** Describes a user that created the bookmark */ + createdBy?: UserInfo; + /** The display name of the bookmark */ + displayName: string; + /** The time of the event */ + eventTime?: Date; + /** List of labels relevant to this bookmark */ + labels?: string[]; + /** The notes of the bookmark */ + notes?: string; + /** The query of the bookmark. */ + query: string; + /** The query result of the bookmark. */ + queryResult?: string; + /** The last time the bookmark was updated */ + updated?: Date; + /** Describes a user that updated the bookmark */ + updatedBy?: UserInfo; + /** Describes an incident that relates to bookmark */ + incidentInfo?: IncidentInfo; +}; + +/** Describes threat intelligence entity properties */ +export type ThreatIntelligenceIndicatorProperties = EntityCommonProperties & { + /** List of tags */ + threatIntelligenceTags?: string[]; + /** Last updated time in UTC */ + lastUpdatedTimeUtc?: string; + /** Source of a threat intelligence entity */ + source?: string; + /** Display name of a threat intelligence entity */ + displayName?: string; + /** Description of a threat intelligence entity */ + description?: string; + /** Indicator types of threat intelligence entities */ + indicatorTypes?: string[]; + /** Pattern of a threat intelligence entity */ + pattern?: string; + /** Pattern type of a threat intelligence entity */ + patternType?: string; + /** Pattern version of a threat intelligence entity */ + patternVersion?: string; + /** Kill chain phases */ + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + /** Parsed patterns */ + parsedPattern?: ThreatIntelligenceParsedPattern[]; + /** External ID of threat intelligence entity */ + externalId?: string; + /** Created by reference of threat intelligence entity */ + createdByRef?: string; + /** Is threat intelligence entity defanged */ + defanged?: boolean; + /** External last updated time in UTC */ + externalLastUpdatedTimeUtc?: string; + /** External References */ + externalReferences?: ThreatIntelligenceExternalReference[]; + /** Granular Markings */ + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + /** Labels of threat intelligence entity */ + labels?: string[]; + /** Is threat intelligence entity revoked */ + revoked?: boolean; + /** Confidence of threat intelligence entity */ + confidence?: number; + /** Threat intelligence entity object marking references */ + objectMarkingRefs?: string[]; + /** Language of threat intelligence entity */ + language?: string; + /** Threat types */ + threatTypes?: string[]; + /** Valid from */ + validFrom?: string; + /** Valid until */ + validUntil?: string; + /** Created by */ + created?: string; + /** Modified by */ + modified?: string; + /** Extensions map */ + extensions?: { [propertyName: string]: any }; +}; + +/** Account entity property bag. */ +export type AccountEntityProperties = EntityCommonProperties & { + /** + * The Azure Active Directory tenant id. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly aadTenantId?: string; + /** + * The Azure Active Directory user id. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly aadUserId?: string; + /** + * The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly accountName?: string; + /** + * The display name of the account. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly displayName?: string; + /** + * The Host entity id that contains the account in case it is a local account (not domain joined) + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostEntityId?: string; + /** + * Determines whether this is a domain account. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isDomainJoined?: boolean; + /** + * The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly ntDomain?: string; + /** + * The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly objectGuid?: string; + /** + * The Azure Active Directory Passport User ID. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly puid?: string; + /** + * The account security identifier, e.g. S-1-5-18. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sid?: string; + /** + * The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly upnSuffix?: string; + /** + * The fully qualified domain DNS name. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly dnsDomain?: string; +}; + +/** AzureResource entity property bag. */ +export type AzureResourceEntityProperties = EntityCommonProperties & { + /** + * The azure resource id of the resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly resourceId?: string; + /** + * The subscription id of the resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly subscriptionId?: string; +}; + +/** CloudApplication entity property bag. */ +export type CloudApplicationEntityProperties = EntityCommonProperties & { + /** + * The technical identifier of the application. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly appId?: number; + /** + * The name of the related cloud application. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly appName?: string; + /** + * The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly instanceName?: string; +}; + +/** Dns entity property bag. */ +export type DnsEntityProperties = EntityCommonProperties & { + /** + * An ip entity id for the dns server resolving the request + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly dnsServerIpEntityId?: string; + /** + * The name of the dns record associated with the alert + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly domainName?: string; + /** + * An ip entity id for the dns request client + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostIpAddressEntityId?: string; + /** + * Ip entity identifiers for the resolved ip address. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly ipAddressEntityIds?: string[]; +}; + +/** File entity property bag. */ +export type FileEntityProperties = EntityCommonProperties & { + /** + * The full path to the file. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly directory?: string; + /** + * The file hash entity identifiers associated with this file + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly fileHashEntityIds?: string[]; + /** + * The file name without path (some alerts might not include path). + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly fileName?: string; + /** + * The Host entity id which the file belongs to + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostEntityId?: string; +}; + +/** FileHash entity property bag. */ +export type FileHashEntityProperties = EntityCommonProperties & { + /** + * The hash algorithm type. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly algorithm?: FileHashAlgorithm; + /** + * The file hash value. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hashValue?: string; +}; + +/** Host entity property bag. */ +export type HostEntityProperties = EntityCommonProperties & { + /** + * The azure resource id of the VM. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly azureID?: string; + /** + * The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly dnsDomain?: string; + /** + * The hostname without the domain suffix. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostName?: string; + /** + * Determines whether this host belongs to a domain. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isDomainJoined?: boolean; + /** + * The host name (pre-windows2000). + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly netBiosName?: string; + /** + * The NT domain that this host belongs to. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly ntDomain?: string; + /** + * The OMS agent id, if the host has OMS agent installed. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly omsAgentID?: string; + /** The operating system type. */ + osFamily?: OSFamily; + /** + * A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly osVersion?: string; +}; + +/** IoTDevice entity property bag. */ +export type IoTDeviceEntityProperties = EntityCommonProperties & { + /** + * The ID of the IoT Device in the IoT Hub + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly deviceId?: string; + /** + * The friendly name of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly deviceName?: string; + /** + * The source of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly source?: string; + /** + * The ID of the security agent running on the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly iotSecurityAgentId?: string; + /** + * The type of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly deviceType?: string; + /** + * The vendor of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly vendor?: string; + /** + * The ID of the edge device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly edgeId?: string; + /** + * The MAC address of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly macAddress?: string; + /** + * The model of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly model?: string; + /** + * The serial number of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly serialNumber?: string; + /** + * The firmware version of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly firmwareVersion?: string; + /** + * The operating system of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly operatingSystem?: string; + /** + * The AzureResource entity id of the IoT Hub + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly iotHubEntityId?: string; + /** + * The Host entity id of this device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostEntityId?: string; + /** + * The IP entity if of this device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly ipAddressEntityId?: string; + /** + * A list of TI contexts attached to the IoTDevice entity. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatIntelligence?: ThreatIntelligence[]; + /** + * A list of protocols of the IoTDevice entity. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly protocols?: string[]; +}; + +/** Ip entity property bag. */ +export type IpEntityProperties = EntityCommonProperties & { + /** + * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly address?: string; + /** + * The geo-location context attached to the ip entity + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly location?: GeoLocation; + /** + * A list of TI contexts attached to the ip entity. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatIntelligence?: ThreatIntelligence[]; +}; + +/** Mailbox entity property bag. */ +export type MailboxEntityProperties = EntityCommonProperties & { + /** + * The mailbox's primary address + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly mailboxPrimaryAddress?: string; + /** + * The mailbox's display name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly displayName?: string; + /** + * The mailbox's UPN + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly upn?: string; + /** + * The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly externalDirectoryObjectId?: string; +}; + +/** Mail cluster entity property bag. */ +export type MailClusterEntityProperties = EntityCommonProperties & { + /** + * The mail message IDs that are part of the mail cluster + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly networkMessageIds?: string[]; + /** + * Count of mail messages by DeliveryStatus string representation + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly countByDeliveryStatus?: Record; + /** + * Count of mail messages by ThreatType string representation + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly countByThreatType?: Record; + /** + * Count of mail messages by ProtectionStatus string representation + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly countByProtectionStatus?: Record; + /** + * The threats of mail messages that are part of the mail cluster + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threats?: string[]; + /** + * The query that was used to identify the messages of the mail cluster + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly query?: string; + /** + * The query time + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly queryTime?: Date; + /** + * The number of mail messages that are part of the mail cluster + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly mailCount?: number; + /** + * Is this a volume anomaly mail cluster + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isVolumeAnomaly?: boolean; + /** + * The source of the mail cluster (default is 'O365 ATP') + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly source?: string; + /** + * The id of the cluster source + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly clusterSourceIdentifier?: string; + /** + * The type of the cluster source + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly clusterSourceType?: string; + /** + * The cluster query start time + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly clusterQueryStartTime?: Date; + /** + * The cluster query end time + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly clusterQueryEndTime?: Date; + /** + * The cluster group + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly clusterGroup?: string; +}; + +/** Mail message entity property bag. */ +export type MailMessageEntityProperties = EntityCommonProperties & { + /** + * The File entity ids of this mail message's attachments + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly fileEntityIds?: string[]; + /** + * The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly recipient?: string; + /** + * The Urls contained in this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly urls?: string[]; + /** + * The threats of this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threats?: string[]; + /** + * The p1 sender's email address + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p1Sender?: string; + /** + * The p1 sender's display name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p1SenderDisplayName?: string; + /** + * The p1 sender's domain + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p1SenderDomain?: string; + /** + * The sender's IP address + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly senderIP?: string; + /** + * The p2 sender's email address + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p2Sender?: string; + /** + * The p2 sender's display name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p2SenderDisplayName?: string; + /** + * The p2 sender's domain + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p2SenderDomain?: string; + /** + * The receive date of this message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly receiveDate?: Date; + /** + * The network message id of this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly networkMessageId?: string; + /** + * The internet message id of this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly internetMessageId?: string; + /** + * The subject of this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly subject?: string; + /** + * The language of this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly language?: string; + /** + * The threat detection methods + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatDetectionMethods?: string[]; + /** The bodyFingerprintBin1 */ + bodyFingerprintBin1?: number; + /** The bodyFingerprintBin2 */ + bodyFingerprintBin2?: number; + /** The bodyFingerprintBin3 */ + bodyFingerprintBin3?: number; + /** The bodyFingerprintBin4 */ + bodyFingerprintBin4?: number; + /** The bodyFingerprintBin5 */ + bodyFingerprintBin5?: number; + /** The directionality of this mail message */ + antispamDirection?: AntispamMailDirection; + /** The delivery action of this mail message like Delivered, Blocked, Replaced etc */ + deliveryAction?: DeliveryAction; + /** The delivery location of this mail message like Inbox, JunkFolder etc */ + deliveryLocation?: DeliveryLocation; +}; + +/** Malware entity property bag. */ +export type MalwareEntityProperties = EntityCommonProperties & { + /** + * The malware category by the vendor, e.g. Trojan + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly category?: string; + /** + * List of linked file entity identifiers on which the malware was found + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly fileEntityIds?: string[]; + /** + * The malware name by the vendor, e.g. Win32/Toga!rfn + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly malwareName?: string; + /** + * List of linked process entity identifiers on which the malware was found. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly processEntityIds?: string[]; +}; + +/** Process entity property bag. */ +export type ProcessEntityProperties = EntityCommonProperties & { + /** + * The account entity id running the processes. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly accountEntityId?: string; + /** + * The command line used to create the process + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly commandLine?: string; + /** + * The time when the process started to run + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly creationTimeUtc?: Date; + /** The elevation token associated with the process. */ + elevationToken?: ElevationToken; + /** + * The host entity id on which the process was running + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostEntityId?: string; + /** + * The session entity id in which the process was running + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostLogonSessionEntityId?: string; + /** + * Image file entity id + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly imageFileEntityId?: string; + /** + * The parent process entity id. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly parentProcessEntityId?: string; + /** + * The process ID + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly processId?: string; +}; + +/** RegistryKey entity property bag. */ +export type RegistryKeyEntityProperties = EntityCommonProperties & { + /** + * the hive that holds the registry key. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hive?: RegistryHive; + /** + * The registry key path. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly key?: string; +}; + +/** RegistryValue entity property bag. */ +export type RegistryValueEntityProperties = EntityCommonProperties & { + /** + * The registry key entity id. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly keyEntityId?: string; + /** + * String formatted representation of the value data. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly valueData?: string; + /** + * The registry value name. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly valueName?: string; + /** + * Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly valueType?: RegistryValueKind; +}; + +/** SecurityGroup entity property bag. */ +export type SecurityGroupEntityProperties = EntityCommonProperties & { + /** + * The group distinguished name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly distinguishedName?: string; + /** + * A single-value attribute that is the unique identifier for the object, assigned by active directory. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly objectGuid?: string; + /** + * The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sid?: string; +}; + +/** Submission mail entity property bag. */ +export type SubmissionMailEntityProperties = EntityCommonProperties & { + /** + * The network message id of email to which submission belongs + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly networkMessageId?: string; + /** + * The submission id + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly submissionId?: string; + /** + * The submitter + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly submitter?: string; + /** + * The submission date + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly submissionDate?: Date; + /** + * The Time stamp when the message is received (Mail) + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly timestamp?: Date; + /** + * The recipient of the mail + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly recipient?: string; + /** + * The sender of the mail + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sender?: string; + /** + * The sender's IP + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly senderIp?: string; + /** + * The subject of submission mail + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly subject?: string; + /** + * The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly reportType?: string; +}; + +/** Url entity property bag. */ +export type UrlEntityProperties = EntityCommonProperties & { + /** + * A full URL the entity points to + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly url?: string; +}; + +/** Threat intelligence indicator entity used in request body. */ +export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { + /** Etag of the azure resource */ + etag?: string; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** List of tags */ + threatIntelligenceTags?: string[]; + /** Last updated time in UTC */ + lastUpdatedTimeUtc?: string; + /** Source of a threat intelligence entity */ + source?: string; + /** Display name of a threat intelligence entity */ + displayName?: string; + /** Description of a threat intelligence entity */ + description?: string; + /** Indicator types of threat intelligence entities */ + indicatorTypes?: string[]; + /** Pattern of a threat intelligence entity */ + pattern?: string; + /** Pattern type of a threat intelligence entity */ + patternType?: string; + /** Pattern version of a threat intelligence entity */ + patternVersion?: string; + /** Kill chain phases */ + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + /** Parsed patterns */ + parsedPattern?: ThreatIntelligenceParsedPattern[]; + /** External ID of threat intelligence entity */ + externalId?: string; + /** Created by reference of threat intelligence entity */ + createdByRef?: string; + /** Is threat intelligence entity defanged */ + defanged?: boolean; + /** External last updated time in UTC */ + externalLastUpdatedTimeUtc?: string; + /** External References */ + externalReferences?: ThreatIntelligenceExternalReference[]; + /** Granular Markings */ + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + /** Labels of threat intelligence entity */ + labels?: string[]; + /** Is threat intelligence entity revoked */ + revoked?: boolean; + /** Confidence of threat intelligence entity */ + confidence?: number; + /** Threat intelligence entity object marking references */ + objectMarkingRefs?: string[]; + /** Language of threat intelligence entity */ + language?: string; + /** Threat types */ + threatTypes?: string[]; + /** Valid from */ + validFrom?: string; + /** Valid until */ + validUntil?: string; + /** Created by */ + created?: string; + /** Modified by */ + modified?: string; + /** Extensions map */ + extensions?: { [propertyName: string]: any }; +}; + +/** Threat intelligence information object. */ +export type ThreatIntelligenceInformation = ResourceWithEtag & + ThreatIntelligenceResourceKind & {}; + +/** Represents AAD (Azure Active Directory) requirements check request. */ +export type AADCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "AzureActiveDirectory"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents AATP (Azure Advanced Threat Protection) requirements check request. */ +export type AatpCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "AzureAdvancedThreatProtection"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents ASC (Azure Security Center) requirements check request. */ +export type ASCCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "AzureSecurityCenter"; + /** The subscription id to connect to, and get the data from. */ + subscriptionId?: string; +}; + +/** Amazon Web Services CloudTrail requirements check request. */ +export type AwsCloudTrailCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "AmazonWebServicesCloudTrail"; +}; + +/** Amazon Web Services S3 requirements check request. */ +export type AwsS3CheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "AmazonWebServicesS3"; +}; + +/** Represents Dynamics365 requirements check request. */ +export type Dynamics365CheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "Dynamics365"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents MCAS (Microsoft Cloud App Security) requirements check request. */ +export type McasCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "MicrosoftCloudAppSecurity"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. */ +export type MdatpCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "MicrosoftDefenderAdvancedThreatProtection"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents Microsoft Threat Intelligence requirements check request. */ +export type MstiCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "MicrosoftThreatIntelligence"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents MTP (Microsoft Threat Protection) requirements check request. */ +export type MtpCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "MicrosoftThreatProtection"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. */ +export type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "OfficeATP"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. */ +export type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "OfficeIRM"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents Office365 Project requirements check request. */ +export type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "Office365Project"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents Office PowerBI requirements check request. */ +export type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "OfficePowerBI"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Threat Intelligence Platforms data connector check requirements */ +export type TICheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "ThreatIntelligence"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Threat Intelligence TAXII data connector check requirements */ +export type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "ThreatIntelligenceTaxii"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** MLBehaviorAnalytics alert rule template properties. */ +export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { + /** The severity for alerts created by this alert rule. */ + severity: AlertSeverity; + /** The tactics of the alert rule template. */ + tactics?: AttackTactic[]; +}; + +/** Fusion alert rule template properties */ +export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { + /** The severity for alerts created by this alert rule. */ + severity: AlertSeverity; + /** The tactics of the alert rule template */ + tactics?: AttackTactic[]; +}; + +/** Threat Intelligence alert rule template properties */ +export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { + /** The severity for alerts created by this alert rule. */ + severity: AlertSeverity; + /** The tactics of the alert rule template */ + tactics?: AttackTactic[]; +}; + +/** MicrosoftSecurityIncidentCreation rule template properties */ +export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & + MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {}; + +/** Scheduled alert rule template properties */ +export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & + QueryBasedAlertRuleTemplateProperties & + ScheduledAlertRuleCommonProperties & {}; + +/** NRT alert rule template properties */ +export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & + QueryBasedAlertRuleTemplateProperties & {}; + +/** MicrosoftSecurityIncidentCreation rule property bag. */ +export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & { + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** The description of the alert rule. */ + description?: string; + /** The display name for alerts created by this alert rule. */ + displayName: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled: boolean; + /** + * The last time that this alert has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; +}; + +/** Scheduled alert rule base property bag. */ +export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & + QueryBasedAlertRuleProperties & {}; + +/** Nrt alert rule base property bag. */ +export type NrtAlertRuleProperties = QueryBasedAlertRuleProperties & {}; + +/** Represents Insight Query. */ +export type InsightQueryItemProperties = EntityQueryItemProperties & { + /** The insight display name. */ + displayName?: string; + /** The insight description. */ + description?: string; + /** The base query of the insight. */ + baseQuery?: string; + /** The insight table query. */ + tableQuery?: InsightQueryItemPropertiesTableQuery; + /** The insight chart query. */ + chartQuery?: Record; + /** The activity query definitions. */ + additionalQuery?: InsightQueryItemPropertiesAdditionalQuery; + /** The insight chart query. */ + defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange; + /** The insight chart query. */ + referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange; +}; + +/** AAD (Azure Active Directory) requirements check properties. */ +export type AADCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** AATP (Azure Advanced Threat Protection) requirements check properties. */ +export type AatpCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** Dynamics365 requirements check properties. */ +export type Dynamics365CheckRequirementsProperties = DataConnectorTenantId & {}; + +/** MCAS (Microsoft Cloud App Security) requirements check properties. */ +export type McasCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. */ +export type MdatpCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** Microsoft Threat Intelligence requirements check properties. */ +export type MstiCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** MTP (Microsoft Threat Protection) requirements check properties. */ +export type MTPCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. */ +export type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** OfficeIRM (Microsoft Insider Risk Management) requirements check properties. */ +export type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** Office365 Project requirements check properties. */ +export type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** Office PowerBI requirements check properties. */ +export type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {}; + +/** Threat Intelligence Platforms data connector required properties. */ +export type TICheckRequirementsProperties = DataConnectorTenantId & {}; + +/** Threat Intelligence TAXII data connector required properties. */ +export type TiTaxiiCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** AAD (Azure Active Directory) data connector properties. */ +export type AADDataConnectorProperties = DataConnectorTenantId & + DataConnectorWithAlertsProperties & {}; + +/** Microsoft Threat Intelligence data connector properties. */ +export type MstiDataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: MstiDataConnectorDataTypes; +}; + +/** MTP (Microsoft Threat Protection) data connector properties. */ +export type MTPDataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: MTPDataConnectorDataTypes; +}; + +/** AATP (Azure Advanced Threat Protection) data connector properties. */ +export type AatpDataConnectorProperties = DataConnectorTenantId & + DataConnectorWithAlertsProperties & {}; + +/** MCAS (Microsoft Cloud App Security) data connector properties. */ +export type McasDataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: McasDataConnectorDataTypes; +}; + +/** Dynamics365 data connector properties. */ +export type Dynamics365DataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: Dynamics365DataConnectorDataTypes; +}; + +/** OfficeATP (Office 365 Advanced Threat Protection) data connector properties. */ +export type OfficeATPDataConnectorProperties = DataConnectorTenantId & + DataConnectorWithAlertsProperties & {}; + +/** OfficeIRM (Microsoft Insider Risk Management) data connector properties. */ +export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & + DataConnectorWithAlertsProperties & {}; + +/** MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. */ +export type MdatpDataConnectorProperties = DataConnectorTenantId & + DataConnectorWithAlertsProperties & {}; + +/** Office data connector properties. */ +export type OfficeDataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: OfficeDataConnectorDataTypes; +}; + +/** TI (Threat Intelligence) data connector properties. */ +export type TIDataConnectorProperties = DataConnectorTenantId & { + /** The lookback period for the feed to be imported. */ + tipLookbackPeriod?: Date; + /** The available data types for the connector. */ + dataTypes: TIDataConnectorDataTypes; +}; + +/** Threat Intelligence TAXII data connector properties. */ +export type TiTaxiiDataConnectorProperties = DataConnectorTenantId & { + /** The workspace id. */ + workspaceId?: string; + /** The friendly name for the TAXII server. */ + friendlyName?: string; + /** The API root for the TAXII server. */ + taxiiServer?: string; + /** The collection id of the TAXII server. */ + collectionId?: string; + /** The userName for the TAXII server. */ + userName?: string; + /** The password for the TAXII server. */ + password?: string; + /** The lookback period for the TAXII server. */ + taxiiLookbackPeriod?: Date; + /** The polling frequency for the TAXII server. */ + pollingFrequency: PollingFrequency | null; + /** The available data types for Threat Intelligence TAXII data connector. */ + dataTypes: TiTaxiiDataConnectorDataTypes; +}; + +/** ASC (Azure Security Center) data connector properties. */ +export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & { + /** The subscription id to connect to, and get the data from. */ + subscriptionId?: string; +}; + +/** The available data types for MCAS (Microsoft Cloud App Security) data connector. */ +export type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & { + /** Discovery log data type connection. */ + discoveryLogs?: DataConnectorDataTypeCommon; +}; + +/** Data type for Microsoft Threat Intelligence Platforms data connector. */ +export type MstiDataConnectorDataTypesBingSafetyPhishingURL = DataConnectorDataTypeCommon & { + /** lookback period */ + lookbackPeriod: string; +}; + +/** Data type for Microsoft Threat Intelligence Platforms data connector. */ +export type MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed = DataConnectorDataTypeCommon & { + /** lookback period */ + lookbackPeriod: string; +}; + +/** Data type for Microsoft Threat Protection Platforms data connector. */ +export type MTPDataConnectorDataTypesIncidents = DataConnectorDataTypeCommon & {}; + +/** Logs data type. */ +export type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +/** Logs data type. */ +export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +/** Common Data Service data type connection. */ +export type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {}; + +/** Logs data type. */ +export type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +/** Logs data type. */ +export type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +/** Exchange data type connection. */ +export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; + +/** SharePoint data type connection. */ +export type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {}; + +/** Teams data type connection. */ +export type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {}; + +/** Data type for indicators connection. */ +export type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {}; + +/** Data type for TAXII connector. */ +export type TiTaxiiDataConnectorDataTypesTaxiiClient = DataConnectorDataTypeCommon & {}; + +export type CodelessUiConnectorConfigPropertiesGraphQueriesItem = GraphQueries & {}; + +export type CodelessUiConnectorConfigPropertiesSampleQueriesItem = SampleQueries & {}; + +export type CodelessUiConnectorConfigPropertiesDataTypesItem = LastDataReceivedDataType & {}; + +export type CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem = ConnectivityCriteria & {}; + +export type PermissionsResourceProviderItem = ResourceProvider & {}; + +/** Customs permissions required for the connector */ +export type Customs = CustomsPermission & {}; + +export type CodelessUiConnectorConfigPropertiesInstructionStepsItem = InstructionSteps & {}; + +export type InstructionStepsInstructionsItem = ConnectorInstructionModelBase & {}; + +/** Alert rule. */ +export type AlertRule = ResourceWithEtag & { + /** The kind of the alert rule */ + kind: AlertRuleKind; +}; + +/** Action for alert rule. */ +export type ActionResponse = ResourceWithEtag & { + /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */ + logicAppResourceId?: string; + /** The name of the logic app's workflow. */ + workflowId?: string; +}; + +/** Action for alert rule. */ +export type ActionRequest = ResourceWithEtag & { + /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */ + logicAppResourceId?: string; + /** Logic App Callback URL for this specific workflow. */ + triggerUri?: string; +}; + +export type AutomationRule = ResourceWithEtag & { + /** The display name of the automation rule */ + displayName: string; + /** The order of execution of the automation rule */ + order: number; + /** Describes automation rule triggering logic */ + triggeringLogic: AutomationRuleTriggeringLogic; + /** The actions to execute when the automation rule is triggered */ + actions: AutomationRuleActionUnion[]; + /** + * The last time the automation rule was updated + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedTimeUtc?: Date; + /** + * The time the automation rule was created + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdTimeUtc?: Date; + /** + * Information on the client (user or application) that made some action + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedBy?: ClientInfo; + /** + * Information on the client (user or application) that made some action + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdBy?: ClientInfo; +}; + +/** Represents a bookmark in Azure Security Insights. */ +export type Bookmark = ResourceWithEtag & { + /** The time the bookmark was created */ + created?: Date; + /** Describes a user that created the bookmark */ + createdBy?: UserInfo; + /** The display name of the bookmark */ + displayName?: string; + /** List of labels relevant to this bookmark */ + labels?: string[]; + /** The notes of the bookmark */ + notes?: string; + /** The query of the bookmark. */ + query?: string; + /** The query result of the bookmark. */ + queryResult?: string; + /** The last time the bookmark was updated */ + updated?: Date; + /** Describes a user that updated the bookmark */ + updatedBy?: UserInfo; + /** The bookmark event time */ + eventTime?: Date; + /** The start time for the query */ + queryStartTime?: Date; + /** The end time for the query */ + queryEndTime?: Date; + /** Describes an incident that relates to bookmark */ + incidentInfo?: IncidentInfo; + /** Describes the entity mappings of the bookmark */ + entityMappings?: BookmarkEntityMappings[]; + /** A list of relevant mitre attacks */ + tactics?: AttackTactic[]; + /** A list of relevant mitre techniques */ + techniques?: string[]; +}; + +/** Represents a relation between two resources */ +export type Relation = ResourceWithEtag & { + /** The resource ID of the related resource */ + relatedResourceId?: string; + /** + * The name of the related resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly relatedResourceName?: string; + /** + * The resource type of the related resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly relatedResourceType?: string; + /** + * The resource kind of the related resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly relatedResourceKind?: string; +}; + +/** Specific entity query. */ +export type EntityQuery = ResourceWithEtag & { + /** the entity query kind */ + kind: EntityQueryKind; +}; + +/** Specific entity query that supports put requests. */ +export type CustomEntityQuery = ResourceWithEtag & { + /** the entity query kind */ + kind: CustomEntityQueryKind; +}; + +/** Represents an incident in Azure Security Insights. */ +export type Incident = ResourceWithEtag & { + /** + * Additional data on the incident + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: IncidentAdditionalData; + /** The reason the incident was closed */ + classification?: IncidentClassification; + /** Describes the reason the incident was closed */ + classificationComment?: string; + /** The classification reason the incident was closed with */ + classificationReason?: IncidentClassificationReason; + /** + * The time the incident was created + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdTimeUtc?: Date; + /** The description of the incident */ + description?: string; + /** The time of the first activity in the incident */ + firstActivityTimeUtc?: Date; + /** + * The deep-link url to the incident in Azure portal + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly incidentUrl?: string; + /** + * A sequential number + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly incidentNumber?: number; + /** List of labels relevant to this incident */ + labels?: IncidentLabel[]; + /** The name of the source provider that generated the incident */ + providerName?: string; + /** The incident ID assigned by the incident provider */ + providerIncidentId?: string; + /** The time of the last activity in the incident */ + lastActivityTimeUtc?: Date; + /** + * The last time the incident was updated + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedTimeUtc?: Date; + /** Describes a user that the incident is assigned to */ + owner?: IncidentOwnerInfo; + /** + * List of resource ids of Analytic rules related to the incident + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly relatedAnalyticRuleIds?: string[]; + /** The severity of the incident */ + severity?: IncidentSeverity; + /** The status of the incident */ + status?: IncidentStatus; + /** Describes a team for the incident */ + teamInformation?: TeamInformation; + /** The title of the incident */ + title?: string; +}; + +/** Represents an incident comment */ +export type IncidentComment = ResourceWithEtag & { + /** + * The time the comment was created + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdTimeUtc?: Date; + /** + * The time the comment was updated + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedTimeUtc?: Date; + /** The comment message */ + message?: string; + /** + * Describes the client that created the comment + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly author?: ClientInfo; +}; + +/** Metadata resource definition. */ +export type MetadataModel = ResourceWithEtag & { + /** Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name */ + contentId?: string; + /** Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) */ + parentId?: string; + /** Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks */ + version?: string; + /** The kind of content the metadata is for. */ + kind?: Kind; + /** Source of the content. This is where/how it was created. */ + source?: MetadataSource; + /** The creator of the content item. */ + author?: MetadataAuthor; + /** Support information for the metadata - type, name, contact information */ + support?: MetadataSupport; + /** Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. */ + dependencies?: MetadataDependencies; + /** Categories for the solution content item */ + categories?: MetadataCategories; + /** Providers for the solution content item */ + providers?: string[]; + /** first publish date solution content item */ + firstPublishDate?: Date; + /** last publish date for the solution content item */ + lastPublishDate?: Date; +}; + +/** Metadata patch request body. */ +export type MetadataPatch = ResourceWithEtag & { + /** Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name */ + contentId?: string; + /** Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) */ + parentId?: string; + /** Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks */ + version?: string; + /** The kind of content the metadata is for. */ + kind?: Kind; + /** Source of the content. This is where/how it was created. */ + source?: MetadataSource; + /** The creator of the content item. */ + author?: MetadataAuthor; + /** Support information for the metadata - type, name, contact information */ + support?: MetadataSupport; + /** Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. */ + dependencies?: MetadataDependencies; + /** Categories for the solution content item */ + categories?: MetadataCategories; + /** Providers for the solution content item */ + providers?: string[]; + /** first publish date solution content item */ + firstPublishDate?: Date; + /** last publish date for the solution content item */ + lastPublishDate?: Date; +}; + +/** Sentinel onboarding state */ +export type SentinelOnboardingState = ResourceWithEtag & { + /** Flag that indicates the status of the CMK setting */ + customerManagedKey?: boolean; +}; + +/** The Setting. */ +export type Settings = ResourceWithEtag & { + /** The kind of the setting */ + kind: SettingKind; +}; + +/** Represents a SourceControl in Azure Security Insights. */ +export type SourceControl = ResourceWithEtag & { + /** The id (a Guid) of the source control */ + idPropertiesId?: string; + /** The display name of the source control */ + displayName?: string; + /** A description of the source control */ + description?: string; + /** The repository type of the source control */ + repoType?: RepoType; + /** Array of source control content types. */ + contentTypes?: ContentType[]; + /** Repository metadata. */ + repository?: Repository; +}; + +/** Represents a Watchlist in Azure Security Insights. */ +export type Watchlist = ResourceWithEtag & { + /** The id (a Guid) of the watchlist */ + watchlistId?: string; + /** The display name of the watchlist */ + displayName?: string; + /** The provider of the watchlist */ + provider?: string; + /** The source of the watchlist */ + source?: Source; + /** The time the watchlist was created */ + created?: Date; + /** The last time the watchlist was updated */ + updated?: Date; + /** Describes a user that created the watchlist */ + createdBy?: UserInfo; + /** Describes a user that updated the watchlist */ + updatedBy?: UserInfo; + /** A description of the watchlist */ + description?: string; + /** The type of the watchlist */ + watchlistType?: string; + /** The alias of the watchlist */ + watchlistAlias?: string; + /** A flag that indicates if the watchlist is deleted or not */ + isDeleted?: boolean; + /** List of labels relevant to this watchlist */ + labels?: string[]; + /** The default duration of a watchlist (in ISO 8601 duration format) */ + defaultDuration?: string; + /** The tenantId where the watchlist belongs to */ + tenantId?: string; + /** The number of lines in a csv/tsv content to skip before the header */ + numberOfLinesToSkip?: number; + /** The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint */ + rawContent?: string; + /** The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. */ + itemsSearchKey?: string; + /** The content type of the raw content. Example : text/csv or text/tsv */ + contentType?: string; + /** The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted */ + uploadStatus?: string; + /** The number of Watchlist Items in the Watchlist */ + watchlistItemsCount?: number; +}; + +/** Represents a Watchlist item in Azure Security Insights. */ +export type WatchlistItem = ResourceWithEtag & { + /** The type of the watchlist item */ + watchlistItemType?: string; + /** The id (a Guid) of the watchlist item */ + watchlistItemId?: string; + /** The tenantId to which the watchlist item belongs to */ + tenantId?: string; + /** A flag that indicates if the watchlist item is deleted or not */ + isDeleted?: boolean; + /** The time the watchlist item was created */ + created?: Date; + /** The last time the watchlist item was updated */ + updated?: Date; + /** Describes a user that created the watchlist item */ + createdBy?: UserInfo; + /** Describes a user that updated the watchlist item */ + updatedBy?: UserInfo; + /** key-value pairs for a watchlist item */ + itemsKeyValue?: Record; + /** key-value pairs for a watchlist item entity mapping */ + entityMapping?: Record; +}; + +/** Data connector */ +export type DataConnector = ResourceWithEtag & { + /** The data connector kind */ + kind: DataConnectorKind; +}; + +/** Represents MLBehaviorAnalytics alert rule template. */ +export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; + /** + * The last time that this alert rule template has been updated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The time that this alert rule template has been added. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdDateUTC?: Date; + /** The description of the alert rule template. */ + description?: string; + /** The display name for alert rule template. */ + displayName?: string; + /** The required data sources for this template */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** The alert rule template status. */ + status?: TemplateStatus; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The tactics of the alert rule template. */ + tactics?: AttackTactic[]; +}; + +/** Represents Fusion alert rule template. */ +export type FusionAlertRuleTemplate = AlertRuleTemplate & { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; + /** + * The last time that this alert rule template has been updated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The time that this alert rule template has been added. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdDateUTC?: Date; + /** The description of the alert rule template. */ + description?: string; + /** The display name for alert rule template. */ + displayName?: string; + /** The required data sources for this template */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** The alert rule template status. */ + status?: TemplateStatus; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The tactics of the alert rule template */ + tactics?: AttackTactic[]; +}; + +/** Represents Threat Intelligence alert rule template. */ +export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; + /** + * The last time that this alert rule template has been updated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The time that this alert rule template has been added. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdDateUTC?: Date; + /** The description of the alert rule template. */ + description?: string; + /** The display name for alert rule template. */ + displayName?: string; + /** The required data sources for this template */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** The alert rule template status. */ + status?: TemplateStatus; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The tactics of the alert rule template */ + tactics?: AttackTactic[]; +}; + +/** Represents MicrosoftSecurityIncidentCreation rule template. */ +export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; + /** + * The last time that this alert rule template has been updated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The time that this alert rule template has been added. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdDateUTC?: Date; + /** The description of the alert rule template. */ + description?: string; + /** The display name for alert rule template. */ + displayName?: string; + /** The required data sources for this template */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** The alert rule template status. */ + status?: TemplateStatus; + /** the alerts' displayNames on which the cases will be generated */ + displayNamesFilter?: string[]; + /** the alerts' displayNames on which the cases will not be generated */ + displayNamesExcludeFilter?: string[]; + /** The alerts' productName on which the cases will be generated */ + productFilter?: MicrosoftSecurityProductName; + /** the alerts' severities on which the cases will be generated */ + severitiesFilter?: AlertSeverity[]; +}; + +/** Represents scheduled alert rule template. */ +export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; + /** + * The last time that this alert rule template has been updated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The time that this alert rule template has been added. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdDateUTC?: Date; + /** The description of the alert rule template. */ + description?: string; + /** The display name for alert rule template. */ + displayName?: string; + /** The required data sources for this template */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** The alert rule template status. */ + status?: TemplateStatus; + /** The query that creates alerts for this rule. */ + query?: string; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ + version?: string; + /** Dictionary of string key-value pairs of columns to be attached to the alert */ + customDetails?: { [propertyName: string]: string }; + /** Array of the entity mappings of the alert rule */ + entityMappings?: EntityMapping[]; + /** The alert details override settings */ + alertDetailsOverride?: AlertDetailsOverride; + /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ + queryFrequency?: string; + /** The period (in ISO 8601 duration format) that this alert rule looks at. */ + queryPeriod?: string; + /** The operation against the threshold that triggers alert rule. */ + triggerOperator?: TriggerOperator; + /** The threshold triggers this alert rule. */ + triggerThreshold?: number; + /** The event grouping settings. */ + eventGroupingSettings?: EventGroupingSettings; +}; + +/** Represents NRT alert rule template. */ +export type NrtAlertRuleTemplate = AlertRuleTemplate & { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; + /** + * The last time that this alert rule template has been updated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The time that this alert rule template has been added. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdDateUTC?: Date; + /** The description of the alert rule template. */ + description?: string; + /** The display name for alert rule template. */ + displayName?: string; + /** The required data sources for this template */ + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + /** The alert rule template status. */ + status?: TemplateStatus; + /** The query that creates alerts for this rule. */ + query?: string; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ + version?: string; + /** Dictionary of string key-value pairs of columns to be attached to the alert */ + customDetails?: { [propertyName: string]: string }; + /** Array of the entity mappings of the alert rule */ + entityMappings?: EntityMapping[]; + /** The alert details override settings */ + alertDetailsOverride?: AlertDetailsOverride; +}; + +/** Represents a security alert entity. */ +export type SecurityAlert = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The display name of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly alertDisplayName?: string; + /** + * The type name of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly alertType?: string; + /** + * Display name of the main entity being reported on. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly compromisedEntity?: string; + /** + * The confidence level of this alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly confidenceLevel?: ConfidenceLevel; + /** + * The confidence reasons + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[]; + /** + * The confidence score of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly confidenceScore?: number; + /** + * The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly confidenceScoreStatus?: ConfidenceScoreStatus; + /** + * Alert description. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly description?: string; + /** + * The impact end time of the alert (the time of the last event contributing to the alert). + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly endTimeUtc?: Date; + /** + * Holds the alert intent stage(s) mapping for this alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly intent?: KillChainIntent; + /** + * The identifier of the alert inside the product which generated the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly providerAlertId?: string; + /** + * The time the alert was made available for consumption. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly processingEndTime?: Date; + /** + * The name of a component inside the product which generated the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly productComponentName?: string; + /** + * The name of the product which published this alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly productName?: string; + /** + * The version of the product generating the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly productVersion?: string; + /** + * Manual action items to take to remediate the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly remediationSteps?: string[]; + /** The severity of the alert */ + severity?: AlertSeverity; + /** + * The impact start time of the alert (the time of the first event contributing to the alert). + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly startTimeUtc?: Date; + /** + * The lifecycle status of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly status?: AlertStatus; + /** + * Holds the product identifier of the alert for the product. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly systemAlertId?: string; + /** + * The tactics of the alert + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly tactics?: AttackTactic[]; + /** + * The time the alert was generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly timeGenerated?: Date; + /** + * The name of the vendor that raise the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly vendorName?: string; + /** + * The uri link of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly alertLink?: string; + /** + * The list of resource identifiers of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly resourceIdentifiers?: Record[]; +}; + +/** Represents a Hunting bookmark entity. */ +export type HuntingBookmark = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** The time the bookmark was created */ + created?: Date; + /** Describes a user that created the bookmark */ + createdBy?: UserInfo; + /** The display name of the bookmark */ + displayName?: string; + /** The time of the event */ + eventTime?: Date; + /** List of labels relevant to this bookmark */ + labels?: string[]; + /** The notes of the bookmark */ + notes?: string; + /** The query of the bookmark. */ + query?: string; + /** The query result of the bookmark. */ + queryResult?: string; + /** The last time the bookmark was updated */ + updated?: Date; + /** Describes a user that updated the bookmark */ + updatedBy?: UserInfo; + /** Describes an incident that relates to bookmark */ + incidentInfo?: IncidentInfo; +}; + +/** Represents an account entity. */ +export type AccountEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The Azure Active Directory tenant id. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly aadTenantId?: string; + /** + * The Azure Active Directory user id. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly aadUserId?: string; + /** + * The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly accountName?: string; + /** + * The display name of the account. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly displayName?: string; + /** + * The Host entity id that contains the account in case it is a local account (not domain joined) + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostEntityId?: string; + /** + * Determines whether this is a domain account. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isDomainJoined?: boolean; + /** + * The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly ntDomain?: string; + /** + * The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly objectGuid?: string; + /** + * The Azure Active Directory Passport User ID. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly puid?: string; + /** + * The account security identifier, e.g. S-1-5-18. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sid?: string; + /** + * The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly upnSuffix?: string; + /** + * The fully qualified domain DNS name. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly dnsDomain?: string; +}; + +/** Represents an azure resource entity. */ +export type AzureResourceEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The azure resource id of the resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly resourceId?: string; + /** + * The subscription id of the resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly subscriptionId?: string; +}; + +/** Represents a cloud application entity. */ +export type CloudApplicationEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The technical identifier of the application. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly appId?: number; + /** + * The name of the related cloud application. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly appName?: string; + /** + * The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly instanceName?: string; +}; + +/** Represents a dns entity. */ +export type DnsEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * An ip entity id for the dns server resolving the request + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly dnsServerIpEntityId?: string; + /** + * The name of the dns record associated with the alert + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly domainName?: string; + /** + * An ip entity id for the dns request client + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostIpAddressEntityId?: string; + /** + * Ip entity identifiers for the resolved ip address. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly ipAddressEntityIds?: string[]; +}; + +/** Represents a file entity. */ +export type FileEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The full path to the file. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly directory?: string; + /** + * The file hash entity identifiers associated with this file + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly fileHashEntityIds?: string[]; + /** + * The file name without path (some alerts might not include path). + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly fileName?: string; + /** + * The Host entity id which the file belongs to + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostEntityId?: string; +}; + +/** Represents a file hash entity. */ +export type FileHashEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The hash algorithm type. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly algorithm?: FileHashAlgorithm; + /** + * The file hash value. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hashValue?: string; +}; + +/** Represents a host entity. */ +export type HostEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The azure resource id of the VM. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly azureID?: string; + /** + * The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly dnsDomain?: string; + /** + * The hostname without the domain suffix. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostName?: string; + /** + * Determines whether this host belongs to a domain. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isDomainJoined?: boolean; + /** + * The host name (pre-windows2000). + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly netBiosName?: string; + /** + * The NT domain that this host belongs to. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly ntDomain?: string; + /** + * The OMS agent id, if the host has OMS agent installed. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly omsAgentID?: string; + /** The operating system type. */ + osFamily?: OSFamily; + /** + * A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly osVersion?: string; +}; + +/** Represents an IoT device entity. */ +export type IoTDeviceEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The ID of the IoT Device in the IoT Hub + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly deviceId?: string; + /** + * The friendly name of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly deviceName?: string; + /** + * The source of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly source?: string; + /** + * The ID of the security agent running on the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly iotSecurityAgentId?: string; + /** + * The type of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly deviceType?: string; + /** + * The vendor of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly vendor?: string; + /** + * The ID of the edge device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly edgeId?: string; + /** + * The MAC address of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly macAddress?: string; + /** + * The model of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly model?: string; + /** + * The serial number of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly serialNumber?: string; + /** + * The firmware version of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly firmwareVersion?: string; + /** + * The operating system of the device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly operatingSystem?: string; + /** + * The AzureResource entity id of the IoT Hub + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly iotHubEntityId?: string; + /** + * The Host entity id of this device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostEntityId?: string; + /** + * The IP entity if of this device + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly ipAddressEntityId?: string; + /** + * A list of TI contexts attached to the IoTDevice entity. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatIntelligence?: ThreatIntelligence[]; + /** + * A list of protocols of the IoTDevice entity. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly protocols?: string[]; +}; + +/** Represents an ip entity. */ +export type IpEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly address?: string; + /** + * The geo-location context attached to the ip entity + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly location?: GeoLocation; + /** + * A list of TI contexts attached to the ip entity. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatIntelligence?: ThreatIntelligence[]; +}; + +/** Represents a mailbox entity. */ +export type MailboxEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The mailbox's primary address + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly mailboxPrimaryAddress?: string; + /** + * The mailbox's display name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly displayName?: string; + /** + * The mailbox's UPN + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly upn?: string; + /** + * The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly externalDirectoryObjectId?: string; +}; + +/** Represents a mail cluster entity. */ +export type MailClusterEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The mail message IDs that are part of the mail cluster + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly networkMessageIds?: string[]; + /** + * Count of mail messages by DeliveryStatus string representation + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly countByDeliveryStatus?: Record; + /** + * Count of mail messages by ThreatType string representation + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly countByThreatType?: Record; + /** + * Count of mail messages by ProtectionStatus string representation + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly countByProtectionStatus?: Record; + /** + * The threats of mail messages that are part of the mail cluster + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threats?: string[]; + /** + * The query that was used to identify the messages of the mail cluster + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly query?: string; + /** + * The query time + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly queryTime?: Date; + /** + * The number of mail messages that are part of the mail cluster + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly mailCount?: number; + /** + * Is this a volume anomaly mail cluster + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isVolumeAnomaly?: boolean; + /** + * The source of the mail cluster (default is 'O365 ATP') + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly source?: string; + /** + * The id of the cluster source + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly clusterSourceIdentifier?: string; + /** + * The type of the cluster source + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly clusterSourceType?: string; + /** + * The cluster query start time + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly clusterQueryStartTime?: Date; + /** + * The cluster query end time + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly clusterQueryEndTime?: Date; + /** + * The cluster group + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly clusterGroup?: string; +}; + +/** Represents a mail message entity. */ +export type MailMessageEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The File entity ids of this mail message's attachments + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly fileEntityIds?: string[]; + /** + * The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly recipient?: string; + /** + * The Urls contained in this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly urls?: string[]; + /** + * The threats of this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threats?: string[]; + /** + * The p1 sender's email address + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p1Sender?: string; + /** + * The p1 sender's display name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p1SenderDisplayName?: string; + /** + * The p1 sender's domain + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p1SenderDomain?: string; + /** + * The sender's IP address + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly senderIP?: string; + /** + * The p2 sender's email address + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p2Sender?: string; + /** + * The p2 sender's display name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p2SenderDisplayName?: string; + /** + * The p2 sender's domain + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly p2SenderDomain?: string; + /** + * The receive date of this message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly receiveDate?: Date; + /** + * The network message id of this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly networkMessageId?: string; + /** + * The internet message id of this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly internetMessageId?: string; + /** + * The subject of this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly subject?: string; + /** + * The language of this mail message + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly language?: string; + /** + * The threat detection methods + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly threatDetectionMethods?: string[]; + /** The bodyFingerprintBin1 */ + bodyFingerprintBin1?: number; + /** The bodyFingerprintBin2 */ + bodyFingerprintBin2?: number; + /** The bodyFingerprintBin3 */ + bodyFingerprintBin3?: number; + /** The bodyFingerprintBin4 */ + bodyFingerprintBin4?: number; + /** The bodyFingerprintBin5 */ + bodyFingerprintBin5?: number; + /** The directionality of this mail message */ + antispamDirection?: AntispamMailDirection; + /** The delivery action of this mail message like Delivered, Blocked, Replaced etc */ + deliveryAction?: DeliveryAction; + /** The delivery location of this mail message like Inbox, JunkFolder etc */ + deliveryLocation?: DeliveryLocation; +}; + +/** Represents a malware entity. */ +export type MalwareEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The malware category by the vendor, e.g. Trojan + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly category?: string; + /** + * List of linked file entity identifiers on which the malware was found + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly fileEntityIds?: string[]; + /** + * The malware name by the vendor, e.g. Win32/Toga!rfn + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly malwareName?: string; + /** + * List of linked process entity identifiers on which the malware was found. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly processEntityIds?: string[]; +}; + +/** Represents a process entity. */ +export type ProcessEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The account entity id running the processes. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly accountEntityId?: string; + /** + * The command line used to create the process + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly commandLine?: string; + /** + * The time when the process started to run + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly creationTimeUtc?: Date; + /** The elevation token associated with the process. */ + elevationToken?: ElevationToken; + /** + * The host entity id on which the process was running + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostEntityId?: string; + /** + * The session entity id in which the process was running + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hostLogonSessionEntityId?: string; + /** + * Image file entity id + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly imageFileEntityId?: string; + /** + * The parent process entity id. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly parentProcessEntityId?: string; + /** + * The process ID + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly processId?: string; +}; + +/** Represents a registry key entity. */ +export type RegistryKeyEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * the hive that holds the registry key. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly hive?: RegistryHive; + /** + * The registry key path. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly key?: string; +}; + +/** Represents a registry value entity. */ +export type RegistryValueEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The registry key entity id. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly keyEntityId?: string; + /** + * String formatted representation of the value data. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly valueData?: string; + /** + * The registry value name. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly valueName?: string; + /** + * Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly valueType?: RegistryValueKind; +}; + +/** Represents a security group entity. */ +export type SecurityGroupEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The group distinguished name + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly distinguishedName?: string; + /** + * A single-value attribute that is the unique identifier for the object, assigned by active directory. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly objectGuid?: string; + /** + * The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sid?: string; +}; + +/** Represents a submission mail entity. */ +export type SubmissionMailEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * The network message id of email to which submission belongs + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly networkMessageId?: string; + /** + * The submission id + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly submissionId?: string; + /** + * The submitter + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly submitter?: string; + /** + * The submission date + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly submissionDate?: Date; + /** + * The Time stamp when the message is received (Mail) + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly timestamp?: Date; + /** + * The recipient of the mail + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly recipient?: string; + /** + * The sender of the mail + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sender?: string; + /** + * The sender's IP + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly senderIp?: string; + /** + * The subject of submission mail + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly subject?: string; + /** + * The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly reportType?: string; +}; + +/** Represents a url entity. */ +export type UrlEntity = Entity & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** + * A full URL the entity points to + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly url?: string; +}; + +/** Represents Activity entity query. */ +export type ActivityEntityQueryTemplate = EntityQueryTemplate & { + /** The entity query title */ + title?: string; + /** The entity query content to display in timeline */ + content?: string; + /** The entity query description */ + description?: string; + /** The Activity query definitions */ + queryDefinitions?: ActivityEntityQueryTemplatePropertiesQueryDefinitions; + /** List of required data types for the given entity query template */ + dataTypes?: DataTypeDefinitions[]; + /** The type of the query's source entity */ + inputEntityType?: EntityType; + /** List of the fields of the source entity that are required to run the query */ + requiredInputFieldsSets?: string[][]; + /** The query applied only to entities matching to all filters */ + entitiesFilter?: { [propertyName: string]: string[] }; +}; + +/** Threat intelligence indicator entity. */ +export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** List of tags */ + threatIntelligenceTags?: string[]; + /** Last updated time in UTC */ + lastUpdatedTimeUtc?: string; + /** Source of a threat intelligence entity */ + source?: string; + /** Display name of a threat intelligence entity */ + displayName?: string; + /** Description of a threat intelligence entity */ + description?: string; + /** Indicator types of threat intelligence entities */ + indicatorTypes?: string[]; + /** Pattern of a threat intelligence entity */ + pattern?: string; + /** Pattern type of a threat intelligence entity */ + patternType?: string; + /** Pattern version of a threat intelligence entity */ + patternVersion?: string; + /** Kill chain phases */ + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + /** Parsed patterns */ + parsedPattern?: ThreatIntelligenceParsedPattern[]; + /** External ID of threat intelligence entity */ + externalId?: string; + /** Created by reference of threat intelligence entity */ + createdByRef?: string; + /** Is threat intelligence entity defanged */ + defanged?: boolean; + /** External last updated time in UTC */ + externalLastUpdatedTimeUtc?: string; + /** External References */ + externalReferences?: ThreatIntelligenceExternalReference[]; + /** Granular Markings */ + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + /** Labels of threat intelligence entity */ + labels?: string[]; + /** Is threat intelligence entity revoked */ + revoked?: boolean; + /** Confidence of threat intelligence entity */ + confidence?: number; + /** Threat intelligence entity object marking references */ + objectMarkingRefs?: string[]; + /** Language of threat intelligence entity */ + language?: string; + /** Threat types */ + threatTypes?: string[]; + /** Valid from */ + validFrom?: string; + /** Valid until */ + validUntil?: string; + /** Created by */ + created?: string; + /** Modified by */ + modified?: string; + /** Extensions map */ + extensions?: { [propertyName: string]: any }; +}; + +export type PermissionsCustomsItem = Customs & {}; + +/** Represents MLBehaviorAnalytics alert rule. */ +export type MLBehaviorAnalyticsAlertRule = AlertRule & { + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** + * The description of the alert rule. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly description?: string; + /** + * The display name for alerts created by this alert rule. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly displayName?: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled?: boolean; + /** + * The last time that this alert rule has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; + /** + * The severity for alerts created by this alert rule. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly severity?: AlertSeverity; + /** + * The tactics of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly tactics?: AttackTactic[]; +}; + +/** Represents Fusion alert rule. */ +export type FusionAlertRule = AlertRule & { + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** + * The description of the alert rule. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly description?: string; + /** + * The display name for alerts created by this alert rule. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly displayName?: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled?: boolean; + /** + * The last time that this alert has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; + /** + * The severity for alerts created by this alert rule. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly severity?: AlertSeverity; + /** + * The tactics of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly tactics?: AttackTactic[]; +}; + +/** Represents Threat Intelligence alert rule. */ +export type ThreatIntelligenceAlertRule = AlertRule & { + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** + * The description of the alert rule. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly description?: string; + /** + * The display name for alerts created by this alert rule. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly displayName?: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled?: boolean; + /** + * The last time that this alert has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; + /** + * The severity for alerts created by this alert rule. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly severity?: AlertSeverity; + /** + * The tactics of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly tactics?: AttackTactic[]; +}; + +/** Represents MicrosoftSecurityIncidentCreation rule. */ +export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & { + /** the alerts' displayNames on which the cases will be generated */ + displayNamesFilter?: string[]; + /** the alerts' displayNames on which the cases will not be generated */ + displayNamesExcludeFilter?: string[]; + /** The alerts' productName on which the cases will be generated */ + productFilter?: MicrosoftSecurityProductName; + /** the alerts' severities on which the cases will be generated */ + severitiesFilter?: AlertSeverity[]; + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** The description of the alert rule. */ + description?: string; + /** The display name for alerts created by this alert rule. */ + displayName?: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled?: boolean; + /** + * The last time that this alert has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; +}; + +/** Represents scheduled alert rule. */ +export type ScheduledAlertRule = AlertRule & { + /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ + queryFrequency?: string; + /** The period (in ISO 8601 duration format) that this alert rule looks at. */ + queryPeriod?: string; + /** The operation against the threshold that triggers alert rule. */ + triggerOperator?: TriggerOperator; + /** The threshold triggers this alert rule. */ + triggerThreshold?: number; + /** The event grouping settings. */ + eventGroupingSettings?: EventGroupingSettings; + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ + templateVersion?: string; + /** The description of the alert rule. */ + description?: string; + /** The query that creates alerts for this rule. */ + query?: string; + /** The display name for alerts created by this alert rule. */ + displayName?: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled?: boolean; + /** + * The last time that this alert rule has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; + /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ + suppressionDuration?: string; + /** Determines whether the suppression for this alert rule is enabled or disabled. */ + suppressionEnabled?: boolean; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The settings of the incidents that created from alerts triggered by this analytics rule */ + incidentConfiguration?: IncidentConfiguration; + /** Dictionary of string key-value pairs of columns to be attached to the alert */ + customDetails?: { [propertyName: string]: string }; + /** Array of the entity mappings of the alert rule */ + entityMappings?: EntityMapping[]; + /** The alert details override settings */ + alertDetailsOverride?: AlertDetailsOverride; +}; + +/** Represents NRT alert rule. */ +export type NrtAlertRule = AlertRule & { + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ + templateVersion?: string; + /** The description of the alert rule. */ + description?: string; + /** The query that creates alerts for this rule. */ + query?: string; + /** The display name for alerts created by this alert rule. */ + displayName?: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled?: boolean; + /** + * The last time that this alert rule has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; + /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ + suppressionDuration?: string; + /** Determines whether the suppression for this alert rule is enabled or disabled. */ + suppressionEnabled?: boolean; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The settings of the incidents that created from alerts triggered by this analytics rule */ + incidentConfiguration?: IncidentConfiguration; + /** Dictionary of string key-value pairs of columns to be attached to the alert */ + customDetails?: { [propertyName: string]: string }; + /** Array of the entity mappings of the alert rule */ + entityMappings?: EntityMapping[]; + /** The alert details override settings */ + alertDetailsOverride?: AlertDetailsOverride; +}; + +/** Represents Expansion entity query. */ +export type ExpansionEntityQuery = EntityQuery & { + /** List of the data sources that are required to run the query */ + dataSources?: string[]; + /** The query display name */ + displayName?: string; + /** The type of the query's source entity */ + inputEntityType?: EntityType; + /** List of the fields of the source entity that are required to run the query */ + inputFields?: string[]; + /** List of the desired output types to be constructed from the result */ + outputEntityTypes?: EntityType[]; + /** The template query string to be parsed and formatted */ + queryTemplate?: string; +}; + +/** Represents Activity entity query. */ +export type ActivityEntityQuery = EntityQuery & { + /** The entity query title */ + title?: string; + /** The entity query content to display in timeline */ + content?: string; + /** The entity query description */ + description?: string; + /** The Activity query definitions */ + queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; + /** The type of the query's source entity */ + inputEntityType?: EntityType; + /** List of the fields of the source entity that are required to run the query */ + requiredInputFieldsSets?: string[][]; + /** The query applied only to entities matching to all filters */ + entitiesFilter?: { [propertyName: string]: string[] }; + /** The template id this activity was created from */ + templateName?: string; + /** Determines whether this activity is enabled or disabled. */ + enabled?: boolean; + /** + * The time the activity was created + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdTimeUtc?: Date; + /** + * The last time the activity was updated + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedTimeUtc?: Date; +}; + +/** Represents Activity entity query. */ +export type ActivityCustomEntityQuery = CustomEntityQuery & { + /** The entity query title */ + title?: string; + /** The entity query content to display in timeline */ + content?: string; + /** The entity query description */ + description?: string; + /** The Activity query definitions */ + queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; + /** The type of the query's source entity */ + inputEntityType?: EntityType; + /** List of the fields of the source entity that are required to run the query */ + requiredInputFieldsSets?: string[][]; + /** The query applied only to entities matching to all filters */ + entitiesFilter?: { [propertyName: string]: string[] }; + /** The template id this activity was created from */ + templateName?: string; + /** Determines whether this activity is enabled or disabled. */ + enabled?: boolean; + /** + * The time the activity was created + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdTimeUtc?: Date; + /** + * The last time the activity was updated + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedTimeUtc?: Date; +}; + +/** Settings with single toggle. */ +export type Anomalies = Settings & { + /** + * Determines whether the setting is enable or disabled. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isEnabled?: boolean; +}; + +/** Settings with single toggle. */ +export type EyesOn = Settings & { + /** + * Determines whether the setting is enable or disabled. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isEnabled?: boolean; +}; + +/** Settings with single toggle. */ +export type EntityAnalytics = Settings & { + /** + * Determines whether the setting is enable or disabled. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isEnabled?: boolean; +}; + +/** Settings with single toggle. */ +export type Ueba = Settings & { + /** The relevant data sources that enriched by ueba */ + dataSources?: UebaDataSources[]; +}; + +/** Represents AAD (Azure Active Directory) data connector. */ +export type AADDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +}; + +/** Represents Microsoft Threat Intelligence data connector. */ +export type MstiDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: MstiDataConnectorDataTypes; +}; + +/** Represents MTP (Microsoft Threat Protection) data connector. */ +export type MTPDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: MTPDataConnectorDataTypes; +}; + +/** Represents AATP (Azure Advanced Threat Protection) data connector. */ +export type AatpDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +}; + +/** Represents ASC (Azure Security Center) data connector. */ +export type ASCDataConnector = DataConnector & { + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; + /** The subscription id to connect to, and get the data from. */ + subscriptionId?: string; +}; + +/** Represents Amazon Web Services CloudTrail data connector. */ +export type AwsCloudTrailDataConnector = DataConnector & { + /** The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. */ + awsRoleArn?: string; + /** The available data types for the connector. */ + dataTypes?: AwsCloudTrailDataConnectorDataTypes; +}; + +/** Represents Amazon Web Services S3 data connector. */ +export type AwsS3DataConnector = DataConnector & { + /** The logs destination table name in LogAnalytics. */ + destinationTable?: string; + /** The AWS sqs urls for the connector. */ + sqsUrls?: string[]; + /** The Aws Role Arn that is used to access the Aws account. */ + roleArn?: string; + /** The available data types for the connector. */ + dataTypes?: AwsS3DataConnectorDataTypes; +}; + +/** Represents MCAS (Microsoft Cloud App Security) data connector. */ +export type McasDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: McasDataConnectorDataTypes; +}; + +/** Represents Dynamics365 data connector. */ +export type Dynamics365DataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: Dynamics365DataConnectorDataTypes; +}; + +/** Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. */ +export type OfficeATPDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +}; + +/** Represents Office Microsoft Project data connector. */ +export type Office365ProjectDataConnector = DataConnector & { + /** The available data types for the connector. */ + dataTypes?: Office365ProjectConnectorDataTypes; +}; + +/** Represents Office Microsoft PowerBI data connector. */ +export type OfficePowerBIDataConnector = DataConnector & { + /** The available data types for the connector. */ + dataTypes?: OfficePowerBIConnectorDataTypes; +}; + +/** Represents OfficeIRM (Microsoft Insider Risk Management) data connector. */ +export type OfficeIRMDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +}; + +/** Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. */ +export type MdatpDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +}; + +/** Represents office data connector. */ +export type OfficeDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: OfficeDataConnectorDataTypes; +}; + +/** Represents threat intelligence data connector. */ +export type TIDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The lookback period for the feed to be imported. */ + tipLookbackPeriod?: Date; + /** The available data types for the connector. */ + dataTypes?: TIDataConnectorDataTypes; +}; + +/** Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server */ +export type TiTaxiiDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The workspace id. */ + workspaceId?: string; + /** The friendly name for the TAXII server. */ + friendlyName?: string; + /** The API root for the TAXII server. */ + taxiiServer?: string; + /** The collection id of the TAXII server. */ + collectionId?: string; + /** The userName for the TAXII server. */ + userName?: string; + /** The password for the TAXII server. */ + password?: string; + /** The lookback period for the TAXII server. */ + taxiiLookbackPeriod?: Date; + /** The polling frequency for the TAXII server. */ + pollingFrequency?: PollingFrequency; + /** The available data types for Threat Intelligence TAXII data connector. */ + dataTypes?: TiTaxiiDataConnectorDataTypes; +}; + +/** Represents Codeless UI data connector. */ +export type CodelessUiDataConnector = DataConnector & { + /** Config to describe the instructions blade */ + connectorUiConfig?: CodelessUiConnectorConfigProperties; +}; + +/** Represents Codeless API Polling data connector. */ +export type CodelessApiPollingDataConnector = DataConnector & { + /** Config to describe the instructions blade */ + connectorUiConfig?: CodelessUiConnectorConfigProperties; + /** Config to describe the polling instructions */ + pollingConfig?: CodelessConnectorPollingConfigProperties; +}; + +/** Known values of {@link AlertRuleKind} that the service accepts. */ +export enum KnownAlertRuleKind { + Scheduled = "Scheduled", + MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation", + Fusion = "Fusion", + MLBehaviorAnalytics = "MLBehaviorAnalytics", + ThreatIntelligence = "ThreatIntelligence", + NRT = "NRT" +} + +/** + * Defines values for AlertRuleKind. \ + * {@link KnownAlertRuleKind} can be used interchangeably with AlertRuleKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Scheduled** \ + * **MicrosoftSecurityIncidentCreation** \ + * **Fusion** \ + * **MLBehaviorAnalytics** \ + * **ThreatIntelligence** \ + * **NRT** + */ +export type AlertRuleKind = string; + +/** Known values of {@link CreatedByType} that the service accepts. */ +export enum KnownCreatedByType { + User = "User", + Application = "Application", + ManagedIdentity = "ManagedIdentity", + Key = "Key" +} + +/** + * Defines values for CreatedByType. \ + * {@link KnownCreatedByType} can be used interchangeably with CreatedByType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **User** \ + * **Application** \ + * **ManagedIdentity** \ + * **Key** + */ +export type CreatedByType = string; + +/** Known values of {@link TriggersOn} that the service accepts. */ +export enum KnownTriggersOn { + /** Trigger on Incidents */ + Incidents = "Incidents" +} + +/** + * Defines values for TriggersOn. \ + * {@link KnownTriggersOn} can be used interchangeably with TriggersOn, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Incidents**: Trigger on Incidents + */ +export type TriggersOn = string; + +/** Known values of {@link TriggersWhen} that the service accepts. */ +export enum KnownTriggersWhen { + /** Trigger on created objects */ + Created = "Created" +} + +/** + * Defines values for TriggersWhen. \ + * {@link KnownTriggersWhen} can be used interchangeably with TriggersWhen, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Created**: Trigger on created objects + */ +export type TriggersWhen = string; + +/** Known values of {@link ConditionType} that the service accepts. */ +export enum KnownConditionType { + /** Evaluate an object property value */ + Property = "Property" +} + +/** + * Defines values for ConditionType. \ + * {@link KnownConditionType} can be used interchangeably with ConditionType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Property**: Evaluate an object property value + */ +export type ConditionType = string; + +/** Known values of {@link ActionType} that the service accepts. */ +export enum KnownActionType { + /** Modify an object's properties */ + ModifyProperties = "ModifyProperties", + /** Run a playbook on an object */ + RunPlaybook = "RunPlaybook" +} + +/** + * Defines values for ActionType. \ + * {@link KnownActionType} can be used interchangeably with ActionType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **ModifyProperties**: Modify an object's properties \ + * **RunPlaybook**: Run a playbook on an object + */ +export type ActionType = string; + +/** Known values of {@link IncidentSeverity} that the service accepts. */ +export enum KnownIncidentSeverity { + Informational = "Informational", + Low = "Low", + Medium = "Medium", + High = "High" +} + +/** + * Defines values for IncidentSeverity. \ + * {@link KnownIncidentSeverity} can be used interchangeably with IncidentSeverity, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Informational** \ + * **Low** \ + * **Medium** \ + * **High** + */ +export type IncidentSeverity = string; + +/** Known values of {@link AttackTactic} that the service accepts. */ +export enum KnownAttackTactic { + InitialAccess = "InitialAccess", + Execution = "Execution", + Persistence = "Persistence", + PrivilegeEscalation = "PrivilegeEscalation", + DefenseEvasion = "DefenseEvasion", + CredentialAccess = "CredentialAccess", + Discovery = "Discovery", + LateralMovement = "LateralMovement", + Collection = "Collection", + Exfiltration = "Exfiltration", + CommandAndControl = "CommandAndControl", + Impact = "Impact", + PreAttack = "PreAttack" +} + +/** + * Defines values for AttackTactic. \ + * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **InitialAccess** \ + * **Execution** \ + * **Persistence** \ + * **PrivilegeEscalation** \ + * **DefenseEvasion** \ + * **CredentialAccess** \ + * **Discovery** \ + * **LateralMovement** \ + * **Collection** \ + * **Exfiltration** \ + * **CommandAndControl** \ + * **Impact** \ + * **PreAttack** + */ +export type AttackTactic = string; + +/** Known values of {@link EntityKind} that the service accepts. */ +export enum KnownEntityKind { + /** Entity represents account in the system. */ + Account = "Account", + /** Entity represents host in the system. */ + Host = "Host", + /** Entity represents file in the system. */ + File = "File", + /** Entity represents azure resource in the system. */ + AzureResource = "AzureResource", + /** Entity represents cloud application in the system. */ + CloudApplication = "CloudApplication", + /** Entity represents dns resolution in the system. */ + DnsResolution = "DnsResolution", + /** Entity represents file hash in the system. */ + FileHash = "FileHash", + /** Entity represents ip in the system. */ + Ip = "Ip", + /** Entity represents malware in the system. */ + Malware = "Malware", + /** Entity represents process in the system. */ + Process = "Process", + /** Entity represents registry key in the system. */ + RegistryKey = "RegistryKey", + /** Entity represents registry value in the system. */ + RegistryValue = "RegistryValue", + /** Entity represents security group in the system. */ + SecurityGroup = "SecurityGroup", + /** Entity represents url in the system. */ + Url = "Url", + /** Entity represents IoT device in the system. */ + IoTDevice = "IoTDevice", + /** Entity represents security alert in the system. */ + SecurityAlert = "SecurityAlert", + /** Entity represents bookmark in the system. */ + Bookmark = "Bookmark", + /** Entity represents mail cluster in the system. */ + MailCluster = "MailCluster", + /** Entity represents mail message in the system. */ + MailMessage = "MailMessage", + /** Entity represents mailbox in the system. */ + Mailbox = "Mailbox", + /** Entity represents submission mail in the system. */ + SubmissionMail = "SubmissionMail" +} + +/** + * Defines values for EntityKind. \ + * {@link KnownEntityKind} can be used interchangeably with EntityKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Account**: Entity represents account in the system. \ + * **Host**: Entity represents host in the system. \ + * **File**: Entity represents file in the system. \ + * **AzureResource**: Entity represents azure resource in the system. \ + * **CloudApplication**: Entity represents cloud application in the system. \ + * **DnsResolution**: Entity represents dns resolution in the system. \ + * **FileHash**: Entity represents file hash in the system. \ + * **Ip**: Entity represents ip in the system. \ + * **Malware**: Entity represents malware in the system. \ + * **Process**: Entity represents process in the system. \ + * **RegistryKey**: Entity represents registry key in the system. \ + * **RegistryValue**: Entity represents registry value in the system. \ + * **SecurityGroup**: Entity represents security group in the system. \ + * **Url**: Entity represents url in the system. \ + * **IoTDevice**: Entity represents IoT device in the system. \ + * **SecurityAlert**: Entity represents security alert in the system. \ + * **Bookmark**: Entity represents bookmark in the system. \ + * **MailCluster**: Entity represents mail cluster in the system. \ + * **MailMessage**: Entity represents mail message in the system. \ + * **Mailbox**: Entity represents mailbox in the system. \ + * **SubmissionMail**: Entity represents submission mail in the system. + */ +export type EntityKind = string; + +/** Known values of {@link EntityTimelineKind} that the service accepts. */ +export enum KnownEntityTimelineKind { + /** activity */ + Activity = "Activity", + /** bookmarks */ + Bookmark = "Bookmark", + /** security alerts */ + SecurityAlert = "SecurityAlert" +} + +/** + * Defines values for EntityTimelineKind. \ + * {@link KnownEntityTimelineKind} can be used interchangeably with EntityTimelineKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Activity**: activity \ + * **Bookmark**: bookmarks \ + * **SecurityAlert**: security alerts + */ +export type EntityTimelineKind = string; + +/** Known values of {@link EntityItemQueryKind} that the service accepts. */ +export enum KnownEntityItemQueryKind { + /** insight */ + Insight = "Insight" +} + +/** + * Defines values for EntityItemQueryKind. \ + * {@link KnownEntityItemQueryKind} can be used interchangeably with EntityItemQueryKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Insight**: insight + */ +export type EntityItemQueryKind = string; + +/** Known values of {@link EntityQueryKind} that the service accepts. */ +export enum KnownEntityQueryKind { + Expansion = "Expansion", + Insight = "Insight", + Activity = "Activity" +} + +/** + * Defines values for EntityQueryKind. \ + * {@link KnownEntityQueryKind} can be used interchangeably with EntityQueryKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Expansion** \ + * **Insight** \ + * **Activity** + */ +export type EntityQueryKind = string; + +/** Known values of {@link Enum12} that the service accepts. */ +export enum KnownEnum12 { + Expansion = "Expansion", + Activity = "Activity" +} + +/** + * Defines values for Enum12. \ + * {@link KnownEnum12} can be used interchangeably with Enum12, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Expansion** \ + * **Activity** + */ +export type Enum12 = string; + +/** Known values of {@link CustomEntityQueryKind} that the service accepts. */ +export enum KnownCustomEntityQueryKind { + Activity = "Activity" +} + +/** + * Defines values for CustomEntityQueryKind. \ + * {@link KnownCustomEntityQueryKind} can be used interchangeably with CustomEntityQueryKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Activity** + */ +export type CustomEntityQueryKind = string; + +/** Known values of {@link EntityQueryTemplateKind} that the service accepts. */ +export enum KnownEntityQueryTemplateKind { + Activity = "Activity" +} + +/** + * Defines values for EntityQueryTemplateKind. \ + * {@link KnownEntityQueryTemplateKind} can be used interchangeably with EntityQueryTemplateKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Activity** + */ +export type EntityQueryTemplateKind = string; + +/** Known values of {@link IncidentClassification} that the service accepts. */ +export enum KnownIncidentClassification { + Undetermined = "Undetermined", + TruePositive = "TruePositive", + BenignPositive = "BenignPositive", + FalsePositive = "FalsePositive" +} + +/** + * Defines values for IncidentClassification. \ + * {@link KnownIncidentClassification} can be used interchangeably with IncidentClassification, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Undetermined** \ + * **TruePositive** \ + * **BenignPositive** \ + * **FalsePositive** + */ +export type IncidentClassification = string; + +/** Known values of {@link IncidentClassificationReason} that the service accepts. */ +export enum KnownIncidentClassificationReason { + SuspiciousActivity = "SuspiciousActivity", + SuspiciousButExpected = "SuspiciousButExpected", + IncorrectAlertLogic = "IncorrectAlertLogic", + InaccurateData = "InaccurateData" +} + +/** + * Defines values for IncidentClassificationReason. \ + * {@link KnownIncidentClassificationReason} can be used interchangeably with IncidentClassificationReason, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **SuspiciousActivity** \ + * **SuspiciousButExpected** \ + * **IncorrectAlertLogic** \ + * **InaccurateData** + */ +export type IncidentClassificationReason = string; + +/** Known values of {@link IncidentLabelType} that the service accepts. */ +export enum KnownIncidentLabelType { + /** Label manually created by a user */ + User = "User", + /** Label automatically created by the system */ + System = "System" +} + +/** + * Defines values for IncidentLabelType. \ + * {@link KnownIncidentLabelType} can be used interchangeably with IncidentLabelType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **User**: Label manually created by a user \ + * **System**: Label automatically created by the system + */ +export type IncidentLabelType = string; + +/** Known values of {@link OwnerType} that the service accepts. */ +export enum KnownOwnerType { + /** The incident owner type is unknown */ + Unknown = "Unknown", + /** The incident owner type is an AAD user */ + User = "User", + /** The incident owner type is an AAD group */ + Group = "Group" +} + +/** + * Defines values for OwnerType. \ + * {@link KnownOwnerType} can be used interchangeably with OwnerType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Unknown**: The incident owner type is unknown \ + * **User**: The incident owner type is an AAD user \ + * **Group**: The incident owner type is an AAD group + */ +export type OwnerType = string; + +/** Known values of {@link IncidentStatus} that the service accepts. */ +export enum KnownIncidentStatus { + New = "New", + Active = "Active", + Closed = "Closed" +} + +/** + * Defines values for IncidentStatus. \ + * {@link KnownIncidentStatus} can be used interchangeably with IncidentStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **New** \ + * **Active** \ + * **Closed** + */ +export type IncidentStatus = string; + +/** Known values of {@link ConfidenceLevel} that the service accepts. */ +export enum KnownConfidenceLevel { + /** Unknown confidence, the is the default value */ + Unknown = "Unknown", + /** Low confidence, meaning we have some doubts this is indeed malicious or part of an attack */ + Low = "Low", + /** High confidence that the alert is true positive malicious */ + High = "High" +} + +/** + * Defines values for ConfidenceLevel. \ + * {@link KnownConfidenceLevel} can be used interchangeably with ConfidenceLevel, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Unknown**: Unknown confidence, the is the default value \ + * **Low**: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack \ + * **High**: High confidence that the alert is true positive malicious + */ +export type ConfidenceLevel = string; + +/** Known values of {@link ConfidenceScoreStatus} that the service accepts. */ +export enum KnownConfidenceScoreStatus { + /** Score will not be calculated for this alert as it is not supported by virtual analyst */ + NotApplicable = "NotApplicable", + /** No score was set yet and calculation is in progress */ + InProcess = "InProcess", + /** Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data */ + NotFinal = "NotFinal", + /** Final score was calculated and available */ + Final = "Final" +} + +/** + * Defines values for ConfidenceScoreStatus. \ + * {@link KnownConfidenceScoreStatus} can be used interchangeably with ConfidenceScoreStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **NotApplicable**: Score will not be calculated for this alert as it is not supported by virtual analyst \ + * **InProcess**: No score was set yet and calculation is in progress \ + * **NotFinal**: Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data \ + * **Final**: Final score was calculated and available + */ +export type ConfidenceScoreStatus = string; + +/** Known values of {@link KillChainIntent} that the service accepts. */ +export enum KnownKillChainIntent { + /** The default value. */ + Unknown = "Unknown", + /** Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in. */ + Probing = "Probing", + /** Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage. */ + Exploitation = "Exploitation", + /** Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access. */ + Persistence = "Persistence", + /** Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege. */ + PrivilegeEscalation = "PrivilegeEscalation", + /** Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. */ + DefenseEvasion = "DefenseEvasion", + /** Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment. */ + CredentialAccess = "CredentialAccess", + /** Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase. */ + Discovery = "Discovery", + /** Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect. */ + LateralMovement = "LateralMovement", + /** The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network. */ + Execution = "Execution", + /** Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. */ + Collection = "Collection", + /** Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. */ + Exfiltration = "Exfiltration", + /** The command and control tactic represents how adversaries communicate with systems under their control within a target network. */ + CommandAndControl = "CommandAndControl", + /** The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others. */ + Impact = "Impact" +} + +/** + * Defines values for KillChainIntent. \ + * {@link KnownKillChainIntent} can be used interchangeably with KillChainIntent, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Unknown**: The default value. \ + * **Probing**: Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in. \ + * **Exploitation**: Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage. \ + * **Persistence**: Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access. \ + * **PrivilegeEscalation**: Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege. \ + * **DefenseEvasion**: Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. \ + * **CredentialAccess**: Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment. \ + * **Discovery**: Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase. \ + * **LateralMovement**: Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect. \ + * **Execution**: The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network. \ + * **Collection**: Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. \ + * **Exfiltration**: Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. \ + * **CommandAndControl**: The command and control tactic represents how adversaries communicate with systems under their control within a target network. \ + * **Impact**: The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others. + */ +export type KillChainIntent = string; + +/** Known values of {@link AlertSeverity} that the service accepts. */ +export enum KnownAlertSeverity { + /** High severity */ + High = "High", + /** Medium severity */ + Medium = "Medium", + /** Low severity */ + Low = "Low", + /** Informational severity */ + Informational = "Informational" +} + +/** + * Defines values for AlertSeverity. \ + * {@link KnownAlertSeverity} can be used interchangeably with AlertSeverity, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **High**: High severity \ + * **Medium**: Medium severity \ + * **Low**: Low severity \ + * **Informational**: Informational severity + */ +export type AlertSeverity = string; + +/** Known values of {@link AlertStatus} that the service accepts. */ +export enum KnownAlertStatus { + /** Unknown value */ + Unknown = "Unknown", + /** New alert */ + New = "New", + /** Alert closed after handling */ + Resolved = "Resolved", + /** Alert dismissed as false positive */ + Dismissed = "Dismissed", + /** Alert is being handled */ + InProgress = "InProgress" +} + +/** + * Defines values for AlertStatus. \ + * {@link KnownAlertStatus} can be used interchangeably with AlertStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Unknown**: Unknown value \ + * **New**: New alert \ + * **Resolved**: Alert closed after handling \ + * **Dismissed**: Alert dismissed as false positive \ + * **InProgress**: Alert is being handled + */ +export type AlertStatus = string; + +/** Known values of {@link Kind} that the service accepts. */ +export enum KnownKind { + DataConnector = "DataConnector", + DataType = "DataType", + Workbook = "Workbook", + WorkbookTemplate = "WorkbookTemplate", + Playbook = "Playbook", + PlaybookTemplate = "PlaybookTemplate", + AnalyticsRuleTemplate = "AnalyticsRuleTemplate", + AnalyticsRule = "AnalyticsRule", + HuntingQuery = "HuntingQuery", + InvestigationQuery = "InvestigationQuery", + Parser = "Parser", + Watchlist = "Watchlist", + WatchlistTemplate = "WatchlistTemplate", + Solution = "Solution" +} + +/** + * Defines values for Kind. \ + * {@link KnownKind} can be used interchangeably with Kind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **DataConnector** \ + * **DataType** \ + * **Workbook** \ + * **WorkbookTemplate** \ + * **Playbook** \ + * **PlaybookTemplate** \ + * **AnalyticsRuleTemplate** \ + * **AnalyticsRule** \ + * **HuntingQuery** \ + * **InvestigationQuery** \ + * **Parser** \ + * **Watchlist** \ + * **WatchlistTemplate** \ + * **Solution** + */ +export type Kind = string; + +/** Known values of {@link SourceKind} that the service accepts. */ +export enum KnownSourceKind { + LocalWorkspace = "LocalWorkspace", + Community = "Community", + Solution = "Solution", + SourceRepository = "SourceRepository" +} + +/** + * Defines values for SourceKind. \ + * {@link KnownSourceKind} can be used interchangeably with SourceKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **LocalWorkspace** \ + * **Community** \ + * **Solution** \ + * **SourceRepository** + */ +export type SourceKind = string; + +/** Known values of {@link SupportTier} that the service accepts. */ +export enum KnownSupportTier { + Microsoft = "Microsoft", + Partner = "Partner", + Community = "Community" +} + +/** + * Defines values for SupportTier. \ + * {@link KnownSupportTier} can be used interchangeably with SupportTier, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Microsoft** \ + * **Partner** \ + * **Community** + */ +export type SupportTier = string; + +/** Known values of {@link Operator} that the service accepts. */ +export enum KnownOperator { + AND = "AND", + OR = "OR" +} + +/** + * Defines values for Operator. \ + * {@link KnownOperator} can be used interchangeably with Operator, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **AND** \ + * **OR** + */ +export type Operator = string; + +/** Known values of {@link SettingKind} that the service accepts. */ +export enum KnownSettingKind { + Anomalies = "Anomalies", + EyesOn = "EyesOn", + EntityAnalytics = "EntityAnalytics", + Ueba = "Ueba" +} + +/** + * Defines values for SettingKind. \ + * {@link KnownSettingKind} can be used interchangeably with SettingKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Anomalies** \ + * **EyesOn** \ + * **EntityAnalytics** \ + * **Ueba** + */ +export type SettingKind = string; + +/** Known values of {@link RepoType} that the service accepts. */ +export enum KnownRepoType { + Github = "Github", + DevOps = "DevOps" +} + +/** + * Defines values for RepoType. \ + * {@link KnownRepoType} can be used interchangeably with RepoType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Github** \ + * **DevOps** + */ +export type RepoType = string; + +/** Known values of {@link ContentType} that the service accepts. */ +export enum KnownContentType { + AnalyticRule = "AnalyticRule", + Workbook = "Workbook" +} + +/** + * Defines values for ContentType. \ + * {@link KnownContentType} can be used interchangeably with ContentType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **AnalyticRule** \ + * **Workbook** + */ +export type ContentType = string; + +/** Known values of {@link ThreatIntelligenceResourceKindEnum} that the service accepts. */ +export enum KnownThreatIntelligenceResourceKindEnum { + /** Entity represents threat intelligence indicator in the system. */ + Indicator = "indicator" +} + +/** + * Defines values for ThreatIntelligenceResourceKindEnum. \ + * {@link KnownThreatIntelligenceResourceKindEnum} can be used interchangeably with ThreatIntelligenceResourceKindEnum, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **indicator**: Entity represents threat intelligence indicator in the system. + */ +export type ThreatIntelligenceResourceKindEnum = string; + +/** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */ +export enum KnownThreatIntelligenceSortingCriteriaEnum { + Unsorted = "unsorted", + Ascending = "ascending", + Descending = "descending" +} + +/** + * Defines values for ThreatIntelligenceSortingCriteriaEnum. \ + * {@link KnownThreatIntelligenceSortingCriteriaEnum} can be used interchangeably with ThreatIntelligenceSortingCriteriaEnum, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **unsorted** \ + * **ascending** \ + * **descending** + */ +export type ThreatIntelligenceSortingCriteriaEnum = string; + +/** Known values of {@link Source} that the service accepts. */ +export enum KnownSource { + LocalFile = "Local file", + RemoteStorage = "Remote storage" +} + +/** + * Defines values for Source. \ + * {@link KnownSource} can be used interchangeably with Source, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Local file** \ + * **Remote storage** + */ +export type Source = string; + +/** Known values of {@link DataConnectorKind} that the service accepts. */ +export enum KnownDataConnectorKind { + AzureActiveDirectory = "AzureActiveDirectory", + AzureSecurityCenter = "AzureSecurityCenter", + MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", + ThreatIntelligence = "ThreatIntelligence", + ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii", + Office365 = "Office365", + OfficeATP = "OfficeATP", + OfficeIRM = "OfficeIRM", + Office365Project = "Office365Project", + OfficePowerBI = "OfficePowerBI", + AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", + AmazonWebServicesS3 = "AmazonWebServicesS3", + AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", + MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection", + Dynamics365 = "Dynamics365", + MicrosoftThreatProtection = "MicrosoftThreatProtection", + MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence", + GenericUI = "GenericUI", + APIPolling = "APIPolling" +} + +/** + * Defines values for DataConnectorKind. \ + * {@link KnownDataConnectorKind} can be used interchangeably with DataConnectorKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **AzureActiveDirectory** \ + * **AzureSecurityCenter** \ + * **MicrosoftCloudAppSecurity** \ + * **ThreatIntelligence** \ + * **ThreatIntelligenceTaxii** \ + * **Office365** \ + * **OfficeATP** \ + * **OfficeIRM** \ + * **Office365Project** \ + * **OfficePowerBI** \ + * **AmazonWebServicesCloudTrail** \ + * **AmazonWebServicesS3** \ + * **AzureAdvancedThreatProtection** \ + * **MicrosoftDefenderAdvancedThreatProtection** \ + * **Dynamics365** \ + * **MicrosoftThreatProtection** \ + * **MicrosoftThreatIntelligence** \ + * **GenericUI** \ + * **APIPolling** + */ +export type DataConnectorKind = string; + +/** Known values of {@link ConnectAuthKind} that the service accepts. */ +export enum KnownConnectAuthKind { + Basic = "Basic", + OAuth2 = "OAuth2", + APIKey = "APIKey" +} + +/** + * Defines values for ConnectAuthKind. \ + * {@link KnownConnectAuthKind} can be used interchangeably with ConnectAuthKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Basic** \ + * **OAuth2** \ + * **APIKey** + */ +export type ConnectAuthKind = string; + +/** Known values of {@link DataConnectorAuthorizationState} that the service accepts. */ +export enum KnownDataConnectorAuthorizationState { + Valid = "Valid", + Invalid = "Invalid" +} + +/** + * Defines values for DataConnectorAuthorizationState. \ + * {@link KnownDataConnectorAuthorizationState} can be used interchangeably with DataConnectorAuthorizationState, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Valid** \ + * **Invalid** + */ +export type DataConnectorAuthorizationState = string; + +/** Known values of {@link DataConnectorLicenseState} that the service accepts. */ +export enum KnownDataConnectorLicenseState { + Valid = "Valid", + Invalid = "Invalid", + Unknown = "Unknown" +} + +/** + * Defines values for DataConnectorLicenseState. \ + * {@link KnownDataConnectorLicenseState} can be used interchangeably with DataConnectorLicenseState, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Valid** \ + * **Invalid** \ + * **Unknown** + */ +export type DataConnectorLicenseState = string; + +/** Known values of {@link TemplateStatus} that the service accepts. */ +export enum KnownTemplateStatus { + /** Alert rule template installed. and can not use more then once */ + Installed = "Installed", + /** Alert rule template is available. */ + Available = "Available", + /** Alert rule template is not available */ + NotAvailable = "NotAvailable" +} + +/** + * Defines values for TemplateStatus. \ + * {@link KnownTemplateStatus} can be used interchangeably with TemplateStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Installed**: Alert rule template installed. and can not use more then once \ + * **Available**: Alert rule template is available. \ + * **NotAvailable**: Alert rule template is not available + */ +export type TemplateStatus = string; + +/** Known values of {@link EntityMappingType} that the service accepts. */ +export enum KnownEntityMappingType { + /** User account entity type */ + Account = "Account", + /** Host entity type */ + Host = "Host", + /** IP address entity type */ + IP = "IP", + /** Malware entity type */ + Malware = "Malware", + /** System file entity type */ + File = "File", + /** Process entity type */ + Process = "Process", + /** Cloud app entity type */ + CloudApplication = "CloudApplication", + /** DNS entity type */ + DNS = "DNS", + /** Azure resource entity type */ + AzureResource = "AzureResource", + /** File-hash entity type */ + FileHash = "FileHash", + /** Registry key entity type */ + RegistryKey = "RegistryKey", + /** Registry value entity type */ + RegistryValue = "RegistryValue", + /** Security group entity type */ + SecurityGroup = "SecurityGroup", + /** URL entity type */ + URL = "URL", + /** Mailbox entity type */ + Mailbox = "Mailbox", + /** Mail cluster entity type */ + MailCluster = "MailCluster", + /** Mail message entity type */ + MailMessage = "MailMessage", + /** Submission mail entity type */ + SubmissionMail = "SubmissionMail" +} + +/** + * Defines values for EntityMappingType. \ + * {@link KnownEntityMappingType} can be used interchangeably with EntityMappingType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Account**: User account entity type \ + * **Host**: Host entity type \ + * **IP**: IP address entity type \ + * **Malware**: Malware entity type \ + * **File**: System file entity type \ + * **Process**: Process entity type \ + * **CloudApplication**: Cloud app entity type \ + * **DNS**: DNS entity type \ + * **AzureResource**: Azure resource entity type \ + * **FileHash**: File-hash entity type \ + * **RegistryKey**: Registry key entity type \ + * **RegistryValue**: Registry value entity type \ + * **SecurityGroup**: Security group entity type \ + * **URL**: URL entity type \ + * **Mailbox**: Mailbox entity type \ + * **MailCluster**: Mail cluster entity type \ + * **MailMessage**: Mail message entity type \ + * **SubmissionMail**: Submission mail entity type + */ +export type EntityMappingType = string; + +/** Known values of {@link MicrosoftSecurityProductName} that the service accepts. */ +export enum KnownMicrosoftSecurityProductName { + MicrosoftCloudAppSecurity = "Microsoft Cloud App Security", + AzureSecurityCenter = "Azure Security Center", + AzureAdvancedThreatProtection = "Azure Advanced Threat Protection", + AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection", + AzureSecurityCenterForIoT = "Azure Security Center for IoT", + Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection", + MicrosoftDefenderAdvancedThreatProtection = "Microsoft Defender Advanced Threat Protection" +} + +/** + * Defines values for MicrosoftSecurityProductName. \ + * {@link KnownMicrosoftSecurityProductName} can be used interchangeably with MicrosoftSecurityProductName, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Microsoft Cloud App Security** \ + * **Azure Security Center** \ + * **Azure Advanced Threat Protection** \ + * **Azure Active Directory Identity Protection** \ + * **Azure Security Center for IoT** \ + * **Office 365 Advanced Threat Protection** \ + * **Microsoft Defender Advanced Threat Protection** + */ +export type MicrosoftSecurityProductName = string; + +/** Known values of {@link MatchingMethod} that the service accepts. */ +export enum KnownMatchingMethod { + /** Grouping alerts into a single incident if all the entities match */ + AllEntities = "AllEntities", + /** Grouping any alerts triggered by this rule into a single incident */ + AnyAlert = "AnyAlert", + /** Grouping alerts into a single incident if the selected entities, custom details and alert details match */ + Selected = "Selected" +} + +/** + * Defines values for MatchingMethod. \ + * {@link KnownMatchingMethod} can be used interchangeably with MatchingMethod, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **AllEntities**: Grouping alerts into a single incident if all the entities match \ + * **AnyAlert**: Grouping any alerts triggered by this rule into a single incident \ + * **Selected**: Grouping alerts into a single incident if the selected entities, custom details and alert details match + */ +export type MatchingMethod = string; + +/** Known values of {@link AlertDetail} that the service accepts. */ +export enum KnownAlertDetail { + /** Alert display name */ + DisplayName = "DisplayName", + /** Alert severity */ + Severity = "Severity" +} + +/** + * Defines values for AlertDetail. \ + * {@link KnownAlertDetail} can be used interchangeably with AlertDetail, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **DisplayName**: Alert display name \ + * **Severity**: Alert severity + */ +export type AlertDetail = string; + +/** Known values of {@link EventGroupingAggregationKind} that the service accepts. */ +export enum KnownEventGroupingAggregationKind { + SingleAlert = "SingleAlert", + AlertPerResult = "AlertPerResult" +} + +/** + * Defines values for EventGroupingAggregationKind. \ + * {@link KnownEventGroupingAggregationKind} can be used interchangeably with EventGroupingAggregationKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **SingleAlert** \ + * **AlertPerResult** + */ +export type EventGroupingAggregationKind = string; + +/** Known values of {@link IncidentOwnerType} that the service accepts. */ +export enum KnownIncidentOwnerType { + Unknown = "Unknown", + User = "User", + Group = "Group" +} + +/** + * Defines values for IncidentOwnerType. \ + * {@link KnownIncidentOwnerType} can be used interchangeably with IncidentOwnerType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Unknown** \ + * **User** \ + * **Group** + */ +export type IncidentOwnerType = string; + +/** Known values of {@link AutomationRulePropertyConditionSupportedProperty} that the service accepts. */ +export enum KnownAutomationRulePropertyConditionSupportedProperty { + /** The title of the incident */ + IncidentTitle = "IncidentTitle", + /** The description of the incident */ + IncidentDescription = "IncidentDescription", + /** The severity of the incident */ + IncidentSeverity = "IncidentSeverity", + /** The status of the incident */ + IncidentStatus = "IncidentStatus", + /** The related Analytic rule ids of the incident */ + IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", + /** The tactics of the incident */ + IncidentTactics = "IncidentTactics", + /** The labels of the incident */ + IncidentLabel = "IncidentLabel", + /** The provider name of the incident */ + IncidentProviderName = "IncidentProviderName", + /** The account Azure Active Directory tenant id */ + AccountAadTenantId = "AccountAadTenantId", + /** The account Azure Active Directory user id */ + AccountAadUserId = "AccountAadUserId", + /** The account name */ + AccountName = "AccountName", + /** The account NetBIOS domain name */ + AccountNTDomain = "AccountNTDomain", + /** The account Azure Active Directory Passport User ID */ + AccountPuid = "AccountPUID", + /** The account security identifier */ + AccountSid = "AccountSid", + /** The account unique identifier */ + AccountObjectGuid = "AccountObjectGuid", + /** The account user principal name suffix */ + AccountUPNSuffix = "AccountUPNSuffix", + /** The name of the product of the alert */ + AlertProductNames = "AlertProductNames", + /** The Azure resource id */ + AzureResourceResourceId = "AzureResourceResourceId", + /** The Azure resource subscription id */ + AzureResourceSubscriptionId = "AzureResourceSubscriptionId", + /** The cloud application identifier */ + CloudApplicationAppId = "CloudApplicationAppId", + /** The cloud application name */ + CloudApplicationAppName = "CloudApplicationAppName", + /** The dns record domain name */ + DNSDomainName = "DNSDomainName", + /** The file directory full path */ + FileDirectory = "FileDirectory", + /** The file name without path */ + FileName = "FileName", + /** The file hash value */ + FileHashValue = "FileHashValue", + /** The host Azure resource id */ + HostAzureID = "HostAzureID", + /** The host name without domain */ + HostName = "HostName", + /** The host NetBIOS name */ + HostNetBiosName = "HostNetBiosName", + /** The host NT domain */ + HostNTDomain = "HostNTDomain", + /** The host operating system */ + HostOSVersion = "HostOSVersion", + /** "The IoT device id */ + IoTDeviceId = "IoTDeviceId", + /** The IoT device name */ + IoTDeviceName = "IoTDeviceName", + /** The IoT device type */ + IoTDeviceType = "IoTDeviceType", + /** The IoT device vendor */ + IoTDeviceVendor = "IoTDeviceVendor", + /** The IoT device model */ + IoTDeviceModel = "IoTDeviceModel", + /** The IoT device operating system */ + IoTDeviceOperatingSystem = "IoTDeviceOperatingSystem", + /** The IP address */ + IPAddress = "IPAddress", + /** The mailbox display name */ + MailboxDisplayName = "MailboxDisplayName", + /** The mailbox primary address */ + MailboxPrimaryAddress = "MailboxPrimaryAddress", + /** The mailbox user principal name */ + MailboxUPN = "MailboxUPN", + /** The mail message delivery action */ + MailMessageDeliveryAction = "MailMessageDeliveryAction", + /** The mail message delivery location */ + MailMessageDeliveryLocation = "MailMessageDeliveryLocation", + /** The mail message recipient */ + MailMessageRecipient = "MailMessageRecipient", + /** The mail message sender IP address */ + MailMessageSenderIP = "MailMessageSenderIP", + /** The mail message subject */ + MailMessageSubject = "MailMessageSubject", + /** The mail message P1 sender */ + MailMessageP1Sender = "MailMessageP1Sender", + /** The mail message P2 sender */ + MailMessageP2Sender = "MailMessageP2Sender", + /** The malware category */ + MalwareCategory = "MalwareCategory", + /** The malware name */ + MalwareName = "MalwareName", + /** The process execution command line */ + ProcessCommandLine = "ProcessCommandLine", + /** The process id */ + ProcessId = "ProcessId", + /** The registry key path */ + RegistryKey = "RegistryKey", + /** The registry key value in string formatted representation */ + RegistryValueData = "RegistryValueData", + /** The url */ + Url = "Url" +} + +/** + * Defines values for AutomationRulePropertyConditionSupportedProperty. \ + * {@link KnownAutomationRulePropertyConditionSupportedProperty} can be used interchangeably with AutomationRulePropertyConditionSupportedProperty, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **IncidentTitle**: The title of the incident \ + * **IncidentDescription**: The description of the incident \ + * **IncidentSeverity**: The severity of the incident \ + * **IncidentStatus**: The status of the incident \ + * **IncidentRelatedAnalyticRuleIds**: The related Analytic rule ids of the incident \ + * **IncidentTactics**: The tactics of the incident \ + * **IncidentLabel**: The labels of the incident \ + * **IncidentProviderName**: The provider name of the incident \ + * **AccountAadTenantId**: The account Azure Active Directory tenant id \ + * **AccountAadUserId**: The account Azure Active Directory user id \ + * **AccountName**: The account name \ + * **AccountNTDomain**: The account NetBIOS domain name \ + * **AccountPUID**: The account Azure Active Directory Passport User ID \ + * **AccountSid**: The account security identifier \ + * **AccountObjectGuid**: The account unique identifier \ + * **AccountUPNSuffix**: The account user principal name suffix \ + * **AlertProductNames**: The name of the product of the alert \ + * **AzureResourceResourceId**: The Azure resource id \ + * **AzureResourceSubscriptionId**: The Azure resource subscription id \ + * **CloudApplicationAppId**: The cloud application identifier \ + * **CloudApplicationAppName**: The cloud application name \ + * **DNSDomainName**: The dns record domain name \ + * **FileDirectory**: The file directory full path \ + * **FileName**: The file name without path \ + * **FileHashValue**: The file hash value \ + * **HostAzureID**: The host Azure resource id \ + * **HostName**: The host name without domain \ + * **HostNetBiosName**: The host NetBIOS name \ + * **HostNTDomain**: The host NT domain \ + * **HostOSVersion**: The host operating system \ + * **IoTDeviceId**: "The IoT device id \ + * **IoTDeviceName**: The IoT device name \ + * **IoTDeviceType**: The IoT device type \ + * **IoTDeviceVendor**: The IoT device vendor \ + * **IoTDeviceModel**: The IoT device model \ + * **IoTDeviceOperatingSystem**: The IoT device operating system \ + * **IPAddress**: The IP address \ + * **MailboxDisplayName**: The mailbox display name \ + * **MailboxPrimaryAddress**: The mailbox primary address \ + * **MailboxUPN**: The mailbox user principal name \ + * **MailMessageDeliveryAction**: The mail message delivery action \ + * **MailMessageDeliveryLocation**: The mail message delivery location \ + * **MailMessageRecipient**: The mail message recipient \ + * **MailMessageSenderIP**: The mail message sender IP address \ + * **MailMessageSubject**: The mail message subject \ + * **MailMessageP1Sender**: The mail message P1 sender \ + * **MailMessageP2Sender**: The mail message P2 sender \ + * **MalwareCategory**: The malware category \ + * **MalwareName**: The malware name \ + * **ProcessCommandLine**: The process execution command line \ + * **ProcessId**: The process id \ + * **RegistryKey**: The registry key path \ + * **RegistryValueData**: The registry key value in string formatted representation \ + * **Url**: The url + */ +export type AutomationRulePropertyConditionSupportedProperty = string; + +/** Known values of {@link AutomationRulePropertyConditionSupportedOperator} that the service accepts. */ +export enum KnownAutomationRulePropertyConditionSupportedOperator { + /** Evaluates if the property equals at least one of the condition values */ + Equals = "Equals", + /** Evaluates if the property does not equal any of the condition values */ + NotEquals = "NotEquals", + /** Evaluates if the property contains at least one of the condition values */ + Contains = "Contains", + /** Evaluates if the property does not contain any of the condition values */ + NotContains = "NotContains", + /** Evaluates if the property starts with any of the condition values */ + StartsWith = "StartsWith", + /** Evaluates if the property does not start with any of the condition values */ + NotStartsWith = "NotStartsWith", + /** Evaluates if the property ends with any of the condition values */ + EndsWith = "EndsWith", + /** Evaluates if the property does not end with any of the condition values */ + NotEndsWith = "NotEndsWith" +} + +/** + * Defines values for AutomationRulePropertyConditionSupportedOperator. \ + * {@link KnownAutomationRulePropertyConditionSupportedOperator} can be used interchangeably with AutomationRulePropertyConditionSupportedOperator, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Equals**: Evaluates if the property equals at least one of the condition values \ + * **NotEquals**: Evaluates if the property does not equal any of the condition values \ + * **Contains**: Evaluates if the property contains at least one of the condition values \ + * **NotContains**: Evaluates if the property does not contain any of the condition values \ + * **StartsWith**: Evaluates if the property starts with any of the condition values \ + * **NotStartsWith**: Evaluates if the property does not start with any of the condition values \ + * **EndsWith**: Evaluates if the property ends with any of the condition values \ + * **NotEndsWith**: Evaluates if the property does not end with any of the condition values + */ +export type AutomationRulePropertyConditionSupportedOperator = string; + +/** Known values of {@link EntityType} that the service accepts. */ +export enum KnownEntityType { + /** Entity represents account in the system. */ + Account = "Account", + /** Entity represents host in the system. */ + Host = "Host", + /** Entity represents file in the system. */ + File = "File", + /** Entity represents azure resource in the system. */ + AzureResource = "AzureResource", + /** Entity represents cloud application in the system. */ + CloudApplication = "CloudApplication", + /** Entity represents dns in the system. */ + DNS = "DNS", + /** Entity represents file hash in the system. */ + FileHash = "FileHash", + /** Entity represents ip in the system. */ + IP = "IP", + /** Entity represents malware in the system. */ + Malware = "Malware", + /** Entity represents process in the system. */ + Process = "Process", + /** Entity represents registry key in the system. */ + RegistryKey = "RegistryKey", + /** Entity represents registry value in the system. */ + RegistryValue = "RegistryValue", + /** Entity represents security group in the system. */ + SecurityGroup = "SecurityGroup", + /** Entity represents url in the system. */ + URL = "URL", + /** Entity represents IoT device in the system. */ + IoTDevice = "IoTDevice", + /** Entity represents security alert in the system. */ + SecurityAlert = "SecurityAlert", + /** Entity represents HuntingBookmark in the system. */ + HuntingBookmark = "HuntingBookmark", + /** Entity represents mail cluster in the system. */ + MailCluster = "MailCluster", + /** Entity represents mail message in the system. */ + MailMessage = "MailMessage", + /** Entity represents mailbox in the system. */ + Mailbox = "Mailbox", + /** Entity represents submission mail in the system. */ + SubmissionMail = "SubmissionMail" +} + +/** + * Defines values for EntityType. \ + * {@link KnownEntityType} can be used interchangeably with EntityType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Account**: Entity represents account in the system. \ + * **Host**: Entity represents host in the system. \ + * **File**: Entity represents file in the system. \ + * **AzureResource**: Entity represents azure resource in the system. \ + * **CloudApplication**: Entity represents cloud application in the system. \ + * **DNS**: Entity represents dns in the system. \ + * **FileHash**: Entity represents file hash in the system. \ + * **IP**: Entity represents ip in the system. \ + * **Malware**: Entity represents malware in the system. \ + * **Process**: Entity represents process in the system. \ + * **RegistryKey**: Entity represents registry key in the system. \ + * **RegistryValue**: Entity represents registry value in the system. \ + * **SecurityGroup**: Entity represents security group in the system. \ + * **URL**: Entity represents url in the system. \ + * **IoTDevice**: Entity represents IoT device in the system. \ + * **SecurityAlert**: Entity represents security alert in the system. \ + * **HuntingBookmark**: Entity represents HuntingBookmark in the system. \ + * **MailCluster**: Entity represents mail cluster in the system. \ + * **MailMessage**: Entity represents mail message in the system. \ + * **Mailbox**: Entity represents mailbox in the system. \ + * **SubmissionMail**: Entity represents submission mail in the system. + */ +export type EntityType = string; + +/** Known values of {@link OutputType} that the service accepts. */ +export enum KnownOutputType { + Number = "Number", + String = "String", + Date = "Date", + Entity = "Entity" +} + +/** + * Defines values for OutputType. \ + * {@link KnownOutputType} can be used interchangeably with OutputType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Number** \ + * **String** \ + * **Date** \ + * **Entity** + */ +export type OutputType = string; + +/** Known values of {@link UebaDataSources} that the service accepts. */ +export enum KnownUebaDataSources { + AuditLogs = "AuditLogs", + AzureActivity = "AzureActivity", + SecurityEvent = "SecurityEvent", + SigninLogs = "SigninLogs" +} + +/** + * Defines values for UebaDataSources. \ + * {@link KnownUebaDataSources} can be used interchangeably with UebaDataSources, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **AuditLogs** \ + * **AzureActivity** \ + * **SecurityEvent** \ + * **SigninLogs** + */ +export type UebaDataSources = string; + +/** Known values of {@link SkuKind} that the service accepts. */ +export enum KnownSkuKind { + PerGB = "PerGB", + CapacityReservation = "CapacityReservation" +} + +/** + * Defines values for SkuKind. \ + * {@link KnownSkuKind} can be used interchangeably with SkuKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **PerGB** \ + * **CapacityReservation** + */ +export type SkuKind = string; + +/** Known values of {@link DataTypeState} that the service accepts. */ +export enum KnownDataTypeState { + Enabled = "Enabled", + Disabled = "Disabled" +} + +/** + * Defines values for DataTypeState. \ + * {@link KnownDataTypeState} can be used interchangeably with DataTypeState, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Enabled** \ + * **Disabled** + */ +export type DataTypeState = string; + +/** Known values of {@link PollingFrequency} that the service accepts. */ +export enum KnownPollingFrequency { + /** Once a minute */ + OnceAMinute = "OnceAMinute", + /** Once an hour */ + OnceAnHour = "OnceAnHour", + /** Once a day */ + OnceADay = "OnceADay" +} + +/** + * Defines values for PollingFrequency. \ + * {@link KnownPollingFrequency} can be used interchangeably with PollingFrequency, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **OnceAMinute**: Once a minute \ + * **OnceAnHour**: Once an hour \ + * **OnceADay**: Once a day + */ +export type PollingFrequency = string; + +/** Known values of {@link ConnectivityType} that the service accepts. */ +export enum KnownConnectivityType { + IsConnectedQuery = "IsConnectedQuery" +} + +/** + * Defines values for ConnectivityType. \ + * {@link KnownConnectivityType} can be used interchangeably with ConnectivityType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **IsConnectedQuery** + */ +export type ConnectivityType = string; + +/** Known values of {@link ProviderName} that the service accepts. */ +export enum KnownProviderName { + MicrosoftOperationalInsightsSolutions = "Microsoft.OperationalInsights/solutions", + MicrosoftOperationalInsightsWorkspaces = "Microsoft.OperationalInsights/workspaces", + MicrosoftOperationalInsightsWorkspacesDatasources = "Microsoft.OperationalInsights/workspaces/datasources", + MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings", + MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys", + MicrosoftAuthorizationPolicyAssignments = "Microsoft.Authorization/policyAssignments" +} + +/** + * Defines values for ProviderName. \ + * {@link KnownProviderName} can be used interchangeably with ProviderName, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Microsoft.OperationalInsights\/solutions** \ + * **Microsoft.OperationalInsights\/workspaces** \ + * **Microsoft.OperationalInsights\/workspaces\/datasources** \ + * **microsoft.aadiam\/diagnosticSettings** \ + * **Microsoft.OperationalInsights\/workspaces\/sharedKeys** \ + * **Microsoft.Authorization\/policyAssignments** + */ +export type ProviderName = string; + +/** Known values of {@link PermissionProviderScope} that the service accepts. */ +export enum KnownPermissionProviderScope { + ResourceGroup = "ResourceGroup", + Subscription = "Subscription", + Workspace = "Workspace" +} + +/** + * Defines values for PermissionProviderScope. \ + * {@link KnownPermissionProviderScope} can be used interchangeably with PermissionProviderScope, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **ResourceGroup** \ + * **Subscription** \ + * **Workspace** + */ +export type PermissionProviderScope = string; + +/** Known values of {@link SettingType} that the service accepts. */ +export enum KnownSettingType { + CopyableLabel = "CopyableLabel", + InstructionStepsGroup = "InstructionStepsGroup", + InfoMessage = "InfoMessage" +} + +/** + * Defines values for SettingType. \ + * {@link KnownSettingType} can be used interchangeably with SettingType, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **CopyableLabel** \ + * **InstructionStepsGroup** \ + * **InfoMessage** + */ +export type SettingType = string; + +/** Known values of {@link FileHashAlgorithm} that the service accepts. */ +export enum KnownFileHashAlgorithm { + /** Unknown hash algorithm */ + Unknown = "Unknown", + /** MD5 hash type */ + MD5 = "MD5", + /** SHA1 hash type */ + SHA1 = "SHA1", + /** SHA256 hash type */ + SHA256 = "SHA256", + /** SHA256 Authenticode hash type */ + SHA256AC = "SHA256AC" +} + +/** + * Defines values for FileHashAlgorithm. \ + * {@link KnownFileHashAlgorithm} can be used interchangeably with FileHashAlgorithm, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Unknown**: Unknown hash algorithm \ + * **MD5**: MD5 hash type \ + * **SHA1**: SHA1 hash type \ + * **SHA256**: SHA256 hash type \ + * **SHA256AC**: SHA256 Authenticode hash type + */ +export type FileHashAlgorithm = string; + +/** Known values of {@link AntispamMailDirection} that the service accepts. */ +export enum KnownAntispamMailDirection { + /** Unknown */ + Unknown = "Unknown", + /** Inbound */ + Inbound = "Inbound", + /** Outbound */ + Outbound = "Outbound", + /** Intraorg */ + Intraorg = "Intraorg" +} + +/** + * Defines values for AntispamMailDirection. \ + * {@link KnownAntispamMailDirection} can be used interchangeably with AntispamMailDirection, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Unknown**: Unknown \ + * **Inbound**: Inbound \ + * **Outbound**: Outbound \ + * **Intraorg**: Intraorg + */ +export type AntispamMailDirection = string; + +/** Known values of {@link RegistryHive} that the service accepts. */ +export enum KnownRegistryHive { + /** HKEY_LOCAL_MACHINE */ + HkeyLocalMachine = "HKEY_LOCAL_MACHINE", + /** HKEY_CLASSES_ROOT */ + HkeyClassesRoot = "HKEY_CLASSES_ROOT", + /** HKEY_CURRENT_CONFIG */ + HkeyCurrentConfig = "HKEY_CURRENT_CONFIG", + /** HKEY_USERS */ + HkeyUsers = "HKEY_USERS", + /** HKEY_CURRENT_USER_LOCAL_SETTINGS */ + HkeyCurrentUserLocalSettings = "HKEY_CURRENT_USER_LOCAL_SETTINGS", + /** HKEY_PERFORMANCE_DATA */ + HkeyPerformanceData = "HKEY_PERFORMANCE_DATA", + /** HKEY_PERFORMANCE_NLSTEXT */ + HkeyPerformanceNlstext = "HKEY_PERFORMANCE_NLSTEXT", + /** HKEY_PERFORMANCE_TEXT */ + HkeyPerformanceText = "HKEY_PERFORMANCE_TEXT", + /** HKEY_A */ + HkeyA = "HKEY_A", + /** HKEY_CURRENT_USER */ + HkeyCurrentUser = "HKEY_CURRENT_USER" +} + +/** + * Defines values for RegistryHive. \ + * {@link KnownRegistryHive} can be used interchangeably with RegistryHive, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **HKEY_LOCAL_MACHINE**: HKEY_LOCAL_MACHINE \ + * **HKEY_CLASSES_ROOT**: HKEY_CLASSES_ROOT \ + * **HKEY_CURRENT_CONFIG**: HKEY_CURRENT_CONFIG \ + * **HKEY_USERS**: HKEY_USERS \ + * **HKEY_CURRENT_USER_LOCAL_SETTINGS**: HKEY_CURRENT_USER_LOCAL_SETTINGS \ + * **HKEY_PERFORMANCE_DATA**: HKEY_PERFORMANCE_DATA \ + * **HKEY_PERFORMANCE_NLSTEXT**: HKEY_PERFORMANCE_NLSTEXT \ + * **HKEY_PERFORMANCE_TEXT**: HKEY_PERFORMANCE_TEXT \ + * **HKEY_A**: HKEY_A \ + * **HKEY_CURRENT_USER**: HKEY_CURRENT_USER + */ +export type RegistryHive = string; + +/** Known values of {@link RegistryValueKind} that the service accepts. */ +export enum KnownRegistryValueKind { + /** None */ + None = "None", + /** Unknown value type */ + Unknown = "Unknown", + /** String value type */ + String = "String", + /** ExpandString value type */ + ExpandString = "ExpandString", + /** Binary value type */ + Binary = "Binary", + /** DWord value type */ + DWord = "DWord", + /** MultiString value type */ + MultiString = "MultiString", + /** QWord value type */ + QWord = "QWord" +} + +/** + * Defines values for RegistryValueKind. \ + * {@link KnownRegistryValueKind} can be used interchangeably with RegistryValueKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **None**: None \ + * **Unknown**: Unknown value type \ + * **String**: String value type \ + * **ExpandString**: ExpandString value type \ + * **Binary**: Binary value type \ + * **DWord**: DWord value type \ + * **MultiString**: MultiString value type \ + * **QWord**: QWord value type + */ +export type RegistryValueKind = string; +/** Defines values for TriggerOperator. */ +export type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual"; +/** Defines values for OSFamily. */ +export type OSFamily = "Linux" | "Windows" | "Android" | "IOS" | "Unknown"; +/** Defines values for DeliveryAction. */ +export type DeliveryAction = + | "Unknown" + | "DeliveredAsSpam" + | "Delivered" + | "Blocked" + | "Replaced"; +/** Defines values for DeliveryLocation. */ +export type DeliveryLocation = + | "Unknown" + | "Inbox" + | "JunkFolder" + | "DeletedFolder" + | "Quarantine" + | "External" + | "Failed" + | "Dropped" + | "Forwarded"; +/** Defines values for ElevationToken. */ +export type ElevationToken = "Default" | "Full" | "Limited"; + +/** Optional parameters. */ +export interface AlertRulesListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type AlertRulesListResponse = AlertRulesList; + +/** Optional parameters. */ +export interface AlertRulesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type AlertRulesGetResponse = AlertRuleUnion; + +/** Optional parameters. */ +export interface AlertRulesCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type AlertRulesCreateOrUpdateResponse = AlertRuleUnion; + +/** Optional parameters. */ +export interface AlertRulesDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface AlertRulesListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type AlertRulesListNextResponse = AlertRulesList; + +/** Optional parameters. */ +export interface ActionsListByAlertRuleOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listByAlertRule operation. */ +export type ActionsListByAlertRuleResponse = ActionsList; + +/** Optional parameters. */ +export interface ActionsGetOptionalParams extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type ActionsGetResponse = ActionResponse; + +/** Optional parameters. */ +export interface ActionsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type ActionsCreateOrUpdateResponse = ActionResponse; + +/** Optional parameters. */ +export interface ActionsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface ActionsListByAlertRuleNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listByAlertRuleNext operation. */ +export type ActionsListByAlertRuleNextResponse = ActionsList; + +/** Optional parameters. */ +export interface AlertRuleTemplatesListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList; + +/** Optional parameters. */ +export interface AlertRuleTemplatesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type AlertRuleTemplatesGetResponse = AlertRuleTemplateUnion; + +/** Optional parameters. */ +export interface AlertRuleTemplatesListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList; + +/** Optional parameters. */ +export interface AutomationRulesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type AutomationRulesGetResponse = AutomationRule; + +/** Optional parameters. */ +export interface AutomationRulesCreateOrUpdateOptionalParams + extends coreClient.OperationOptions { + /** The automation rule */ + automationRuleToUpsert?: AutomationRule; +} + +/** Contains response data for the createOrUpdate operation. */ +export type AutomationRulesCreateOrUpdateResponse = AutomationRule; + +/** Optional parameters. */ +export interface AutomationRulesDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the delete operation. */ +export type AutomationRulesDeleteResponse = Record; + +/** Optional parameters. */ +export interface AutomationRulesListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type AutomationRulesListResponse = AutomationRulesList; + +/** Optional parameters. */ +export interface AutomationRulesManualTriggerPlaybookOptionalParams + extends coreClient.OperationOptions { + requestBody?: ManualTriggerRequestBody; +} + +/** Contains response data for the manualTriggerPlaybook operation. */ +export type AutomationRulesManualTriggerPlaybookResponse = Record< + string, + unknown +>; + +/** Optional parameters. */ +export interface AutomationRulesListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type AutomationRulesListNextResponse = AutomationRulesList; + +/** Optional parameters. */ +export interface BookmarksListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type BookmarksListResponse = BookmarkList; + +/** Optional parameters. */ +export interface BookmarksGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type BookmarksGetResponse = Bookmark; + +/** Optional parameters. */ +export interface BookmarksCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type BookmarksCreateOrUpdateResponse = Bookmark; + +/** Optional parameters. */ +export interface BookmarksDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface BookmarksListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type BookmarksListNextResponse = BookmarkList; + +/** Optional parameters. */ +export interface BookmarkRelationsListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the list operation. */ +export type BookmarkRelationsListResponse = RelationList; + +/** Optional parameters. */ +export interface BookmarkRelationsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type BookmarkRelationsGetResponse = Relation; + +/** Optional parameters. */ +export interface BookmarkRelationsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type BookmarkRelationsCreateOrUpdateResponse = Relation; + +/** Optional parameters. */ +export interface BookmarkRelationsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface BookmarkRelationsListNextOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the listNext operation. */ +export type BookmarkRelationsListNextResponse = RelationList; + +/** Optional parameters. */ +export interface BookmarkExpandOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the expand operation. */ +export type BookmarkExpandOperationResponse = BookmarkExpandResponse; + +/** Optional parameters. */ +export interface IPGeodataGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type IPGeodataGetResponse = EnrichmentIpGeodata; + +/** Optional parameters. */ +export interface DomainWhoisGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type DomainWhoisGetResponse = EnrichmentDomainWhois; + +/** Optional parameters. */ +export interface EntitiesListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type EntitiesListResponse = EntityList; + +/** Optional parameters. */ +export interface EntitiesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type EntitiesGetResponse = EntityUnion; + +/** Optional parameters. */ +export interface EntitiesExpandOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the expand operation. */ +export type EntitiesExpandResponse = EntityExpandResponse; + +/** Optional parameters. */ +export interface EntitiesQueriesOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the queries operation. */ +export type EntitiesQueriesResponse = GetQueriesResponse; + +/** Optional parameters. */ +export interface EntitiesGetInsightsOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the getInsights operation. */ +export type EntitiesGetInsightsResponse = EntityGetInsightsResponse; + +/** Optional parameters. */ +export interface EntitiesListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type EntitiesListNextResponse = EntityList; + +/** Optional parameters. */ +export interface EntitiesGetTimelineListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type EntitiesGetTimelineListResponse = EntityTimelineResponse; + +/** Optional parameters. */ +export interface EntitiesRelationsListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the list operation. */ +export type EntitiesRelationsListResponse = RelationList; + +/** Optional parameters. */ +export interface EntitiesRelationsListNextOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the listNext operation. */ +export type EntitiesRelationsListNextResponse = RelationList; + +/** Optional parameters. */ +export interface EntityRelationsGetRelationOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the getRelation operation. */ +export type EntityRelationsGetRelationResponse = Relation; + +/** Optional parameters. */ +export interface EntityQueriesListOptionalParams + extends coreClient.OperationOptions { + /** The entity query kind we want to fetch */ + kind?: Enum12; +} + +/** Contains response data for the list operation. */ +export type EntityQueriesListResponse = EntityQueryList; + +/** Optional parameters. */ +export interface EntityQueriesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type EntityQueriesGetResponse = EntityQueryUnion; + +/** Optional parameters. */ +export interface EntityQueriesCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; + +/** Optional parameters. */ +export interface EntityQueriesDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface EntityQueriesListNextOptionalParams + extends coreClient.OperationOptions { + /** The entity query kind we want to fetch */ + kind?: Enum12; +} + +/** Contains response data for the listNext operation. */ +export type EntityQueriesListNextResponse = EntityQueryList; + +/** Optional parameters. */ +export interface EntityQueryTemplatesListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; + +/** Optional parameters. */ +export interface EntityQueryTemplatesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; + +/** Optional parameters. */ +export interface EntityQueryTemplatesListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; + +/** Optional parameters. */ +export interface IncidentsListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the list operation. */ +export type IncidentsListResponse = IncidentList; + +/** Optional parameters. */ +export interface IncidentsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type IncidentsGetResponse = Incident; + +/** Optional parameters. */ +export interface IncidentsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type IncidentsCreateOrUpdateResponse = Incident; + +/** Optional parameters. */ +export interface IncidentsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface IncidentsCreateTeamOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createTeam operation. */ +export type IncidentsCreateTeamResponse = TeamInformation; + +/** Optional parameters. */ +export interface IncidentsListAlertsOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listAlerts operation. */ +export type IncidentsListAlertsResponse = IncidentAlertList; + +/** Optional parameters. */ +export interface IncidentsListBookmarksOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listBookmarks operation. */ +export type IncidentsListBookmarksResponse = IncidentBookmarkList; + +/** Optional parameters. */ +export interface IncidentsListEntitiesOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listEntities operation. */ +export type IncidentsListEntitiesResponse = IncidentEntitiesResponse; + +/** Optional parameters. */ +export interface IncidentsListNextOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the listNext operation. */ +export type IncidentsListNextResponse = IncidentList; + +/** Optional parameters. */ +export interface IncidentCommentsListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the list operation. */ +export type IncidentCommentsListResponse = IncidentCommentList; + +/** Optional parameters. */ +export interface IncidentCommentsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type IncidentCommentsGetResponse = IncidentComment; + +/** Optional parameters. */ +export interface IncidentCommentsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type IncidentCommentsCreateOrUpdateResponse = IncidentComment; + +/** Optional parameters. */ +export interface IncidentCommentsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface IncidentCommentsListNextOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the listNext operation. */ +export type IncidentCommentsListNextResponse = IncidentCommentList; + +/** Optional parameters. */ +export interface IncidentRelationsListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the list operation. */ +export type IncidentRelationsListResponse = RelationList; + +/** Optional parameters. */ +export interface IncidentRelationsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type IncidentRelationsGetResponse = Relation; + +/** Optional parameters. */ +export interface IncidentRelationsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type IncidentRelationsCreateOrUpdateResponse = Relation; + +/** Optional parameters. */ +export interface IncidentRelationsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface IncidentRelationsListNextOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the listNext operation. */ +export type IncidentRelationsListNextResponse = RelationList; + +/** Optional parameters. */ +export interface MetadataListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. */ + skip?: number; +} + +/** Contains response data for the list operation. */ +export type MetadataListResponse = MetadataList; + +/** Optional parameters. */ +export interface MetadataGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type MetadataGetResponse = MetadataModel; + +/** Optional parameters. */ +export interface MetadataDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface MetadataCreateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the create operation. */ +export type MetadataCreateResponse = MetadataModel; + +/** Optional parameters. */ +export interface MetadataUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the update operation. */ +export type MetadataUpdateResponse = MetadataModel; + +/** Optional parameters. */ +export interface MetadataListNextOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. */ + skip?: number; +} + +/** Contains response data for the listNext operation. */ +export type MetadataListNextResponse = MetadataList; + +/** Optional parameters. */ +export interface OfficeConsentsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type OfficeConsentsListResponse = OfficeConsentList; + +/** Optional parameters. */ +export interface OfficeConsentsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type OfficeConsentsGetResponse = OfficeConsent; + +/** Optional parameters. */ +export interface OfficeConsentsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface OfficeConsentsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type OfficeConsentsListNextResponse = OfficeConsentList; + +/** Optional parameters. */ +export interface SentinelOnboardingStatesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type SentinelOnboardingStatesGetResponse = SentinelOnboardingState; + +/** Optional parameters. */ +export interface SentinelOnboardingStatesCreateOptionalParams + extends coreClient.OperationOptions { + /** The Sentinel onboarding state parameter */ + sentinelOnboardingStateParameter?: SentinelOnboardingState; +} + +/** Contains response data for the create operation. */ +export type SentinelOnboardingStatesCreateResponse = SentinelOnboardingState; + +/** Optional parameters. */ +export interface SentinelOnboardingStatesDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface SentinelOnboardingStatesListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList; + +/** Optional parameters. */ +export interface ProductSettingsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type ProductSettingsListResponse = SettingList; + +/** Optional parameters. */ +export interface ProductSettingsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type ProductSettingsGetResponse = SettingsUnion; + +/** Optional parameters. */ +export interface ProductSettingsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface ProductSettingsUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the update operation. */ +export type ProductSettingsUpdateResponse = SettingsUnion; + +/** Optional parameters. */ +export interface SourceControlListRepositoriesOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listRepositories operation. */ +export type SourceControlListRepositoriesResponse = RepoList; + +/** Optional parameters. */ +export interface SourceControlListRepositoriesNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listRepositoriesNext operation. */ +export type SourceControlListRepositoriesNextResponse = RepoList; + +/** Optional parameters. */ +export interface SourceControlsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type SourceControlsListResponse = SourceControlList; + +/** Optional parameters. */ +export interface SourceControlsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type SourceControlsGetResponse = SourceControl; + +/** Optional parameters. */ +export interface SourceControlsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface SourceControlsCreateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the create operation. */ +export type SourceControlsCreateResponse = SourceControl; + +/** Optional parameters. */ +export interface SourceControlsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type SourceControlsListNextResponse = SourceControlList; + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorCreateIndicatorOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createIndicator operation. */ +export type ThreatIntelligenceIndicatorCreateIndicatorResponse = ThreatIntelligenceInformationUnion; + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type ThreatIntelligenceIndicatorGetResponse = ThreatIntelligenceInformationUnion; + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorCreateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the create operation. */ +export type ThreatIntelligenceIndicatorCreateResponse = ThreatIntelligenceInformationUnion; + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the queryIndicators operation. */ +export type ThreatIntelligenceIndicatorQueryIndicatorsResponse = ThreatIntelligenceInformationList; + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorAppendTagsOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorReplaceTagsOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the replaceTags operation. */ +export type ThreatIntelligenceIndicatorReplaceTagsResponse = ThreatIntelligenceInformationUnion; + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the queryIndicatorsNext operation. */ +export type ThreatIntelligenceIndicatorQueryIndicatorsNextResponse = ThreatIntelligenceInformationList; + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorsListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the list operation. */ +export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList; + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorsListNextOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the listNext operation. */ +export type ThreatIntelligenceIndicatorsListNextResponse = ThreatIntelligenceInformationList; + +/** Optional parameters. */ +export interface ThreatIntelligenceIndicatorMetricsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList; + +/** Optional parameters. */ +export interface WatchlistsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type WatchlistsListResponse = WatchlistList; + +/** Optional parameters. */ +export interface WatchlistsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type WatchlistsGetResponse = Watchlist; + +/** Optional parameters. */ +export interface WatchlistsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface WatchlistsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type WatchlistsCreateOrUpdateResponse = Watchlist; + +/** Optional parameters. */ +export interface WatchlistsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type WatchlistsListNextResponse = WatchlistList; + +/** Optional parameters. */ +export interface WatchlistItemsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type WatchlistItemsListResponse = WatchlistItemList; + +/** Optional parameters. */ +export interface WatchlistItemsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type WatchlistItemsGetResponse = WatchlistItem; + +/** Optional parameters. */ +export interface WatchlistItemsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface WatchlistItemsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem; + +/** Optional parameters. */ +export interface WatchlistItemsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type WatchlistItemsListNextResponse = WatchlistItemList; + +/** Optional parameters. */ +export interface DataConnectorsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type DataConnectorsListResponse = DataConnectorList; + +/** Optional parameters. */ +export interface DataConnectorsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type DataConnectorsGetResponse = DataConnectorUnion; + +/** Optional parameters. */ +export interface DataConnectorsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; + +/** Optional parameters. */ +export interface DataConnectorsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsConnectOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsDisconnectOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type DataConnectorsListNextResponse = DataConnectorList; + +/** Optional parameters. */ +export interface DataConnectorsCheckRequirementsPostOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the post operation. */ +export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; + +/** Optional parameters. */ +export interface OperationsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type OperationsListResponse = OperationsList; + +/** Optional parameters. */ +export interface OperationsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type OperationsListNextResponse = OperationsList; + +/** Optional parameters. */ +export interface SecurityInsightsOptionalParams + extends coreClient.ServiceClientOptions { + /** server parameter */ + $host?: string; + /** Api Version */ + apiVersion?: string; + /** Overrides client endpoint. */ + endpoint?: string; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts new file mode 100644 index 000000000000..fb0c26b9366b --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts @@ -0,0 +1,14581 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import * as coreClient from "@azure/core-client"; + +export const AlertRulesList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AlertRulesList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRule" + } + } + } + } + } + } +}; + +export const Resource: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Resource", + modelProperties: { + id: { + serializedName: "id", + readOnly: true, + type: { + name: "String" + } + }, + name: { + serializedName: "name", + readOnly: true, + type: { + name: "String" + } + }, + type: { + serializedName: "type", + readOnly: true, + type: { + name: "String" + } + }, + systemData: { + serializedName: "systemData", + type: { + name: "Composite", + className: "SystemData" + } + } + } + } +}; + +export const SystemData: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SystemData", + modelProperties: { + createdBy: { + serializedName: "createdBy", + type: { + name: "String" + } + }, + createdByType: { + serializedName: "createdByType", + type: { + name: "String" + } + }, + createdAt: { + serializedName: "createdAt", + type: { + name: "DateTime" + } + }, + lastModifiedBy: { + serializedName: "lastModifiedBy", + type: { + name: "String" + } + }, + lastModifiedByType: { + serializedName: "lastModifiedByType", + type: { + name: "String" + } + }, + lastModifiedAt: { + serializedName: "lastModifiedAt", + type: { + name: "DateTime" + } + } + } + } +}; + +export const CloudError: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CloudError", + modelProperties: { + error: { + serializedName: "error", + type: { + name: "Composite", + className: "CloudErrorBody" + } + } + } + } +}; + +export const CloudErrorBody: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CloudErrorBody", + modelProperties: { + code: { + serializedName: "code", + readOnly: true, + type: { + name: "String" + } + }, + message: { + serializedName: "message", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const ActionsList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActionsList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ActionResponse" + } + } + } + } + } + } +}; + +export const ActionPropertiesBase: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActionPropertiesBase", + modelProperties: { + logicAppResourceId: { + serializedName: "logicAppResourceId", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const AlertRuleTemplatesList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AlertRuleTemplatesList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplate" + } + } + } + } + } + } +}; + +export const AutomationRuleTriggeringLogic: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AutomationRuleTriggeringLogic", + modelProperties: { + isEnabled: { + serializedName: "isEnabled", + required: true, + type: { + name: "Boolean" + } + }, + expirationTimeUtc: { + serializedName: "expirationTimeUtc", + type: { + name: "DateTime" + } + }, + triggersOn: { + serializedName: "triggersOn", + required: true, + type: { + name: "String" + } + }, + triggersWhen: { + serializedName: "triggersWhen", + required: true, + type: { + name: "String" + } + }, + conditions: { + serializedName: "conditions", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AutomationRuleCondition" + } + } + } + } + } + } +}; + +export const AutomationRuleCondition: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AutomationRuleCondition", + uberParent: "AutomationRuleCondition", + polymorphicDiscriminator: { + serializedName: "conditionType", + clientName: "conditionType" + }, + modelProperties: { + conditionType: { + serializedName: "conditionType", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const AutomationRuleAction: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AutomationRuleAction", + uberParent: "AutomationRuleAction", + polymorphicDiscriminator: { + serializedName: "actionType", + clientName: "actionType" + }, + modelProperties: { + order: { + serializedName: "order", + required: true, + type: { + name: "Number" + } + }, + actionType: { + serializedName: "actionType", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const ClientInfo: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ClientInfo", + modelProperties: { + email: { + serializedName: "email", + type: { + name: "String" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + objectId: { + serializedName: "objectId", + type: { + name: "Uuid" + } + }, + userPrincipalName: { + serializedName: "userPrincipalName", + type: { + name: "String" + } + } + } + } +}; + +export const AutomationRulesList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AutomationRulesList", + modelProperties: { + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AutomationRule" + } + } + } + }, + nextLink: { + serializedName: "nextLink", + type: { + name: "String" + } + } + } + } +}; + +export const ManualTriggerRequestBody: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ManualTriggerRequestBody", + modelProperties: { + tenantId: { + serializedName: "tenantId", + type: { + name: "Uuid" + } + }, + logicAppsResourceId: { + serializedName: "logicAppsResourceId", + type: { + name: "String" + } + } + } + } +}; + +export const BookmarkList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "BookmarkList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Bookmark" + } + } + } + } + } + } +}; + +export const UserInfo: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "UserInfo", + modelProperties: { + email: { + serializedName: "email", + readOnly: true, + type: { + name: "String" + } + }, + name: { + serializedName: "name", + readOnly: true, + type: { + name: "String" + } + }, + objectId: { + serializedName: "objectId", + nullable: true, + type: { + name: "Uuid" + } + } + } + } +}; + +export const IncidentInfo: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentInfo", + modelProperties: { + incidentId: { + serializedName: "incidentId", + type: { + name: "String" + } + }, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, + title: { + serializedName: "title", + type: { + name: "String" + } + }, + relationName: { + serializedName: "relationName", + type: { + name: "String" + } + } + } + } +}; + +export const BookmarkEntityMappings: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "BookmarkEntityMappings", + modelProperties: { + entityType: { + serializedName: "entityType", + type: { + name: "String" + } + }, + fieldMappings: { + serializedName: "fieldMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityFieldMapping" + } + } + } + } + } + } +}; + +export const EntityFieldMapping: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityFieldMapping", + modelProperties: { + identifier: { + serializedName: "identifier", + type: { + name: "String" + } + }, + value: { + serializedName: "value", + type: { + name: "String" + } + } + } + } +}; + +export const RelationList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "RelationList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Relation" + } + } + } + } + } + } +}; + +export const BookmarkExpandParameters: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "BookmarkExpandParameters", + modelProperties: { + endTime: { + serializedName: "endTime", + type: { + name: "DateTime" + } + }, + expansionId: { + serializedName: "expansionId", + type: { + name: "Uuid" + } + }, + startTime: { + serializedName: "startTime", + type: { + name: "DateTime" + } + } + } + } +}; + +export const BookmarkExpandResponse: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "BookmarkExpandResponse", + modelProperties: { + metaData: { + serializedName: "metaData", + type: { + name: "Composite", + className: "ExpansionResultsMetadata" + } + }, + value: { + serializedName: "value", + type: { + name: "Composite", + className: "BookmarkExpandResponseValue" + } + } + } + } +}; + +export const ExpansionResultsMetadata: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ExpansionResultsMetadata", + modelProperties: { + aggregations: { + serializedName: "aggregations", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ExpansionResultAggregation" + } + } + } + } + } + } +}; + +export const ExpansionResultAggregation: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ExpansionResultAggregation", + modelProperties: { + aggregationType: { + serializedName: "aggregationType", + type: { + name: "String" + } + }, + count: { + serializedName: "count", + required: true, + type: { + name: "Number" + } + }, + displayName: { + serializedName: "displayName", + type: { + name: "String" + } + }, + entityKind: { + serializedName: "entityKind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const BookmarkExpandResponseValue: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "BookmarkExpandResponseValue", + modelProperties: { + entities: { + serializedName: "entities", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Entity" + } + } + } + }, + edges: { + serializedName: "edges", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ConnectedEntity" + } + } + } + } + } + } +}; + +export const ConnectedEntity: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ConnectedEntity", + modelProperties: { + targetEntityId: { + serializedName: "targetEntityId", + type: { + name: "String" + } + }, + additionalData: { + serializedName: "additionalData", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } +}; + +export const EnrichmentIpGeodata: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EnrichmentIpGeodata", + modelProperties: { + asn: { + serializedName: "asn", + type: { + name: "String" + } + }, + carrier: { + serializedName: "carrier", + type: { + name: "String" + } + }, + city: { + serializedName: "city", + type: { + name: "String" + } + }, + cityCf: { + serializedName: "cityCf", + type: { + name: "Number" + } + }, + continent: { + serializedName: "continent", + type: { + name: "String" + } + }, + country: { + serializedName: "country", + type: { + name: "String" + } + }, + countryCf: { + serializedName: "countryCf", + type: { + name: "Number" + } + }, + ipAddr: { + serializedName: "ipAddr", + type: { + name: "String" + } + }, + ipRoutingType: { + serializedName: "ipRoutingType", + type: { + name: "String" + } + }, + latitude: { + serializedName: "latitude", + type: { + name: "String" + } + }, + longitude: { + serializedName: "longitude", + type: { + name: "String" + } + }, + organization: { + serializedName: "organization", + type: { + name: "String" + } + }, + organizationType: { + serializedName: "organizationType", + type: { + name: "String" + } + }, + region: { + serializedName: "region", + type: { + name: "String" + } + }, + state: { + serializedName: "state", + type: { + name: "String" + } + }, + stateCf: { + serializedName: "stateCf", + type: { + name: "Number" + } + }, + stateCode: { + serializedName: "stateCode", + type: { + name: "String" + } + } + } + } +}; + +export const EnrichmentDomainWhois: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EnrichmentDomainWhois", + modelProperties: { + domain: { + serializedName: "domain", + type: { + name: "String" + } + }, + server: { + serializedName: "server", + type: { + name: "String" + } + }, + created: { + serializedName: "created", + type: { + name: "DateTime" + } + }, + updated: { + serializedName: "updated", + type: { + name: "DateTime" + } + }, + expires: { + serializedName: "expires", + type: { + name: "DateTime" + } + }, + parsedWhois: { + serializedName: "parsedWhois", + type: { + name: "Composite", + className: "EnrichmentDomainWhoisDetails" + } + } + } + } +}; + +export const EnrichmentDomainWhoisDetails: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EnrichmentDomainWhoisDetails", + modelProperties: { + registrar: { + serializedName: "registrar", + type: { + name: "Composite", + className: "EnrichmentDomainWhoisRegistrarDetails" + } + }, + contacts: { + serializedName: "contacts", + type: { + name: "Composite", + className: "EnrichmentDomainWhoisContacts" + } + }, + nameServers: { + serializedName: "nameServers", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + statuses: { + serializedName: "statuses", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const EnrichmentDomainWhoisRegistrarDetails: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EnrichmentDomainWhoisRegistrarDetails", + modelProperties: { + name: { + serializedName: "name", + type: { + name: "String" + } + }, + abuseContactEmail: { + serializedName: "abuseContactEmail", + type: { + name: "String" + } + }, + abuseContactPhone: { + serializedName: "abuseContactPhone", + type: { + name: "String" + } + }, + ianaId: { + serializedName: "ianaId", + type: { + name: "String" + } + }, + url: { + serializedName: "url", + type: { + name: "String" + } + }, + whoisServer: { + serializedName: "whoisServer", + type: { + name: "String" + } + } + } + } +}; + +export const EnrichmentDomainWhoisContacts: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EnrichmentDomainWhoisContacts", + modelProperties: { + admin: { + serializedName: "admin", + type: { + name: "Composite", + className: "EnrichmentDomainWhoisContact" + } + }, + billing: { + serializedName: "billing", + type: { + name: "Composite", + className: "EnrichmentDomainWhoisContact" + } + }, + registrant: { + serializedName: "registrant", + type: { + name: "Composite", + className: "EnrichmentDomainWhoisContact" + } + }, + tech: { + serializedName: "tech", + type: { + name: "Composite", + className: "EnrichmentDomainWhoisContact" + } + } + } + } +}; + +export const EnrichmentDomainWhoisContact: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EnrichmentDomainWhoisContact", + modelProperties: { + name: { + serializedName: "name", + type: { + name: "String" + } + }, + org: { + serializedName: "org", + type: { + name: "String" + } + }, + street: { + serializedName: "street", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + city: { + serializedName: "city", + type: { + name: "String" + } + }, + state: { + serializedName: "state", + type: { + name: "String" + } + }, + postal: { + serializedName: "postal", + type: { + name: "String" + } + }, + country: { + serializedName: "country", + type: { + name: "String" + } + }, + phone: { + serializedName: "phone", + type: { + name: "String" + } + }, + fax: { + serializedName: "fax", + type: { + name: "String" + } + }, + email: { + serializedName: "email", + type: { + name: "String" + } + } + } + } +}; + +export const EntityList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Entity" + } + } + } + } + } + } +}; + +export const EntityExpandParameters: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityExpandParameters", + modelProperties: { + endTime: { + serializedName: "endTime", + type: { + name: "DateTime" + } + }, + expansionId: { + serializedName: "expansionId", + type: { + name: "Uuid" + } + }, + startTime: { + serializedName: "startTime", + type: { + name: "DateTime" + } + } + } + } +}; + +export const EntityExpandResponse: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityExpandResponse", + modelProperties: { + metaData: { + serializedName: "metaData", + type: { + name: "Composite", + className: "ExpansionResultsMetadata" + } + }, + value: { + serializedName: "value", + type: { + name: "Composite", + className: "EntityExpandResponseValue" + } + } + } + } +}; + +export const EntityExpandResponseValue: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityExpandResponseValue", + modelProperties: { + entities: { + serializedName: "entities", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Entity" + } + } + } + }, + edges: { + serializedName: "edges", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityEdges" + } + } + } + } + } + } +}; + +export const EntityEdges: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityEdges", + modelProperties: { + targetEntityId: { + serializedName: "targetEntityId", + type: { + name: "String" + } + }, + additionalData: { + serializedName: "additionalData", + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + } + } + } +}; + +export const EntityTimelineParameters: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityTimelineParameters", + modelProperties: { + kinds: { + serializedName: "kinds", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + startTime: { + serializedName: "startTime", + required: true, + type: { + name: "DateTime" + } + }, + endTime: { + serializedName: "endTime", + required: true, + type: { + name: "DateTime" + } + }, + numberOfBucket: { + serializedName: "numberOfBucket", + type: { + name: "Number" + } + } + } + } +}; + +export const EntityTimelineResponse: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityTimelineResponse", + modelProperties: { + metaData: { + serializedName: "metaData", + type: { + name: "Composite", + className: "TimelineResultsMetadata" + } + }, + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityTimelineItem" + } + } + } + } + } + } +}; + +export const TimelineResultsMetadata: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TimelineResultsMetadata", + modelProperties: { + totalCount: { + serializedName: "totalCount", + required: true, + type: { + name: "Number" + } + }, + aggregations: { + serializedName: "aggregations", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "TimelineAggregation" + } + } + } + }, + errors: { + serializedName: "errors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "TimelineError" + } + } + } + } + } + } +}; + +export const TimelineAggregation: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TimelineAggregation", + modelProperties: { + count: { + serializedName: "count", + required: true, + type: { + name: "Number" + } + }, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const TimelineError: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TimelineError", + modelProperties: { + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + }, + queryId: { + serializedName: "queryId", + type: { + name: "String" + } + }, + errorMessage: { + serializedName: "errorMessage", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const EntityTimelineItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityTimelineItem", + uberParent: "EntityTimelineItem", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const GetQueriesResponse: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "GetQueriesResponse", + modelProperties: { + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQueryItem" + } + } + } + } + } + } +}; + +export const EntityQueryItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryItem", + uberParent: "EntityQueryItem", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + id: { + serializedName: "id", + readOnly: true, + type: { + name: "String" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + type: { + serializedName: "type", + type: { + name: "String" + } + }, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const EntityGetInsightsParameters: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityGetInsightsParameters", + modelProperties: { + startTime: { + serializedName: "startTime", + required: true, + type: { + name: "DateTime" + } + }, + endTime: { + serializedName: "endTime", + required: true, + type: { + name: "DateTime" + } + }, + addDefaultExtendedTimeRange: { + serializedName: "addDefaultExtendedTimeRange", + type: { + name: "Boolean" + } + }, + insightQueryIds: { + serializedName: "insightQueryIds", + type: { + name: "Sequence", + element: { + type: { + name: "Uuid" + } + } + } + } + } + } +}; + +export const EntityGetInsightsResponse: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityGetInsightsResponse", + modelProperties: { + metaData: { + serializedName: "metaData", + type: { + name: "Composite", + className: "GetInsightsResultsMetadata" + } + }, + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityInsightItem" + } + } + } + } + } + } +}; + +export const GetInsightsResultsMetadata: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "GetInsightsResultsMetadata", + modelProperties: { + totalCount: { + serializedName: "totalCount", + required: true, + type: { + name: "Number" + } + }, + errors: { + serializedName: "errors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "GetInsightsError" + } + } + } + } + } + } +}; + +export const GetInsightsError: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "GetInsightsError", + modelProperties: { + kind: { + defaultValue: "Insight", + isConstant: true, + serializedName: "kind", + type: { + name: "String" + } + }, + queryId: { + serializedName: "queryId", + type: { + name: "String" + } + }, + errorMessage: { + serializedName: "errorMessage", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const EntityInsightItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityInsightItem", + modelProperties: { + queryId: { + serializedName: "queryId", + type: { + name: "String" + } + }, + queryTimeInterval: { + serializedName: "queryTimeInterval", + type: { + name: "Composite", + className: "EntityInsightItemQueryTimeInterval" + } + }, + tableQueryResults: { + serializedName: "tableQueryResults", + type: { + name: "Composite", + className: "InsightsTableResult" + } + }, + chartQueryResults: { + serializedName: "chartQueryResults", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "InsightsTableResult" + } + } + } + } + } + } +}; + +export const EntityInsightItemQueryTimeInterval: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityInsightItemQueryTimeInterval", + modelProperties: { + startTime: { + serializedName: "startTime", + type: { + name: "DateTime" + } + }, + endTime: { + serializedName: "endTime", + type: { + name: "DateTime" + } + } + } + } +}; + +export const InsightsTableResult: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InsightsTableResult", + modelProperties: { + columns: { + serializedName: "columns", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "InsightsTableResultColumnsItem" + } + } + } + }, + rows: { + serializedName: "rows", + type: { + name: "Sequence", + element: { + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } + } + } +}; + +export const InsightsTableResultColumnsItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InsightsTableResultColumnsItem", + modelProperties: { + type: { + serializedName: "type", + type: { + name: "String" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + } + } + } +}; + +export const EntityQueryList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQuery" + } + } + } + } + } + } +}; + +export const EntityQueryTemplateList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryTemplateList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQueryTemplate" + } + } + } + } + } + } +}; + +export const IncidentList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Incident" + } + } + } + } + } + } +}; + +export const IncidentAdditionalData: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentAdditionalData", + modelProperties: { + alertsCount: { + serializedName: "alertsCount", + readOnly: true, + type: { + name: "Number" + } + }, + bookmarksCount: { + serializedName: "bookmarksCount", + readOnly: true, + type: { + name: "Number" + } + }, + commentsCount: { + serializedName: "commentsCount", + readOnly: true, + type: { + name: "Number" + } + }, + alertProductNames: { + serializedName: "alertProductNames", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + providerIncidentUrl: { + serializedName: "providerIncidentUrl", + readOnly: true, + type: { + name: "String" + } + }, + tactics: { + serializedName: "tactics", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const IncidentLabel: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentLabel", + modelProperties: { + labelName: { + serializedName: "labelName", + required: true, + type: { + name: "String" + } + }, + labelType: { + serializedName: "labelType", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const IncidentOwnerInfo: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentOwnerInfo", + modelProperties: { + email: { + serializedName: "email", + type: { + name: "String" + } + }, + assignedTo: { + serializedName: "assignedTo", + type: { + name: "String" + } + }, + objectId: { + serializedName: "objectId", + type: { + name: "Uuid" + } + }, + userPrincipalName: { + serializedName: "userPrincipalName", + type: { + name: "String" + } + }, + ownerType: { + serializedName: "ownerType", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const TeamInformation: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TeamInformation", + modelProperties: { + teamId: { + serializedName: "teamId", + readOnly: true, + type: { + name: "String" + } + }, + primaryChannelUrl: { + serializedName: "primaryChannelUrl", + readOnly: true, + type: { + name: "String" + } + }, + teamCreationTimeUtc: { + serializedName: "teamCreationTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + name: { + serializedName: "name", + readOnly: true, + type: { + name: "String" + } + }, + description: { + serializedName: "description", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const TeamProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TeamProperties", + modelProperties: { + teamName: { + serializedName: "teamName", + required: true, + type: { + name: "String" + } + }, + teamDescription: { + serializedName: "teamDescription", + type: { + name: "String" + } + }, + memberIds: { + serializedName: "memberIds", + type: { + name: "Sequence", + element: { + type: { + name: "Uuid" + } + } + } + }, + groupIds: { + serializedName: "groupIds", + type: { + name: "Sequence", + element: { + type: { + name: "Uuid" + } + } + } + } + } + } +}; + +export const IncidentAlertList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentAlertList", + modelProperties: { + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SecurityAlert" + } + } + } + } + } + } +}; + +export const SecurityAlertPropertiesConfidenceReasonsItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SecurityAlertPropertiesConfidenceReasonsItem", + modelProperties: { + reason: { + serializedName: "reason", + readOnly: true, + type: { + name: "String" + } + }, + reasonType: { + serializedName: "reasonType", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const EntityCommonProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityCommonProperties", + modelProperties: { + additionalData: { + serializedName: "additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "friendlyName", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const IncidentBookmarkList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentBookmarkList", + modelProperties: { + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "HuntingBookmark" + } + } + } + } + } + } +}; + +export const IncidentCommentList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentCommentList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentComment" + } + } + } + } + } + } +}; + +export const IncidentEntitiesResponse: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentEntitiesResponse", + modelProperties: { + entities: { + serializedName: "entities", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Entity" + } + } + } + }, + metaData: { + serializedName: "metaData", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentEntitiesResultsMetadata" + } + } + } + } + } + } +}; + +export const IncidentEntitiesResultsMetadata: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentEntitiesResultsMetadata", + modelProperties: { + count: { + serializedName: "count", + required: true, + type: { + name: "Number" + } + }, + entityKind: { + serializedName: "entityKind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const MetadataList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataList", + modelProperties: { + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "MetadataModel" + } + } + } + }, + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const MetadataSource: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataSource", + modelProperties: { + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + sourceId: { + serializedName: "sourceId", + type: { + name: "String" + } + } + } + } +}; + +export const MetadataAuthor: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataAuthor", + modelProperties: { + name: { + serializedName: "name", + type: { + name: "String" + } + }, + email: { + serializedName: "email", + type: { + name: "String" + } + }, + link: { + serializedName: "link", + type: { + name: "String" + } + } + } + } +}; + +export const MetadataSupport: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataSupport", + modelProperties: { + tier: { + serializedName: "tier", + required: true, + type: { + name: "String" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + email: { + serializedName: "email", + type: { + name: "String" + } + }, + link: { + serializedName: "link", + type: { + name: "String" + } + } + } + } +}; + +export const MetadataDependencies: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataDependencies", + modelProperties: { + contentId: { + serializedName: "contentId", + type: { + name: "String" + } + }, + kind: { + serializedName: "kind", + type: { + name: "String" + } + }, + version: { + serializedName: "version", + type: { + name: "String" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + operator: { + serializedName: "operator", + type: { + name: "String" + } + }, + criteria: { + serializedName: "criteria", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "MetadataDependencies" + } + } + } + } + } + } +}; + +export const MetadataCategories: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataCategories", + modelProperties: { + domains: { + serializedName: "domains", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + verticals: { + serializedName: "verticals", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const OfficeConsentList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeConsentList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "OfficeConsent" + } + } + } + } + } + } +}; + +export const SentinelOnboardingStatesList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SentinelOnboardingStatesList", + modelProperties: { + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SentinelOnboardingState" + } + } + } + } + } + } +}; + +export const SettingList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SettingList", + modelProperties: { + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Settings" + } + } + } + } + } + } +}; + +export const RepoList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "RepoList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Repo" + } + } + } + } + } + } +}; + +export const Repo: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Repo", + modelProperties: { + url: { + serializedName: "url", + type: { + name: "String" + } + }, + fullName: { + serializedName: "fullName", + type: { + name: "String" + } + }, + branches: { + serializedName: "branches", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const SourceControlList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SourceControlList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SourceControl" + } + } + } + } + } + } +}; + +export const Repository: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Repository", + modelProperties: { + url: { + serializedName: "url", + type: { + name: "String" + } + }, + branch: { + serializedName: "branch", + type: { + name: "String" + } + }, + displayUrl: { + serializedName: "displayUrl", + type: { + name: "String" + } + }, + deploymentLogsUrl: { + serializedName: "deploymentLogsUrl", + type: { + name: "String" + } + }, + pathMapping: { + serializedName: "pathMapping", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ContentPathMap" + } + } + } + } + } + } +}; + +export const ContentPathMap: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ContentPathMap", + modelProperties: { + contentType: { + serializedName: "contentType", + type: { + name: "String" + } + }, + path: { + serializedName: "path", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceKillChainPhase: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceKillChainPhase", + modelProperties: { + killChainName: { + serializedName: "killChainName", + type: { + name: "String" + } + }, + phaseName: { + serializedName: "phaseName", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceParsedPattern: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPattern", + modelProperties: { + patternTypeKey: { + serializedName: "patternTypeKey", + type: { + name: "String" + } + }, + patternTypeValues: { + serializedName: "patternTypeValues", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPatternTypeValue" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceParsedPatternTypeValue: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPatternTypeValue", + modelProperties: { + valueType: { + serializedName: "valueType", + type: { + name: "String" + } + }, + value: { + serializedName: "value", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceExternalReference: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceExternalReference", + modelProperties: { + description: { + serializedName: "description", + type: { + name: "String" + } + }, + externalId: { + serializedName: "externalId", + type: { + name: "String" + } + }, + sourceName: { + serializedName: "sourceName", + type: { + name: "String" + } + }, + url: { + serializedName: "url", + type: { + name: "String" + } + }, + hashes: { + serializedName: "hashes", + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + } + } + } +}; + +export const ThreatIntelligenceGranularMarkingModel: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceGranularMarkingModel", + modelProperties: { + language: { + serializedName: "language", + type: { + name: "String" + } + }, + markingRef: { + serializedName: "markingRef", + type: { + name: "Number" + } + }, + selectors: { + serializedName: "selectors", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceResourceKind: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceResourceKind", + modelProperties: { + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceInformationList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceInformationList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceInformation" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceFilteringCriteria: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceFilteringCriteria", + modelProperties: { + pageSize: { + serializedName: "pageSize", + type: { + name: "Number" + } + }, + minConfidence: { + serializedName: "minConfidence", + type: { + name: "Number" + } + }, + maxConfidence: { + serializedName: "maxConfidence", + type: { + name: "Number" + } + }, + minValidUntil: { + serializedName: "minValidUntil", + type: { + name: "String" + } + }, + maxValidUntil: { + serializedName: "maxValidUntil", + type: { + name: "String" + } + }, + includeDisabled: { + serializedName: "includeDisabled", + type: { + name: "Boolean" + } + }, + sortBy: { + serializedName: "sortBy", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceSortingCriteria" + } + } + } + }, + sources: { + serializedName: "sources", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + patternTypes: { + serializedName: "patternTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + threatTypes: { + serializedName: "threatTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + ids: { + serializedName: "ids", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + keywords: { + serializedName: "keywords", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + skipToken: { + serializedName: "skipToken", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceSortingCriteria: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceSortingCriteria", + modelProperties: { + itemKey: { + serializedName: "itemKey", + type: { + name: "String" + } + }, + sortOrder: { + serializedName: "sortOrder", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceMetricsList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricsList", + modelProperties: { + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetrics" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceMetrics: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceMetrics", + modelProperties: { + properties: { + serializedName: "properties", + type: { + name: "Composite", + className: "ThreatIntelligenceMetric" + } + } + } + } +}; + +export const ThreatIntelligenceMetric: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceMetric", + modelProperties: { + lastUpdatedTimeUtc: { + serializedName: "lastUpdatedTimeUtc", + type: { + name: "String" + } + }, + threatTypeMetrics: { + serializedName: "threatTypeMetrics", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity" + } + } + } + }, + patternTypeMetrics: { + serializedName: "patternTypeMetrics", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity" + } + } + } + }, + sourceMetrics: { + serializedName: "sourceMetrics", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceMetricEntity: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity", + modelProperties: { + metricName: { + serializedName: "metricName", + type: { + name: "String" + } + }, + metricValue: { + serializedName: "metricValue", + type: { + name: "Number" + } + } + } + } +}; + +export const ThreatIntelligenceAppendTags: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceAppendTags", + modelProperties: { + threatIntelligenceTags: { + serializedName: "threatIntelligenceTags", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const WatchlistList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "WatchlistList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Watchlist" + } + } + } + } + } + } +}; + +export const WatchlistItemList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "WatchlistItemList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "WatchlistItem" + } + } + } + } + } + } +}; + +export const DataConnectorList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataConnectorList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "DataConnector" + } + } + } + } + } + } +}; + +export const DataConnectorConnectBody: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataConnectorConnectBody", + modelProperties: { + kind: { + serializedName: "kind", + type: { + name: "String" + } + }, + apiKey: { + serializedName: "apiKey", + type: { + name: "String" + } + }, + clientSecret: { + serializedName: "clientSecret", + type: { + name: "String" + } + }, + clientId: { + serializedName: "clientId", + type: { + name: "String" + } + }, + authorizationCode: { + serializedName: "authorizationCode", + type: { + name: "String" + } + }, + userName: { + serializedName: "userName", + type: { + name: "String" + } + }, + password: { + serializedName: "password", + type: { + name: "String" + } + }, + requestConfigUserInputValues: { + serializedName: "requestConfigUserInputValues", + type: { + name: "Sequence", + element: { + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } + } + } +}; + +export const ErrorResponse: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ErrorResponse", + modelProperties: { + error: { + serializedName: "error", + type: { + name: "Composite", + className: "ErrorDetail" + } + } + } + } +}; + +export const ErrorDetail: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ErrorDetail", + modelProperties: { + code: { + serializedName: "code", + readOnly: true, + type: { + name: "String" + } + }, + message: { + serializedName: "message", + readOnly: true, + type: { + name: "String" + } + }, + target: { + serializedName: "target", + readOnly: true, + type: { + name: "String" + } + }, + details: { + serializedName: "details", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ErrorDetail" + } + } + } + }, + additionalInfo: { + serializedName: "additionalInfo", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ErrorAdditionalInfo" + } + } + } + } + } + } +}; + +export const ErrorAdditionalInfo: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ErrorAdditionalInfo", + modelProperties: { + type: { + serializedName: "type", + readOnly: true, + type: { + name: "String" + } + }, + info: { + serializedName: "info", + readOnly: true, + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } +}; + +export const DataConnectorsCheckRequirements: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataConnectorsCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const DataConnectorRequirementsState: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataConnectorRequirementsState", + modelProperties: { + authorizationState: { + serializedName: "authorizationState", + type: { + name: "String" + } + }, + licenseState: { + serializedName: "licenseState", + type: { + name: "String" + } + } + } + } +}; + +export const OperationsList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OperationsList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Operation" + } + } + } + } + } + } +}; + +export const Operation: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Operation", + modelProperties: { + display: { + serializedName: "display", + type: { + name: "Composite", + className: "OperationDisplay" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + origin: { + serializedName: "origin", + type: { + name: "String" + } + }, + isDataAction: { + serializedName: "isDataAction", + type: { + name: "Boolean" + } + } + } + } +}; + +export const OperationDisplay: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OperationDisplay", + modelProperties: { + description: { + serializedName: "description", + type: { + name: "String" + } + }, + operation: { + serializedName: "operation", + type: { + name: "String" + } + }, + provider: { + serializedName: "provider", + type: { + name: "String" + } + }, + resource: { + serializedName: "resource", + type: { + name: "String" + } + } + } + } +}; + +export const AlertRuleTemplateDataSource: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource", + modelProperties: { + connectorId: { + serializedName: "connectorId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const AlertRuleTemplatePropertiesBase: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AlertRuleTemplatePropertiesBase", + modelProperties: { + alertRulesCreatedByTemplateCount: { + serializedName: "alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + lastUpdatedDateUTC: { + serializedName: "lastUpdatedDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + createdDateUTC: { + serializedName: "createdDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "displayName", + type: { + name: "String" + } + }, + requiredDataConnectors: { + serializedName: "requiredDataConnectors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } + } + }, + status: { + serializedName: "status", + type: { + name: "String" + } + } + } + } +}; + +export const QueryBasedAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "QueryBasedAlertRuleTemplateProperties", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + }, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, + tactics: { + serializedName: "tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + version: { + serializedName: "version", + type: { + name: "String" + } + }, + customDetails: { + serializedName: "customDetails", + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + }, + entityMappings: { + serializedName: "entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityMapping" + } + } + } + }, + alertDetailsOverride: { + serializedName: "alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } + } + } + } +}; + +export const EntityMapping: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityMapping", + modelProperties: { + entityType: { + serializedName: "entityType", + type: { + name: "String" + } + }, + fieldMappings: { + serializedName: "fieldMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FieldMapping" + } + } + } + } + } + } +}; + +export const FieldMapping: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FieldMapping", + modelProperties: { + identifier: { + serializedName: "identifier", + type: { + name: "String" + } + }, + columnName: { + serializedName: "columnName", + type: { + name: "String" + } + } + } + } +}; + +export const AlertDetailsOverride: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AlertDetailsOverride", + modelProperties: { + alertDisplayNameFormat: { + serializedName: "alertDisplayNameFormat", + type: { + name: "String" + } + }, + alertDescriptionFormat: { + serializedName: "alertDescriptionFormat", + type: { + name: "String" + } + }, + alertTacticsColumnName: { + serializedName: "alertTacticsColumnName", + type: { + name: "String" + } + }, + alertSeverityColumnName: { + serializedName: "alertSeverityColumnName", + type: { + name: "String" + } + } + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", + modelProperties: { + displayNamesFilter: { + serializedName: "displayNamesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + displayNamesExcludeFilter: { + serializedName: "displayNamesExcludeFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + productFilter: { + serializedName: "productFilter", + required: true, + type: { + name: "String" + } + }, + severitiesFilter: { + serializedName: "severitiesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const QueryBasedAlertRuleProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "QueryBasedAlertRuleProperties", + modelProperties: { + alertRuleTemplateName: { + serializedName: "alertRuleTemplateName", + type: { + name: "String" + } + }, + templateVersion: { + serializedName: "templateVersion", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + query: { + serializedName: "query", + type: { + name: "String" + } + }, + displayName: { + serializedName: "displayName", + required: true, + type: { + name: "String" + } + }, + enabled: { + serializedName: "enabled", + required: true, + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + suppressionDuration: { + serializedName: "suppressionDuration", + required: true, + type: { + name: "TimeSpan" + } + }, + suppressionEnabled: { + serializedName: "suppressionEnabled", + required: true, + type: { + name: "Boolean" + } + }, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, + tactics: { + serializedName: "tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + incidentConfiguration: { + serializedName: "incidentConfiguration", + type: { + name: "Composite", + className: "IncidentConfiguration" + } + }, + customDetails: { + serializedName: "customDetails", + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + }, + entityMappings: { + serializedName: "entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityMapping" + } + } + } + }, + alertDetailsOverride: { + serializedName: "alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } + } + } + } +}; + +export const IncidentConfiguration: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentConfiguration", + modelProperties: { + createIncident: { + serializedName: "createIncident", + required: true, + type: { + name: "Boolean" + } + }, + groupingConfiguration: { + serializedName: "groupingConfiguration", + type: { + name: "Composite", + className: "GroupingConfiguration" + } + } + } + } +}; + +export const GroupingConfiguration: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "GroupingConfiguration", + modelProperties: { + enabled: { + serializedName: "enabled", + required: true, + type: { + name: "Boolean" + } + }, + reopenClosedIncident: { + serializedName: "reopenClosedIncident", + required: true, + type: { + name: "Boolean" + } + }, + lookbackDuration: { + serializedName: "lookbackDuration", + required: true, + type: { + name: "TimeSpan" + } + }, + matchingMethod: { + serializedName: "matchingMethod", + required: true, + type: { + name: "String" + } + }, + groupByEntities: { + serializedName: "groupByEntities", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + groupByAlertDetails: { + serializedName: "groupByAlertDetails", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + groupByCustomDetails: { + serializedName: "groupByCustomDetails", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ScheduledAlertRuleCommonProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ScheduledAlertRuleCommonProperties", + modelProperties: { + queryFrequency: { + serializedName: "queryFrequency", + type: { + name: "TimeSpan" + } + }, + queryPeriod: { + serializedName: "queryPeriod", + type: { + name: "TimeSpan" + } + }, + triggerOperator: { + serializedName: "triggerOperator", + type: { + name: "Enum", + allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] + } + }, + triggerThreshold: { + serializedName: "triggerThreshold", + type: { + name: "Number" + } + }, + eventGroupingSettings: { + serializedName: "eventGroupingSettings", + type: { + name: "Composite", + className: "EventGroupingSettings" + } + } + } + } +}; + +export const EventGroupingSettings: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EventGroupingSettings", + modelProperties: { + aggregationKind: { + serializedName: "aggregationKind", + type: { + name: "String" + } + } + } + } +}; + +export const IncidentPropertiesActionOwnerInfo: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentPropertiesActionOwnerInfo", + modelProperties: { + objectId: { + serializedName: "objectId", + type: { + name: "String" + } + }, + email: { + serializedName: "email", + type: { + name: "String" + } + }, + assignedTo: { + serializedName: "assignedTo", + type: { + name: "String" + } + }, + userPrincipalName: { + serializedName: "userPrincipalName", + type: { + name: "String" + } + }, + ownerType: { + serializedName: "ownerType", + type: { + name: "String" + } + } + } + } +}; + +export const EntityQueryItemProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryItemProperties", + modelProperties: { + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQueryItemPropertiesDataTypesItem" + } + } + } + }, + inputEntityType: { + serializedName: "inputEntityType", + type: { + name: "String" + } + }, + requiredInputFieldsSets: { + serializedName: "requiredInputFieldsSets", + type: { + name: "Sequence", + element: { + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + }, + entitiesFilter: { + serializedName: "entitiesFilter", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } +}; + +export const EntityQueryItemPropertiesDataTypesItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryItemPropertiesDataTypesItem", + modelProperties: { + dataType: { + serializedName: "dataType", + type: { + name: "String" + } + } + } + } +}; + +export const InsightQueryItemPropertiesTableQuery: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InsightQueryItemPropertiesTableQuery", + modelProperties: { + columnsDefinitions: { + serializedName: "columnsDefinitions", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: + "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem" + } + } + } + }, + queriesDefinitions: { + serializedName: "queriesDefinitions", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: + "InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem" + } + } + } + } + } + } +}; + +export const InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem", + modelProperties: { + header: { + serializedName: "header", + type: { + name: "String" + } + }, + outputType: { + serializedName: "outputType", + type: { + name: "String" + } + }, + supportDeepLink: { + serializedName: "supportDeepLink", + type: { + name: "Boolean" + } + } + } + } +}; + +export const InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem", + modelProperties: { + filter: { + serializedName: "filter", + type: { + name: "String" + } + }, + summarize: { + serializedName: "summarize", + type: { + name: "String" + } + }, + project: { + serializedName: "project", + type: { + name: "String" + } + }, + linkColumnsDefinitions: { + serializedName: "linkColumnsDefinitions", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: + "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem" + } + } + } + } + } + } +}; + +export const InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: + "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem", + modelProperties: { + projectedName: { + serializedName: "projectedName", + type: { + name: "String" + } + }, + query: { + serializedName: "Query", + type: { + name: "String" + } + } + } + } +}; + +export const InsightQueryItemPropertiesAdditionalQuery: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InsightQueryItemPropertiesAdditionalQuery", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + }, + text: { + serializedName: "text", + type: { + name: "String" + } + } + } + } +}; + +export const InsightQueryItemPropertiesDefaultTimeRange: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InsightQueryItemPropertiesDefaultTimeRange", + modelProperties: { + beforeRange: { + serializedName: "beforeRange", + type: { + name: "String" + } + }, + afterRange: { + serializedName: "afterRange", + type: { + name: "String" + } + } + } + } +}; + +export const InsightQueryItemPropertiesReferenceTimeRange: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InsightQueryItemPropertiesReferenceTimeRange", + modelProperties: { + beforeRange: { + serializedName: "beforeRange", + type: { + name: "String" + } + } + } + } +}; + +export const ActivityEntityQueriesPropertiesQueryDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActivityEntityQueriesPropertiesQueryDefinitions", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + } + } + } +}; + +export const ActivityEntityQueryTemplatePropertiesQueryDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + }, + summarizeBy: { + serializedName: "summarizeBy", + type: { + name: "String" + } + } + } + } +}; + +export const DataTypeDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataTypeDefinitions", + modelProperties: { + dataType: { + serializedName: "dataType", + type: { + name: "String" + } + } + } + } +}; + +export const Sku: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Sku", + modelProperties: { + name: { + serializedName: "name", + type: { + name: "String" + } + }, + capacityReservationLevel: { + serializedName: "capacityReservationLevel", + type: { + name: "Number" + } + } + } + } +}; + +export const DataConnectorTenantId: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataConnectorTenantId", + modelProperties: { + tenantId: { + serializedName: "tenantId", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const DataConnectorWithAlertsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataConnectorWithAlertsProperties", + modelProperties: { + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "AlertsDataTypeOfDataConnector" + } + } + } + } +}; + +export const AlertsDataTypeOfDataConnector: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AlertsDataTypeOfDataConnector", + modelProperties: { + alerts: { + serializedName: "alerts", + type: { + name: "Composite", + className: "DataConnectorDataTypeCommon" + } + } + } + } +}; + +export const DataConnectorDataTypeCommon: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataConnectorDataTypeCommon", + modelProperties: { + state: { + serializedName: "state", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const MstiDataConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MstiDataConnectorDataTypes", + modelProperties: { + bingSafetyPhishingURL: { + serializedName: "bingSafetyPhishingURL", + type: { + name: "Composite", + className: "MstiDataConnectorDataTypesBingSafetyPhishingURL" + } + }, + microsoftEmergingThreatFeed: { + serializedName: "microsoftEmergingThreatFeed", + type: { + name: "Composite", + className: "MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed" + } + } + } + } +}; + +export const MTPDataConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MTPDataConnectorDataTypes", + modelProperties: { + incidents: { + serializedName: "incidents", + type: { + name: "Composite", + className: "MTPDataConnectorDataTypesIncidents" + } + } + } + } +}; + +export const AwsCloudTrailDataConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AwsCloudTrailDataConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: "AwsCloudTrailDataConnectorDataTypesLogs" + } + } + } + } +}; + +export const AwsS3DataConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AwsS3DataConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: "AwsS3DataConnectorDataTypesLogs" + } + } + } + } +}; + +export const Dynamics365DataConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Dynamics365DataConnectorDataTypes", + modelProperties: { + dynamics365CdsActivities: { + serializedName: "dynamics365CdsActivities", + type: { + name: "Composite", + className: "Dynamics365DataConnectorDataTypesDynamics365CdsActivities" + } + } + } + } +}; + +export const Office365ProjectConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypesLogs" + } + } + } + } +}; + +export const OfficePowerBIConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypesLogs" + } + } + } + } +}; + +export const OfficeDataConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypes", + modelProperties: { + exchange: { + serializedName: "exchange", + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypesExchange" + } + }, + sharePoint: { + serializedName: "sharePoint", + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypesSharePoint" + } + }, + teams: { + serializedName: "teams", + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypesTeams" + } + } + } + } +}; + +export const TIDataConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TIDataConnectorDataTypes", + modelProperties: { + indicators: { + serializedName: "indicators", + type: { + name: "Composite", + className: "TIDataConnectorDataTypesIndicators" + } + } + } + } +}; + +export const TiTaxiiDataConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TiTaxiiDataConnectorDataTypes", + modelProperties: { + taxiiClient: { + serializedName: "taxiiClient", + type: { + name: "Composite", + className: "TiTaxiiDataConnectorDataTypesTaxiiClient" + } + } + } + } +}; + +export const CodelessUiConnectorConfigProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessUiConnectorConfigProperties", + modelProperties: { + title: { + serializedName: "title", + required: true, + type: { + name: "String" + } + }, + publisher: { + serializedName: "publisher", + required: true, + type: { + name: "String" + } + }, + descriptionMarkdown: { + serializedName: "descriptionMarkdown", + required: true, + type: { + name: "String" + } + }, + customImage: { + serializedName: "customImage", + type: { + name: "String" + } + }, + graphQueriesTableName: { + serializedName: "graphQueriesTableName", + required: true, + type: { + name: "String" + } + }, + graphQueries: { + serializedName: "graphQueries", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "CodelessUiConnectorConfigPropertiesGraphQueriesItem" + } + } + } + }, + sampleQueries: { + serializedName: "sampleQueries", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "CodelessUiConnectorConfigPropertiesSampleQueriesItem" + } + } + } + }, + dataTypes: { + serializedName: "dataTypes", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "CodelessUiConnectorConfigPropertiesDataTypesItem" + } + } + } + }, + connectivityCriteria: { + serializedName: "connectivityCriteria", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: + "CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem" + } + } + } + }, + availability: { + serializedName: "availability", + type: { + name: "Composite", + className: "Availability" + } + }, + permissions: { + serializedName: "permissions", + type: { + name: "Composite", + className: "Permissions" + } + }, + instructionSteps: { + serializedName: "instructionSteps", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: + "CodelessUiConnectorConfigPropertiesInstructionStepsItem" + } + } + } + } + } + } +}; + +export const GraphQueries: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "GraphQueries", + modelProperties: { + metricName: { + serializedName: "metricName", + type: { + name: "String" + } + }, + legend: { + serializedName: "legend", + type: { + name: "String" + } + }, + baseQuery: { + serializedName: "baseQuery", + type: { + name: "String" + } + } + } + } +}; + +export const SampleQueries: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SampleQueries", + modelProperties: { + description: { + serializedName: "description", + type: { + name: "String" + } + }, + query: { + serializedName: "query", + type: { + name: "String" + } + } + } + } +}; + +export const LastDataReceivedDataType: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "LastDataReceivedDataType", + modelProperties: { + name: { + serializedName: "name", + type: { + name: "String" + } + }, + lastDataReceivedQuery: { + serializedName: "lastDataReceivedQuery", + type: { + name: "String" + } + } + } + } +}; + +export const ConnectivityCriteria: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ConnectivityCriteria", + modelProperties: { + type: { + serializedName: "type", + type: { + name: "String" + } + }, + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const Availability: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Availability", + modelProperties: { + status: { + defaultValue: 1, + isConstant: true, + serializedName: "status", + type: { + name: "Number" + } + }, + isPreview: { + serializedName: "isPreview", + type: { + name: "Boolean" + } + } + } + } +}; + +export const Permissions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Permissions", + modelProperties: { + resourceProvider: { + serializedName: "resourceProvider", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "PermissionsResourceProviderItem" + } + } + } + }, + customs: { + serializedName: "customs", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "PermissionsCustomsItem" + } + } + } + } + } + } +}; + +export const ResourceProvider: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ResourceProvider", + modelProperties: { + provider: { + serializedName: "provider", + type: { + name: "String" + } + }, + permissionsDisplayText: { + serializedName: "permissionsDisplayText", + type: { + name: "String" + } + }, + providerDisplayName: { + serializedName: "providerDisplayName", + type: { + name: "String" + } + }, + scope: { + serializedName: "scope", + type: { + name: "String" + } + }, + requiredPermissions: { + serializedName: "requiredPermissions", + type: { + name: "Composite", + className: "RequiredPermissions" + } + } + } + } +}; + +export const RequiredPermissions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "RequiredPermissions", + modelProperties: { + action: { + serializedName: "action", + type: { + name: "Boolean" + } + }, + write: { + serializedName: "write", + type: { + name: "Boolean" + } + }, + read: { + serializedName: "read", + type: { + name: "Boolean" + } + }, + delete: { + serializedName: "delete", + type: { + name: "Boolean" + } + } + } + } +}; + +export const CustomsPermission: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CustomsPermission", + modelProperties: { + name: { + serializedName: "name", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + } + } + } +}; + +export const InstructionSteps: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InstructionSteps", + modelProperties: { + title: { + serializedName: "title", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + instructions: { + serializedName: "instructions", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "InstructionStepsInstructionsItem" + } + } + } + } + } + } +}; + +export const ConnectorInstructionModelBase: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ConnectorInstructionModelBase", + modelProperties: { + parameters: { + serializedName: "parameters", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + type: { + serializedName: "type", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const CodelessConnectorPollingConfigProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessConnectorPollingConfigProperties", + modelProperties: { + isActive: { + serializedName: "isActive", + type: { + name: "Boolean" + } + }, + auth: { + serializedName: "auth", + type: { + name: "Composite", + className: "CodelessConnectorPollingAuthProperties" + } + }, + request: { + serializedName: "request", + type: { + name: "Composite", + className: "CodelessConnectorPollingRequestProperties" + } + }, + paging: { + serializedName: "paging", + type: { + name: "Composite", + className: "CodelessConnectorPollingPagingProperties" + } + }, + response: { + serializedName: "response", + type: { + name: "Composite", + className: "CodelessConnectorPollingResponseProperties" + } + } + } + } +}; + +export const CodelessConnectorPollingAuthProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessConnectorPollingAuthProperties", + modelProperties: { + authType: { + serializedName: "authType", + required: true, + type: { + name: "String" + } + }, + apiKeyName: { + serializedName: "apiKeyName", + type: { + name: "String" + } + }, + apiKeyIdentifier: { + serializedName: "apiKeyIdentifier", + type: { + name: "String" + } + }, + isApiKeyInPostPayload: { + serializedName: "isApiKeyInPostPayload", + type: { + name: "String" + } + }, + flowName: { + serializedName: "flowName", + type: { + name: "String" + } + }, + tokenEndpoint: { + serializedName: "tokenEndpoint", + type: { + name: "String" + } + }, + authorizationEndpoint: { + serializedName: "authorizationEndpoint", + type: { + name: "String" + } + }, + authorizationEndpointQueryParameters: { + serializedName: "authorizationEndpointQueryParameters", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + redirectionEndpoint: { + serializedName: "redirectionEndpoint", + type: { + name: "String" + } + }, + tokenEndpointHeaders: { + serializedName: "tokenEndpointHeaders", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + tokenEndpointQueryParameters: { + serializedName: "tokenEndpointQueryParameters", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + isClientSecretInHeader: { + serializedName: "isClientSecretInHeader", + type: { + name: "Boolean" + } + }, + scope: { + serializedName: "scope", + type: { + name: "String" + } + } + } + } +}; + +export const CodelessConnectorPollingRequestProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessConnectorPollingRequestProperties", + modelProperties: { + apiEndpoint: { + serializedName: "apiEndpoint", + required: true, + type: { + name: "String" + } + }, + rateLimitQps: { + serializedName: "rateLimitQps", + type: { + name: "Number" + } + }, + queryWindowInMin: { + serializedName: "queryWindowInMin", + required: true, + type: { + name: "Number" + } + }, + httpMethod: { + serializedName: "httpMethod", + required: true, + type: { + name: "String" + } + }, + queryTimeFormat: { + serializedName: "queryTimeFormat", + required: true, + type: { + name: "String" + } + }, + retryCount: { + serializedName: "retryCount", + type: { + name: "Number" + } + }, + timeoutInSeconds: { + serializedName: "timeoutInSeconds", + type: { + name: "Number" + } + }, + headers: { + serializedName: "headers", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + queryParameters: { + serializedName: "queryParameters", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + queryParametersTemplate: { + serializedName: "queryParametersTemplate", + type: { + name: "String" + } + }, + startTimeAttributeName: { + serializedName: "startTimeAttributeName", + type: { + name: "String" + } + }, + endTimeAttributeName: { + serializedName: "endTimeAttributeName", + type: { + name: "String" + } + } + } + } +}; + +export const CodelessConnectorPollingPagingProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessConnectorPollingPagingProperties", + modelProperties: { + pagingType: { + serializedName: "pagingType", + required: true, + type: { + name: "String" + } + }, + nextPageParaName: { + serializedName: "nextPageParaName", + type: { + name: "String" + } + }, + nextPageTokenJsonPath: { + serializedName: "nextPageTokenJsonPath", + type: { + name: "String" + } + }, + pageCountAttributePath: { + serializedName: "pageCountAttributePath", + type: { + name: "String" + } + }, + pageTotalCountAttributePath: { + serializedName: "pageTotalCountAttributePath", + type: { + name: "String" + } + }, + pageTimeStampAttributePath: { + serializedName: "pageTimeStampAttributePath", + type: { + name: "String" + } + }, + searchTheLatestTimeStampFromEventsList: { + serializedName: "searchTheLatestTimeStampFromEventsList", + type: { + name: "String" + } + }, + pageSizeParaName: { + serializedName: "pageSizeParaName", + type: { + name: "String" + } + }, + pageSize: { + serializedName: "pageSize", + type: { + name: "Number" + } + } + } + } +}; + +export const CodelessConnectorPollingResponseProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessConnectorPollingResponseProperties", + modelProperties: { + eventsJsonPaths: { + serializedName: "eventsJsonPaths", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + successStatusJsonPath: { + serializedName: "successStatusJsonPath", + type: { + name: "String" + } + }, + successStatusValue: { + serializedName: "successStatusValue", + type: { + name: "String" + } + }, + isGzipCompressed: { + serializedName: "isGzipCompressed", + type: { + name: "Boolean" + } + } + } + } +}; + +export const ThreatIntelligence: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligence", + modelProperties: { + confidence: { + serializedName: "confidence", + readOnly: true, + type: { + name: "Number" + } + }, + providerName: { + serializedName: "providerName", + readOnly: true, + type: { + name: "String" + } + }, + reportLink: { + serializedName: "reportLink", + readOnly: true, + type: { + name: "String" + } + }, + threatDescription: { + serializedName: "threatDescription", + readOnly: true, + type: { + name: "String" + } + }, + threatName: { + serializedName: "threatName", + readOnly: true, + type: { + name: "String" + } + }, + threatType: { + serializedName: "threatType", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const GeoLocation: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "GeoLocation", + modelProperties: { + asn: { + serializedName: "asn", + readOnly: true, + type: { + name: "Number" + } + }, + city: { + serializedName: "city", + readOnly: true, + type: { + name: "String" + } + }, + countryCode: { + serializedName: "countryCode", + readOnly: true, + type: { + name: "String" + } + }, + countryName: { + serializedName: "countryName", + readOnly: true, + type: { + name: "String" + } + }, + latitude: { + serializedName: "latitude", + readOnly: true, + type: { + name: "Number" + } + }, + longitude: { + serializedName: "longitude", + readOnly: true, + type: { + name: "Number" + } + }, + state: { + serializedName: "state", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const ResourceWithEtag: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ResourceWithEtag", + modelProperties: { + ...Resource.type.modelProperties, + etag: { + serializedName: "etag", + type: { + name: "String" + } + } + } + } +}; + +export const AlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "AlertRuleTemplate", + type: { + name: "Composite", + className: "AlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + ...Resource.type.modelProperties, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const Entity: coreClient.CompositeMapper = { + serializedName: "Entity", + type: { + name: "Composite", + className: "Entity", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + ...Resource.type.modelProperties, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const EntityQueryTemplate: coreClient.CompositeMapper = { + serializedName: "EntityQueryTemplate", + type: { + name: "Composite", + className: "EntityQueryTemplate", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + ...Resource.type.modelProperties, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const OfficeConsent: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeConsent", + modelProperties: { + ...Resource.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + consentId: { + serializedName: "properties.consentId", + type: { + name: "String" + } + } + } + } +}; + +export const ActionResponseProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActionResponseProperties", + modelProperties: { + ...ActionPropertiesBase.type.modelProperties, + workflowId: { + serializedName: "workflowId", + type: { + name: "String" + } + } + } + } +}; + +export const ActionRequestProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActionRequestProperties", + modelProperties: { + ...ActionPropertiesBase.type.modelProperties, + triggerUri: { + serializedName: "triggerUri", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const PropertyConditionProperties: coreClient.CompositeMapper = { + serializedName: "Property", + type: { + name: "Composite", + className: "PropertyConditionProperties", + uberParent: "AutomationRuleCondition", + polymorphicDiscriminator: + AutomationRuleCondition.type.polymorphicDiscriminator, + modelProperties: { + ...AutomationRuleCondition.type.modelProperties, + propertyName: { + serializedName: "conditionProperties.propertyName", + type: { + name: "String" + } + }, + operator: { + serializedName: "conditionProperties.operator", + type: { + name: "String" + } + }, + propertyValues: { + serializedName: "conditionProperties.propertyValues", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { + serializedName: "ModifyProperties", + type: { + name: "Composite", + className: "AutomationRuleModifyPropertiesAction", + uberParent: "AutomationRuleAction", + polymorphicDiscriminator: + AutomationRuleAction.type.polymorphicDiscriminator, + modelProperties: { + ...AutomationRuleAction.type.modelProperties, + severity: { + serializedName: "actionConfiguration.severity", + type: { + name: "String" + } + }, + status: { + serializedName: "actionConfiguration.status", + type: { + name: "String" + } + }, + classification: { + serializedName: "actionConfiguration.classification", + type: { + name: "String" + } + }, + classificationReason: { + serializedName: "actionConfiguration.classificationReason", + type: { + name: "String" + } + }, + classificationComment: { + serializedName: "actionConfiguration.classificationComment", + type: { + name: "String" + } + }, + owner: { + serializedName: "actionConfiguration.owner", + type: { + name: "Composite", + className: "IncidentPropertiesActionOwnerInfo" + } + }, + labels: { + serializedName: "actionConfiguration.labels", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentLabel" + } + } + } + } + } + } +}; + +export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { + serializedName: "RunPlaybook", + type: { + name: "Composite", + className: "AutomationRuleRunPlaybookAction", + uberParent: "AutomationRuleAction", + polymorphicDiscriminator: + AutomationRuleAction.type.polymorphicDiscriminator, + modelProperties: { + ...AutomationRuleAction.type.modelProperties, + logicAppResourceId: { + serializedName: "actionConfiguration.logicAppResourceId", + type: { + name: "String" + } + }, + tenantId: { + serializedName: "actionConfiguration.tenantId", + type: { + name: "Uuid" + } + } + } + } +}; + +export const ActivityTimelineItem: coreClient.CompositeMapper = { + serializedName: "Activity", + type: { + name: "Composite", + className: "ActivityTimelineItem", + uberParent: "EntityTimelineItem", + polymorphicDiscriminator: EntityTimelineItem.type.polymorphicDiscriminator, + modelProperties: { + ...EntityTimelineItem.type.modelProperties, + queryId: { + serializedName: "queryId", + required: true, + type: { + name: "String" + } + }, + bucketStartTimeUTC: { + serializedName: "bucketStartTimeUTC", + required: true, + type: { + name: "DateTime" + } + }, + bucketEndTimeUTC: { + serializedName: "bucketEndTimeUTC", + required: true, + type: { + name: "DateTime" + } + }, + firstActivityTimeUTC: { + serializedName: "firstActivityTimeUTC", + required: true, + type: { + name: "DateTime" + } + }, + lastActivityTimeUTC: { + serializedName: "lastActivityTimeUTC", + required: true, + type: { + name: "DateTime" + } + }, + content: { + serializedName: "content", + required: true, + type: { + name: "String" + } + }, + title: { + serializedName: "title", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const BookmarkTimelineItem: coreClient.CompositeMapper = { + serializedName: "Bookmark", + type: { + name: "Composite", + className: "BookmarkTimelineItem", + uberParent: "EntityTimelineItem", + polymorphicDiscriminator: EntityTimelineItem.type.polymorphicDiscriminator, + modelProperties: { + ...EntityTimelineItem.type.modelProperties, + azureResourceId: { + serializedName: "azureResourceId", + required: true, + type: { + name: "String" + } + }, + displayName: { + serializedName: "displayName", + type: { + name: "String" + } + }, + notes: { + serializedName: "notes", + type: { + name: "String" + } + }, + endTimeUtc: { + serializedName: "endTimeUtc", + type: { + name: "DateTime" + } + }, + startTimeUtc: { + serializedName: "startTimeUtc", + type: { + name: "DateTime" + } + }, + eventTime: { + serializedName: "eventTime", + type: { + name: "DateTime" + } + }, + createdBy: { + serializedName: "createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + labels: { + serializedName: "labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const SecurityAlertTimelineItem: coreClient.CompositeMapper = { + serializedName: "SecurityAlert", + type: { + name: "Composite", + className: "SecurityAlertTimelineItem", + uberParent: "EntityTimelineItem", + polymorphicDiscriminator: EntityTimelineItem.type.polymorphicDiscriminator, + modelProperties: { + ...EntityTimelineItem.type.modelProperties, + azureResourceId: { + serializedName: "azureResourceId", + required: true, + type: { + name: "String" + } + }, + productName: { + serializedName: "productName", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "displayName", + required: true, + type: { + name: "String" + } + }, + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + }, + endTimeUtc: { + serializedName: "endTimeUtc", + required: true, + type: { + name: "DateTime" + } + }, + startTimeUtc: { + serializedName: "startTimeUtc", + required: true, + type: { + name: "DateTime" + } + }, + timeGenerated: { + serializedName: "timeGenerated", + required: true, + type: { + name: "DateTime" + } + }, + alertType: { + serializedName: "alertType", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const InsightQueryItem: coreClient.CompositeMapper = { + serializedName: "Insight", + type: { + name: "Composite", + className: "InsightQueryItem", + uberParent: "EntityQueryItem", + polymorphicDiscriminator: EntityQueryItem.type.polymorphicDiscriminator, + modelProperties: { + ...EntityQueryItem.type.modelProperties, + properties: { + serializedName: "properties", + type: { + name: "Composite", + className: "InsightQueryItemProperties" + } + } + } + } +}; + +export const SecurityAlertProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SecurityAlertProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + alertDisplayName: { + serializedName: "alertDisplayName", + readOnly: true, + type: { + name: "String" + } + }, + alertType: { + serializedName: "alertType", + readOnly: true, + type: { + name: "String" + } + }, + compromisedEntity: { + serializedName: "compromisedEntity", + readOnly: true, + type: { + name: "String" + } + }, + confidenceLevel: { + serializedName: "confidenceLevel", + readOnly: true, + type: { + name: "String" + } + }, + confidenceReasons: { + serializedName: "confidenceReasons", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SecurityAlertPropertiesConfidenceReasonsItem" + } + } + } + }, + confidenceScore: { + serializedName: "confidenceScore", + readOnly: true, + type: { + name: "Number" + } + }, + confidenceScoreStatus: { + serializedName: "confidenceScoreStatus", + readOnly: true, + type: { + name: "String" + } + }, + description: { + serializedName: "description", + readOnly: true, + type: { + name: "String" + } + }, + endTimeUtc: { + serializedName: "endTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + intent: { + serializedName: "intent", + readOnly: true, + type: { + name: "String" + } + }, + providerAlertId: { + serializedName: "providerAlertId", + readOnly: true, + type: { + name: "String" + } + }, + processingEndTime: { + serializedName: "processingEndTime", + readOnly: true, + type: { + name: "DateTime" + } + }, + productComponentName: { + serializedName: "productComponentName", + readOnly: true, + type: { + name: "String" + } + }, + productName: { + serializedName: "productName", + readOnly: true, + type: { + name: "String" + } + }, + productVersion: { + serializedName: "productVersion", + readOnly: true, + type: { + name: "String" + } + }, + remediationSteps: { + serializedName: "remediationSteps", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, + startTimeUtc: { + serializedName: "startTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + status: { + serializedName: "status", + readOnly: true, + type: { + name: "String" + } + }, + systemAlertId: { + serializedName: "systemAlertId", + readOnly: true, + type: { + name: "String" + } + }, + tactics: { + serializedName: "tactics", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + timeGenerated: { + serializedName: "timeGenerated", + readOnly: true, + type: { + name: "DateTime" + } + }, + vendorName: { + serializedName: "vendorName", + readOnly: true, + type: { + name: "String" + } + }, + alertLink: { + serializedName: "alertLink", + readOnly: true, + type: { + name: "String" + } + }, + resourceIdentifiers: { + serializedName: "resourceIdentifiers", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } + } + } +}; + +export const HuntingBookmarkProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "HuntingBookmarkProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + created: { + serializedName: "created", + type: { + name: "DateTime" + } + }, + createdBy: { + serializedName: "createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + displayName: { + serializedName: "displayName", + required: true, + type: { + name: "String" + } + }, + eventTime: { + serializedName: "eventTime", + type: { + name: "DateTime" + } + }, + labels: { + serializedName: "labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + notes: { + serializedName: "notes", + type: { + name: "String" + } + }, + query: { + serializedName: "query", + required: true, + type: { + name: "String" + } + }, + queryResult: { + serializedName: "queryResult", + type: { + name: "String" + } + }, + updated: { + serializedName: "updated", + type: { + name: "DateTime" + } + }, + updatedBy: { + serializedName: "updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + incidentInfo: { + serializedName: "incidentInfo", + type: { + name: "Composite", + className: "IncidentInfo" + } + } + } + } +}; + +export const ThreatIntelligenceIndicatorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceIndicatorProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + threatIntelligenceTags: { + serializedName: "threatIntelligenceTags", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + lastUpdatedTimeUtc: { + serializedName: "lastUpdatedTimeUtc", + type: { + name: "String" + } + }, + source: { + serializedName: "source", + type: { + name: "String" + } + }, + displayName: { + serializedName: "displayName", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + indicatorTypes: { + serializedName: "indicatorTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + pattern: { + serializedName: "pattern", + type: { + name: "String" + } + }, + patternType: { + serializedName: "patternType", + type: { + name: "String" + } + }, + patternVersion: { + serializedName: "patternVersion", + type: { + name: "String" + } + }, + killChainPhases: { + serializedName: "killChainPhases", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceKillChainPhase" + } + } + } + }, + parsedPattern: { + serializedName: "parsedPattern", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPattern" + } + } + } + }, + externalId: { + serializedName: "externalId", + type: { + name: "String" + } + }, + createdByRef: { + serializedName: "createdByRef", + type: { + name: "String" + } + }, + defanged: { + serializedName: "defanged", + type: { + name: "Boolean" + } + }, + externalLastUpdatedTimeUtc: { + serializedName: "externalLastUpdatedTimeUtc", + type: { + name: "String" + } + }, + externalReferences: { + serializedName: "externalReferences", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceExternalReference" + } + } + } + }, + granularMarkings: { + serializedName: "granularMarkings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceGranularMarkingModel" + } + } + } + }, + labels: { + serializedName: "labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + revoked: { + serializedName: "revoked", + type: { + name: "Boolean" + } + }, + confidence: { + serializedName: "confidence", + type: { + name: "Number" + } + }, + objectMarkingRefs: { + serializedName: "objectMarkingRefs", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + language: { + serializedName: "language", + type: { + name: "String" + } + }, + threatTypes: { + serializedName: "threatTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + validFrom: { + serializedName: "validFrom", + type: { + name: "String" + } + }, + validUntil: { + serializedName: "validUntil", + type: { + name: "String" + } + }, + created: { + serializedName: "created", + type: { + name: "String" + } + }, + modified: { + serializedName: "modified", + type: { + name: "String" + } + }, + extensions: { + serializedName: "extensions", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } +}; + +export const AccountEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AccountEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + aadTenantId: { + serializedName: "aadTenantId", + readOnly: true, + type: { + name: "String" + } + }, + aadUserId: { + serializedName: "aadUserId", + readOnly: true, + type: { + name: "String" + } + }, + accountName: { + serializedName: "accountName", + readOnly: true, + type: { + name: "String" + } + }, + displayName: { + serializedName: "displayName", + readOnly: true, + type: { + name: "String" + } + }, + hostEntityId: { + serializedName: "hostEntityId", + readOnly: true, + type: { + name: "String" + } + }, + isDomainJoined: { + serializedName: "isDomainJoined", + readOnly: true, + type: { + name: "Boolean" + } + }, + ntDomain: { + serializedName: "ntDomain", + readOnly: true, + type: { + name: "String" + } + }, + objectGuid: { + serializedName: "objectGuid", + readOnly: true, + type: { + name: "Uuid" + } + }, + puid: { + serializedName: "puid", + readOnly: true, + type: { + name: "String" + } + }, + sid: { + serializedName: "sid", + readOnly: true, + type: { + name: "String" + } + }, + upnSuffix: { + serializedName: "upnSuffix", + readOnly: true, + type: { + name: "String" + } + }, + dnsDomain: { + serializedName: "dnsDomain", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const AzureResourceEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AzureResourceEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + resourceId: { + serializedName: "resourceId", + readOnly: true, + type: { + name: "String" + } + }, + subscriptionId: { + serializedName: "subscriptionId", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const CloudApplicationEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CloudApplicationEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + appId: { + serializedName: "appId", + readOnly: true, + type: { + name: "Number" + } + }, + appName: { + serializedName: "appName", + readOnly: true, + type: { + name: "String" + } + }, + instanceName: { + serializedName: "instanceName", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const DnsEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DnsEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + dnsServerIpEntityId: { + serializedName: "dnsServerIpEntityId", + readOnly: true, + type: { + name: "String" + } + }, + domainName: { + serializedName: "domainName", + readOnly: true, + type: { + name: "String" + } + }, + hostIpAddressEntityId: { + serializedName: "hostIpAddressEntityId", + readOnly: true, + type: { + name: "String" + } + }, + ipAddressEntityIds: { + serializedName: "ipAddressEntityIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const FileEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FileEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + directory: { + serializedName: "directory", + readOnly: true, + type: { + name: "String" + } + }, + fileHashEntityIds: { + serializedName: "fileHashEntityIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + fileName: { + serializedName: "fileName", + readOnly: true, + type: { + name: "String" + } + }, + hostEntityId: { + serializedName: "hostEntityId", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const FileHashEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FileHashEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + algorithm: { + serializedName: "algorithm", + readOnly: true, + type: { + name: "String" + } + }, + hashValue: { + serializedName: "hashValue", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const HostEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "HostEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + azureID: { + serializedName: "azureID", + readOnly: true, + type: { + name: "String" + } + }, + dnsDomain: { + serializedName: "dnsDomain", + readOnly: true, + type: { + name: "String" + } + }, + hostName: { + serializedName: "hostName", + readOnly: true, + type: { + name: "String" + } + }, + isDomainJoined: { + serializedName: "isDomainJoined", + readOnly: true, + type: { + name: "Boolean" + } + }, + netBiosName: { + serializedName: "netBiosName", + readOnly: true, + type: { + name: "String" + } + }, + ntDomain: { + serializedName: "ntDomain", + readOnly: true, + type: { + name: "String" + } + }, + omsAgentID: { + serializedName: "omsAgentID", + readOnly: true, + type: { + name: "String" + } + }, + osFamily: { + serializedName: "osFamily", + type: { + name: "Enum", + allowedValues: ["Linux", "Windows", "Android", "IOS", "Unknown"] + } + }, + osVersion: { + serializedName: "osVersion", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const IoTDeviceEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IoTDeviceEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + deviceId: { + serializedName: "deviceId", + readOnly: true, + type: { + name: "String" + } + }, + deviceName: { + serializedName: "deviceName", + readOnly: true, + type: { + name: "String" + } + }, + source: { + serializedName: "source", + readOnly: true, + type: { + name: "String" + } + }, + iotSecurityAgentId: { + serializedName: "iotSecurityAgentId", + readOnly: true, + type: { + name: "Uuid" + } + }, + deviceType: { + serializedName: "deviceType", + readOnly: true, + type: { + name: "String" + } + }, + vendor: { + serializedName: "vendor", + readOnly: true, + type: { + name: "String" + } + }, + edgeId: { + serializedName: "edgeId", + readOnly: true, + type: { + name: "String" + } + }, + macAddress: { + serializedName: "macAddress", + readOnly: true, + type: { + name: "String" + } + }, + model: { + serializedName: "model", + readOnly: true, + type: { + name: "String" + } + }, + serialNumber: { + serializedName: "serialNumber", + readOnly: true, + type: { + name: "String" + } + }, + firmwareVersion: { + serializedName: "firmwareVersion", + readOnly: true, + type: { + name: "String" + } + }, + operatingSystem: { + serializedName: "operatingSystem", + readOnly: true, + type: { + name: "String" + } + }, + iotHubEntityId: { + serializedName: "iotHubEntityId", + readOnly: true, + type: { + name: "String" + } + }, + hostEntityId: { + serializedName: "hostEntityId", + readOnly: true, + type: { + name: "String" + } + }, + ipAddressEntityId: { + serializedName: "ipAddressEntityId", + readOnly: true, + type: { + name: "String" + } + }, + threatIntelligence: { + serializedName: "threatIntelligence", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligence" + } + } + } + }, + protocols: { + serializedName: "protocols", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const IpEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IpEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + address: { + serializedName: "address", + readOnly: true, + type: { + name: "String" + } + }, + location: { + serializedName: "location", + type: { + name: "Composite", + className: "GeoLocation" + } + }, + threatIntelligence: { + serializedName: "threatIntelligence", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligence" + } + } + } + } + } + } +}; + +export const MailboxEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MailboxEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + mailboxPrimaryAddress: { + serializedName: "mailboxPrimaryAddress", + readOnly: true, + type: { + name: "String" + } + }, + displayName: { + serializedName: "displayName", + readOnly: true, + type: { + name: "String" + } + }, + upn: { + serializedName: "upn", + readOnly: true, + type: { + name: "String" + } + }, + externalDirectoryObjectId: { + serializedName: "externalDirectoryObjectId", + readOnly: true, + type: { + name: "Uuid" + } + } + } + } +}; + +export const MailClusterEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MailClusterEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + networkMessageIds: { + serializedName: "networkMessageIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + countByDeliveryStatus: { + serializedName: "countByDeliveryStatus", + readOnly: true, + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + countByThreatType: { + serializedName: "countByThreatType", + readOnly: true, + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + countByProtectionStatus: { + serializedName: "countByProtectionStatus", + readOnly: true, + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + threats: { + serializedName: "threats", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + query: { + serializedName: "query", + readOnly: true, + type: { + name: "String" + } + }, + queryTime: { + serializedName: "queryTime", + readOnly: true, + type: { + name: "DateTime" + } + }, + mailCount: { + serializedName: "mailCount", + readOnly: true, + type: { + name: "Number" + } + }, + isVolumeAnomaly: { + serializedName: "isVolumeAnomaly", + readOnly: true, + type: { + name: "Boolean" + } + }, + source: { + serializedName: "source", + readOnly: true, + type: { + name: "String" + } + }, + clusterSourceIdentifier: { + serializedName: "clusterSourceIdentifier", + readOnly: true, + type: { + name: "String" + } + }, + clusterSourceType: { + serializedName: "clusterSourceType", + readOnly: true, + type: { + name: "String" + } + }, + clusterQueryStartTime: { + serializedName: "clusterQueryStartTime", + readOnly: true, + type: { + name: "DateTime" + } + }, + clusterQueryEndTime: { + serializedName: "clusterQueryEndTime", + readOnly: true, + type: { + name: "DateTime" + } + }, + clusterGroup: { + serializedName: "clusterGroup", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const MailMessageEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MailMessageEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + fileEntityIds: { + serializedName: "fileEntityIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + recipient: { + serializedName: "recipient", + readOnly: true, + type: { + name: "String" + } + }, + urls: { + serializedName: "urls", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + threats: { + serializedName: "threats", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + p1Sender: { + serializedName: "p1Sender", + readOnly: true, + type: { + name: "String" + } + }, + p1SenderDisplayName: { + serializedName: "p1SenderDisplayName", + readOnly: true, + type: { + name: "String" + } + }, + p1SenderDomain: { + serializedName: "p1SenderDomain", + readOnly: true, + type: { + name: "String" + } + }, + senderIP: { + serializedName: "senderIP", + readOnly: true, + type: { + name: "String" + } + }, + p2Sender: { + serializedName: "p2Sender", + readOnly: true, + type: { + name: "String" + } + }, + p2SenderDisplayName: { + serializedName: "p2SenderDisplayName", + readOnly: true, + type: { + name: "String" + } + }, + p2SenderDomain: { + serializedName: "p2SenderDomain", + readOnly: true, + type: { + name: "String" + } + }, + receiveDate: { + serializedName: "receiveDate", + readOnly: true, + type: { + name: "DateTime" + } + }, + networkMessageId: { + serializedName: "networkMessageId", + readOnly: true, + type: { + name: "Uuid" + } + }, + internetMessageId: { + serializedName: "internetMessageId", + readOnly: true, + type: { + name: "String" + } + }, + subject: { + serializedName: "subject", + readOnly: true, + type: { + name: "String" + } + }, + language: { + serializedName: "language", + readOnly: true, + type: { + name: "String" + } + }, + threatDetectionMethods: { + serializedName: "threatDetectionMethods", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + bodyFingerprintBin1: { + serializedName: "bodyFingerprintBin1", + type: { + name: "Number" + } + }, + bodyFingerprintBin2: { + serializedName: "bodyFingerprintBin2", + type: { + name: "Number" + } + }, + bodyFingerprintBin3: { + serializedName: "bodyFingerprintBin3", + type: { + name: "Number" + } + }, + bodyFingerprintBin4: { + serializedName: "bodyFingerprintBin4", + type: { + name: "Number" + } + }, + bodyFingerprintBin5: { + serializedName: "bodyFingerprintBin5", + type: { + name: "Number" + } + }, + antispamDirection: { + serializedName: "antispamDirection", + type: { + name: "String" + } + }, + deliveryAction: { + serializedName: "deliveryAction", + type: { + name: "Enum", + allowedValues: [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ] + } + }, + deliveryLocation: { + serializedName: "deliveryLocation", + type: { + name: "Enum", + allowedValues: [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ] + } + } + } + } +}; + +export const MalwareEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MalwareEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + category: { + serializedName: "category", + readOnly: true, + type: { + name: "String" + } + }, + fileEntityIds: { + serializedName: "fileEntityIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + malwareName: { + serializedName: "malwareName", + readOnly: true, + type: { + name: "String" + } + }, + processEntityIds: { + serializedName: "processEntityIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ProcessEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ProcessEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + accountEntityId: { + serializedName: "accountEntityId", + readOnly: true, + type: { + name: "String" + } + }, + commandLine: { + serializedName: "commandLine", + readOnly: true, + type: { + name: "String" + } + }, + creationTimeUtc: { + serializedName: "creationTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + elevationToken: { + serializedName: "elevationToken", + type: { + name: "Enum", + allowedValues: ["Default", "Full", "Limited"] + } + }, + hostEntityId: { + serializedName: "hostEntityId", + readOnly: true, + type: { + name: "String" + } + }, + hostLogonSessionEntityId: { + serializedName: "hostLogonSessionEntityId", + readOnly: true, + type: { + name: "String" + } + }, + imageFileEntityId: { + serializedName: "imageFileEntityId", + readOnly: true, + type: { + name: "String" + } + }, + parentProcessEntityId: { + serializedName: "parentProcessEntityId", + readOnly: true, + type: { + name: "String" + } + }, + processId: { + serializedName: "processId", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const RegistryKeyEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "RegistryKeyEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + hive: { + serializedName: "hive", + readOnly: true, + type: { + name: "String" + } + }, + key: { + serializedName: "key", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const RegistryValueEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "RegistryValueEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + keyEntityId: { + serializedName: "keyEntityId", + readOnly: true, + type: { + name: "String" + } + }, + valueData: { + serializedName: "valueData", + readOnly: true, + type: { + name: "String" + } + }, + valueName: { + serializedName: "valueName", + readOnly: true, + type: { + name: "String" + } + }, + valueType: { + serializedName: "valueType", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const SecurityGroupEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SecurityGroupEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + distinguishedName: { + serializedName: "distinguishedName", + readOnly: true, + type: { + name: "String" + } + }, + objectGuid: { + serializedName: "objectGuid", + readOnly: true, + type: { + name: "Uuid" + } + }, + sid: { + serializedName: "sid", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const SubmissionMailEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SubmissionMailEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + networkMessageId: { + serializedName: "networkMessageId", + readOnly: true, + type: { + name: "Uuid" + } + }, + submissionId: { + serializedName: "submissionId", + readOnly: true, + type: { + name: "Uuid" + } + }, + submitter: { + serializedName: "submitter", + readOnly: true, + type: { + name: "String" + } + }, + submissionDate: { + serializedName: "submissionDate", + readOnly: true, + type: { + name: "DateTime" + } + }, + timestamp: { + serializedName: "timestamp", + readOnly: true, + type: { + name: "DateTime" + } + }, + recipient: { + serializedName: "recipient", + readOnly: true, + type: { + name: "String" + } + }, + sender: { + serializedName: "sender", + readOnly: true, + type: { + name: "String" + } + }, + senderIp: { + serializedName: "senderIp", + readOnly: true, + type: { + name: "String" + } + }, + subject: { + serializedName: "subject", + readOnly: true, + type: { + name: "String" + } + }, + reportType: { + serializedName: "reportType", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const UrlEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "UrlEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + url: { + serializedName: "url", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceIndicatorModelForRequestBody: coreClient.CompositeMapper = { + serializedName: "indicator", + type: { + name: "Composite", + className: "ThreatIntelligenceIndicatorModelForRequestBody", + modelProperties: { + ...ThreatIntelligenceResourceKind.type.modelProperties, + etag: { + serializedName: "etag", + type: { + name: "String" + } + }, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + threatIntelligenceTags: { + serializedName: "properties.threatIntelligenceTags", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + lastUpdatedTimeUtc: { + serializedName: "properties.lastUpdatedTimeUtc", + type: { + name: "String" + } + }, + source: { + serializedName: "properties.source", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + indicatorTypes: { + serializedName: "properties.indicatorTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + pattern: { + serializedName: "properties.pattern", + type: { + name: "String" + } + }, + patternType: { + serializedName: "properties.patternType", + type: { + name: "String" + } + }, + patternVersion: { + serializedName: "properties.patternVersion", + type: { + name: "String" + } + }, + killChainPhases: { + serializedName: "properties.killChainPhases", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceKillChainPhase" + } + } + } + }, + parsedPattern: { + serializedName: "properties.parsedPattern", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPattern" + } + } + } + }, + externalId: { + serializedName: "properties.externalId", + type: { + name: "String" + } + }, + createdByRef: { + serializedName: "properties.createdByRef", + type: { + name: "String" + } + }, + defanged: { + serializedName: "properties.defanged", + type: { + name: "Boolean" + } + }, + externalLastUpdatedTimeUtc: { + serializedName: "properties.externalLastUpdatedTimeUtc", + type: { + name: "String" + } + }, + externalReferences: { + serializedName: "properties.externalReferences", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceExternalReference" + } + } + } + }, + granularMarkings: { + serializedName: "properties.granularMarkings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceGranularMarkingModel" + } + } + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + revoked: { + serializedName: "properties.revoked", + type: { + name: "Boolean" + } + }, + confidence: { + serializedName: "properties.confidence", + type: { + name: "Number" + } + }, + objectMarkingRefs: { + serializedName: "properties.objectMarkingRefs", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + language: { + serializedName: "properties.language", + type: { + name: "String" + } + }, + threatTypes: { + serializedName: "properties.threatTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + validFrom: { + serializedName: "properties.validFrom", + type: { + name: "String" + } + }, + validUntil: { + serializedName: "properties.validUntil", + type: { + name: "String" + } + }, + created: { + serializedName: "properties.created", + type: { + name: "String" + } + }, + modified: { + serializedName: "properties.modified", + type: { + name: "String" + } + }, + extensions: { + serializedName: "properties.extensions", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } +}; + +export const ThreatIntelligenceInformation: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligenceInformation", + type: { + name: "Composite", + className: "ThreatIntelligenceInformation", + uberParent: "ThreatIntelligenceResourceKind", + polymorphicDiscriminator: + ThreatIntelligenceResourceKind.type.polymorphicDiscriminator, + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + ...ThreatIntelligenceResourceKind.type.modelProperties + } + } +}; + +export const AADCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureActiveDirectory", + type: { + name: "Composite", + className: "AADCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const AatpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureAdvancedThreatProtection", + type: { + name: "Composite", + className: "AatpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const ASCCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureSecurityCenter", + type: { + name: "Composite", + className: "ASCCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + subscriptionId: { + serializedName: "properties.subscriptionId", + type: { + name: "String" + } + } + } + } +}; + +export const AwsCloudTrailCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesCloudTrail", + type: { + name: "Composite", + className: "AwsCloudTrailCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties + } + } +}; + +export const AwsS3CheckRequirements: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesS3", + type: { + name: "Composite", + className: "AwsS3CheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties + } + } +}; + +export const Dynamics365CheckRequirements: coreClient.CompositeMapper = { + serializedName: "Dynamics365", + type: { + name: "Composite", + className: "Dynamics365CheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const McasCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftCloudAppSecurity", + type: { + name: "Composite", + className: "McasCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MdatpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftDefenderAdvancedThreatProtection", + type: { + name: "Composite", + className: "MdatpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MstiCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftThreatIntelligence", + type: { + name: "Composite", + className: "MstiCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MtpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftThreatProtection", + type: { + name: "Composite", + className: "MtpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficeATPCheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficeATP", + type: { + name: "Composite", + className: "OfficeATPCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficeIRMCheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficeIRM", + type: { + name: "Composite", + className: "OfficeIRMCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const Office365ProjectCheckRequirements: coreClient.CompositeMapper = { + serializedName: "Office365Project", + type: { + name: "Composite", + className: "Office365ProjectCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficePowerBICheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficePowerBI", + type: { + name: "Composite", + className: "OfficePowerBICheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const TICheckRequirements: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligence", + type: { + name: "Composite", + className: "TICheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const TiTaxiiCheckRequirements: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligenceTaxii", + type: { + name: "Composite", + className: "TiTaxiiCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MLBehaviorAnalyticsAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MLBehaviorAnalyticsAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplatePropertiesBase.type.modelProperties, + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + }, + tactics: { + serializedName: "tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const FusionAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplatePropertiesBase.type.modelProperties, + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + }, + tactics: { + serializedName: "tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplatePropertiesBase.type.modelProperties, + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + }, + tactics: { + serializedName: "tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplatePropertiesBase.type.modelProperties, + ...MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.type + .modelProperties + } + } +}; + +export const ScheduledAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ScheduledAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplatePropertiesBase.type.modelProperties, + ...QueryBasedAlertRuleTemplateProperties.type.modelProperties, + ...ScheduledAlertRuleCommonProperties.type.modelProperties + } + } +}; + +export const NrtAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "NrtAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplatePropertiesBase.type.modelProperties, + ...QueryBasedAlertRuleTemplateProperties.type.modelProperties + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRuleProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MicrosoftSecurityIncidentCreationAlertRuleProperties", + modelProperties: { + ...MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.type + .modelProperties, + alertRuleTemplateName: { + serializedName: "alertRuleTemplateName", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "displayName", + required: true, + type: { + name: "String" + } + }, + enabled: { + serializedName: "enabled", + required: true, + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + } + } + } +}; + +export const ScheduledAlertRuleProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ScheduledAlertRuleProperties", + modelProperties: { + ...ScheduledAlertRuleCommonProperties.type.modelProperties, + ...QueryBasedAlertRuleProperties.type.modelProperties + } + } +}; + +export const NrtAlertRuleProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "NrtAlertRuleProperties", + modelProperties: { + ...QueryBasedAlertRuleProperties.type.modelProperties + } + } +}; + +export const InsightQueryItemProperties: coreClient.CompositeMapper = { + serializedName: "Insight", + type: { + name: "Composite", + className: "InsightQueryItemProperties", + modelProperties: { + ...EntityQueryItemProperties.type.modelProperties, + displayName: { + serializedName: "displayName", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + baseQuery: { + serializedName: "baseQuery", + type: { + name: "String" + } + }, + tableQuery: { + serializedName: "tableQuery", + type: { + name: "Composite", + className: "InsightQueryItemPropertiesTableQuery" + } + }, + chartQuery: { + serializedName: "chartQuery", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + additionalQuery: { + serializedName: "additionalQuery", + type: { + name: "Composite", + className: "InsightQueryItemPropertiesAdditionalQuery" + } + }, + defaultTimeRange: { + serializedName: "defaultTimeRange", + type: { + name: "Composite", + className: "InsightQueryItemPropertiesDefaultTimeRange" + } + }, + referenceTimeRange: { + serializedName: "referenceTimeRange", + type: { + name: "Composite", + className: "InsightQueryItemPropertiesReferenceTimeRange" + } + } + } + } +}; + +export const AADCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AADCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const AatpCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AatpCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const Dynamics365CheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Dynamics365CheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const McasCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "McasCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const MdatpCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MdatpCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const MstiCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MstiCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const MTPCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MTPCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const OfficeATPCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeATPCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const OfficeIRMCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeIRMCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const Office365ProjectCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const OfficePowerBICheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBICheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const TICheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TICheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const TiTaxiiCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TiTaxiiCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const AADDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AADDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + ...DataConnectorWithAlertsProperties.type.modelProperties + } + } +}; + +export const MstiDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MstiDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "MstiDataConnectorDataTypes" + } + } + } + } +}; + +export const MTPDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MTPDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "MTPDataConnectorDataTypes" + } + } + } + } +}; + +export const AatpDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AatpDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + ...DataConnectorWithAlertsProperties.type.modelProperties + } + } +}; + +export const McasDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "McasDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "McasDataConnectorDataTypes" + } + } + } + } +}; + +export const Dynamics365DataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Dynamics365DataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "Dynamics365DataConnectorDataTypes" + } + } + } + } +}; + +export const OfficeATPDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeATPDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + ...DataConnectorWithAlertsProperties.type.modelProperties + } + } +}; + +export const OfficeIRMDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeIRMDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + ...DataConnectorWithAlertsProperties.type.modelProperties + } + } +}; + +export const MdatpDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MdatpDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + ...DataConnectorWithAlertsProperties.type.modelProperties + } + } +}; + +export const OfficeDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypes" + } + } + } + } +}; + +export const TIDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TIDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + tipLookbackPeriod: { + serializedName: "tipLookbackPeriod", + nullable: true, + type: { + name: "DateTime" + } + }, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "TIDataConnectorDataTypes" + } + } + } + } +}; + +export const TiTaxiiDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TiTaxiiDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + workspaceId: { + serializedName: "workspaceId", + type: { + name: "String" + } + }, + friendlyName: { + serializedName: "friendlyName", + type: { + name: "String" + } + }, + taxiiServer: { + serializedName: "taxiiServer", + type: { + name: "String" + } + }, + collectionId: { + serializedName: "collectionId", + type: { + name: "String" + } + }, + userName: { + serializedName: "userName", + type: { + name: "String" + } + }, + password: { + serializedName: "password", + type: { + name: "String" + } + }, + taxiiLookbackPeriod: { + serializedName: "taxiiLookbackPeriod", + nullable: true, + type: { + name: "DateTime" + } + }, + pollingFrequency: { + serializedName: "pollingFrequency", + required: true, + nullable: true, + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "TiTaxiiDataConnectorDataTypes" + } + } + } + } +}; + +export const ASCDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ASCDataConnectorProperties", + modelProperties: { + ...DataConnectorWithAlertsProperties.type.modelProperties, + subscriptionId: { + serializedName: "subscriptionId", + type: { + name: "String" + } + } + } + } +}; + +export const McasDataConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "McasDataConnectorDataTypes", + modelProperties: { + ...AlertsDataTypeOfDataConnector.type.modelProperties, + discoveryLogs: { + serializedName: "discoveryLogs", + type: { + name: "Composite", + className: "DataConnectorDataTypeCommon" + } + } + } + } +}; + +export const MstiDataConnectorDataTypesBingSafetyPhishingURL: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MstiDataConnectorDataTypesBingSafetyPhishingURL", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties, + lookbackPeriod: { + serializedName: "lookbackPeriod", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties, + lookbackPeriod: { + serializedName: "lookbackPeriod", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const MTPDataConnectorDataTypesIncidents: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MTPDataConnectorDataTypesIncidents", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const AwsCloudTrailDataConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AwsCloudTrailDataConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const AwsS3DataConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AwsS3DataConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const Dynamics365DataConnectorDataTypesDynamics365CdsActivities: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const Office365ProjectConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const OfficePowerBIConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const OfficeDataConnectorDataTypesExchange: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypesExchange", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const OfficeDataConnectorDataTypesSharePoint: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypesSharePoint", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const OfficeDataConnectorDataTypesTeams: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypesTeams", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const TIDataConnectorDataTypesIndicators: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TIDataConnectorDataTypesIndicators", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const TiTaxiiDataConnectorDataTypesTaxiiClient: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TiTaxiiDataConnectorDataTypesTaxiiClient", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const CodelessUiConnectorConfigPropertiesGraphQueriesItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessUiConnectorConfigPropertiesGraphQueriesItem", + modelProperties: { + ...GraphQueries.type.modelProperties + } + } +}; + +export const CodelessUiConnectorConfigPropertiesSampleQueriesItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessUiConnectorConfigPropertiesSampleQueriesItem", + modelProperties: { + ...SampleQueries.type.modelProperties + } + } +}; + +export const CodelessUiConnectorConfigPropertiesDataTypesItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessUiConnectorConfigPropertiesDataTypesItem", + modelProperties: { + ...LastDataReceivedDataType.type.modelProperties + } + } +}; + +export const CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem", + modelProperties: { + ...ConnectivityCriteria.type.modelProperties + } + } +}; + +export const PermissionsResourceProviderItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "PermissionsResourceProviderItem", + modelProperties: { + ...ResourceProvider.type.modelProperties + } + } +}; + +export const Customs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Customs", + modelProperties: { + ...CustomsPermission.type.modelProperties + } + } +}; + +export const CodelessUiConnectorConfigPropertiesInstructionStepsItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "CodelessUiConnectorConfigPropertiesInstructionStepsItem", + modelProperties: { + ...InstructionSteps.type.modelProperties + } + } +}; + +export const InstructionStepsInstructionsItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InstructionStepsInstructionsItem", + modelProperties: { + ...ConnectorInstructionModelBase.type.modelProperties + } + } +}; + +export const AlertRule: coreClient.CompositeMapper = { + serializedName: "AlertRule", + type: { + name: "Composite", + className: "AlertRule", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const ActionResponse: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActionResponse", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + logicAppResourceId: { + serializedName: "properties.logicAppResourceId", + type: { + name: "String" + } + }, + workflowId: { + serializedName: "properties.workflowId", + type: { + name: "String" + } + } + } + } +}; + +export const ActionRequest: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActionRequest", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + logicAppResourceId: { + serializedName: "properties.logicAppResourceId", + type: { + name: "String" + } + }, + triggerUri: { + serializedName: "properties.triggerUri", + type: { + name: "String" + } + } + } + } +}; + +export const AutomationRule: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AutomationRule", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + displayName: { + serializedName: "properties.displayName", + required: true, + type: { + name: "String" + } + }, + order: { + serializedName: "properties.order", + required: true, + type: { + name: "Number" + } + }, + triggeringLogic: { + serializedName: "properties.triggeringLogic", + type: { + name: "Composite", + className: "AutomationRuleTriggeringLogic" + } + }, + actions: { + serializedName: "properties.actions", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AutomationRuleAction" + } + } + } + }, + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + lastModifiedBy: { + serializedName: "properties.lastModifiedBy", + type: { + name: "Composite", + className: "ClientInfo" + } + }, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "ClientInfo" + } + } + } + } +}; + +export const Bookmark: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Bookmark", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + created: { + serializedName: "properties.created", + type: { + name: "DateTime" + } + }, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + notes: { + serializedName: "properties.notes", + type: { + name: "String" + } + }, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + queryResult: { + serializedName: "properties.queryResult", + type: { + name: "String" + } + }, + updated: { + serializedName: "properties.updated", + type: { + name: "DateTime" + } + }, + updatedBy: { + serializedName: "properties.updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + eventTime: { + serializedName: "properties.eventTime", + type: { + name: "DateTime" + } + }, + queryStartTime: { + serializedName: "properties.queryStartTime", + type: { + name: "DateTime" + } + }, + queryEndTime: { + serializedName: "properties.queryEndTime", + type: { + name: "DateTime" + } + }, + incidentInfo: { + serializedName: "properties.incidentInfo", + type: { + name: "Composite", + className: "IncidentInfo" + } + }, + entityMappings: { + serializedName: "properties.entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "BookmarkEntityMappings" + } + } + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const Relation: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Relation", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + relatedResourceId: { + serializedName: "properties.relatedResourceId", + type: { + name: "String" + } + }, + relatedResourceName: { + serializedName: "properties.relatedResourceName", + readOnly: true, + type: { + name: "String" + } + }, + relatedResourceType: { + serializedName: "properties.relatedResourceType", + readOnly: true, + type: { + name: "String" + } + }, + relatedResourceKind: { + serializedName: "properties.relatedResourceKind", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const EntityQuery: coreClient.CompositeMapper = { + serializedName: "EntityQuery", + type: { + name: "Composite", + className: "EntityQuery", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const CustomEntityQuery: coreClient.CompositeMapper = { + serializedName: "CustomEntityQuery", + type: { + name: "Composite", + className: "CustomEntityQuery", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const Incident: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Incident", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + type: { + name: "Composite", + className: "IncidentAdditionalData" + } + }, + classification: { + serializedName: "properties.classification", + type: { + name: "String" + } + }, + classificationComment: { + serializedName: "properties.classificationComment", + type: { + name: "String" + } + }, + classificationReason: { + serializedName: "properties.classificationReason", + type: { + name: "String" + } + }, + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + firstActivityTimeUtc: { + serializedName: "properties.firstActivityTimeUtc", + type: { + name: "DateTime" + } + }, + incidentUrl: { + serializedName: "properties.incidentUrl", + readOnly: true, + type: { + name: "String" + } + }, + incidentNumber: { + serializedName: "properties.incidentNumber", + readOnly: true, + type: { + name: "Number" + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentLabel" + } + } + } + }, + providerName: { + serializedName: "properties.providerName", + type: { + name: "String" + } + }, + providerIncidentId: { + serializedName: "properties.providerIncidentId", + type: { + name: "String" + } + }, + lastActivityTimeUtc: { + serializedName: "properties.lastActivityTimeUtc", + type: { + name: "DateTime" + } + }, + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + owner: { + serializedName: "properties.owner", + type: { + name: "Composite", + className: "IncidentOwnerInfo" + } + }, + relatedAnalyticRuleIds: { + serializedName: "properties.relatedAnalyticRuleIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + teamInformation: { + serializedName: "properties.teamInformation", + type: { + name: "Composite", + className: "TeamInformation" + } + }, + title: { + serializedName: "properties.title", + type: { + name: "String" + } + } + } + } +}; + +export const IncidentComment: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentComment", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + message: { + serializedName: "properties.message", + type: { + name: "String" + } + }, + author: { + serializedName: "properties.author", + type: { + name: "Composite", + className: "ClientInfo" + } + } + } + } +}; + +export const MetadataModel: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataModel", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + contentId: { + serializedName: "properties.contentId", + type: { + name: "String" + } + }, + parentId: { + serializedName: "properties.parentId", + type: { + name: "String" + } + }, + version: { + serializedName: "properties.version", + type: { + name: "String" + } + }, + kind: { + serializedName: "properties.kind", + type: { + name: "String" + } + }, + source: { + serializedName: "properties.source", + type: { + name: "Composite", + className: "MetadataSource" + } + }, + author: { + serializedName: "properties.author", + type: { + name: "Composite", + className: "MetadataAuthor" + } + }, + support: { + serializedName: "properties.support", + type: { + name: "Composite", + className: "MetadataSupport" + } + }, + dependencies: { + serializedName: "properties.dependencies", + type: { + name: "Composite", + className: "MetadataDependencies" + } + }, + categories: { + serializedName: "properties.categories", + type: { + name: "Composite", + className: "MetadataCategories" + } + }, + providers: { + serializedName: "properties.providers", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + firstPublishDate: { + serializedName: "properties.firstPublishDate", + type: { + name: "Date" + } + }, + lastPublishDate: { + serializedName: "properties.lastPublishDate", + type: { + name: "Date" + } + } + } + } +}; + +export const MetadataPatch: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataPatch", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + contentId: { + serializedName: "properties.contentId", + type: { + name: "String" + } + }, + parentId: { + serializedName: "properties.parentId", + type: { + name: "String" + } + }, + version: { + serializedName: "properties.version", + type: { + name: "String" + } + }, + kind: { + serializedName: "properties.kind", + type: { + name: "String" + } + }, + source: { + serializedName: "properties.source", + type: { + name: "Composite", + className: "MetadataSource" + } + }, + author: { + serializedName: "properties.author", + type: { + name: "Composite", + className: "MetadataAuthor" + } + }, + support: { + serializedName: "properties.support", + type: { + name: "Composite", + className: "MetadataSupport" + } + }, + dependencies: { + serializedName: "properties.dependencies", + type: { + name: "Composite", + className: "MetadataDependencies" + } + }, + categories: { + serializedName: "properties.categories", + type: { + name: "Composite", + className: "MetadataCategories" + } + }, + providers: { + serializedName: "properties.providers", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + firstPublishDate: { + serializedName: "properties.firstPublishDate", + type: { + name: "Date" + } + }, + lastPublishDate: { + serializedName: "properties.lastPublishDate", + type: { + name: "Date" + } + } + } + } +}; + +export const SentinelOnboardingState: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SentinelOnboardingState", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + customerManagedKey: { + serializedName: "properties.customerManagedKey", + type: { + name: "Boolean" + } + } + } + } +}; + +export const Settings: coreClient.CompositeMapper = { + serializedName: "Settings", + type: { + name: "Composite", + className: "Settings", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const SourceControl: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SourceControl", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + idPropertiesId: { + serializedName: "properties.id", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + repoType: { + serializedName: "properties.repoType", + type: { + name: "String" + } + }, + contentTypes: { + serializedName: "properties.contentTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + repository: { + serializedName: "properties.repository", + type: { + name: "Composite", + className: "Repository" + } + } + } + } +}; + +export const Watchlist: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Watchlist", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + watchlistId: { + serializedName: "properties.watchlistId", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + provider: { + serializedName: "properties.provider", + type: { + name: "String" + } + }, + source: { + serializedName: "properties.source", + type: { + name: "String" + } + }, + created: { + serializedName: "properties.created", + type: { + name: "DateTime" + } + }, + updated: { + serializedName: "properties.updated", + type: { + name: "DateTime" + } + }, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + updatedBy: { + serializedName: "properties.updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + watchlistType: { + serializedName: "properties.watchlistType", + type: { + name: "String" + } + }, + watchlistAlias: { + serializedName: "properties.watchlistAlias", + type: { + name: "String" + } + }, + isDeleted: { + serializedName: "properties.isDeleted", + type: { + name: "Boolean" + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + defaultDuration: { + serializedName: "properties.defaultDuration", + type: { + name: "TimeSpan" + } + }, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + numberOfLinesToSkip: { + serializedName: "properties.numberOfLinesToSkip", + type: { + name: "Number" + } + }, + rawContent: { + serializedName: "properties.rawContent", + type: { + name: "String" + } + }, + itemsSearchKey: { + serializedName: "properties.itemsSearchKey", + type: { + name: "String" + } + }, + contentType: { + serializedName: "properties.contentType", + type: { + name: "String" + } + }, + uploadStatus: { + serializedName: "properties.uploadStatus", + type: { + name: "String" + } + }, + watchlistItemsCount: { + serializedName: "properties.watchlistItemsCount", + type: { + name: "Number" + } + } + } + } +}; + +export const WatchlistItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "WatchlistItem", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + watchlistItemType: { + serializedName: "properties.watchlistItemType", + type: { + name: "String" + } + }, + watchlistItemId: { + serializedName: "properties.watchlistItemId", + type: { + name: "String" + } + }, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + isDeleted: { + serializedName: "properties.isDeleted", + type: { + name: "Boolean" + } + }, + created: { + serializedName: "properties.created", + type: { + name: "DateTime" + } + }, + updated: { + serializedName: "properties.updated", + type: { + name: "DateTime" + } + }, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + updatedBy: { + serializedName: "properties.updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + itemsKeyValue: { + serializedName: "properties.itemsKeyValue", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + entityMapping: { + serializedName: "properties.entityMapping", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } +}; + +export const DataConnector: coreClient.CompositeMapper = { + serializedName: "DataConnector", + type: { + name: "Composite", + className: "DataConnector", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const MLBehaviorAnalyticsAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "MLBehaviorAnalytics", + type: { + name: "Composite", + className: "MLBehaviorAnalyticsAlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + createdDateUTC: { + serializedName: "properties.createdDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } + } + }, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const FusionAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "Fusion", + type: { + name: "Composite", + className: "FusionAlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + createdDateUTC: { + serializedName: "properties.createdDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } + } + }, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligence", + type: { + name: "Composite", + className: "ThreatIntelligenceAlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + createdDateUTC: { + serializedName: "properties.createdDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } + } + }, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "MicrosoftSecurityIncidentCreation", + type: { + name: "Composite", + className: "MicrosoftSecurityIncidentCreationAlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + createdDateUTC: { + serializedName: "properties.createdDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } + } + }, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + displayNamesFilter: { + serializedName: "properties.displayNamesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + displayNamesExcludeFilter: { + serializedName: "properties.displayNamesExcludeFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + productFilter: { + serializedName: "properties.productFilter", + type: { + name: "String" + } + }, + severitiesFilter: { + serializedName: "properties.severitiesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "Scheduled", + type: { + name: "Composite", + className: "ScheduledAlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + createdDateUTC: { + serializedName: "properties.createdDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } + } + }, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + version: { + serializedName: "properties.version", + type: { + name: "String" + } + }, + customDetails: { + serializedName: "properties.customDetails", + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + }, + entityMappings: { + serializedName: "properties.entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityMapping" + } + } + } + }, + alertDetailsOverride: { + serializedName: "properties.alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } + }, + queryFrequency: { + serializedName: "properties.queryFrequency", + type: { + name: "TimeSpan" + } + }, + queryPeriod: { + serializedName: "properties.queryPeriod", + type: { + name: "TimeSpan" + } + }, + triggerOperator: { + serializedName: "properties.triggerOperator", + type: { + name: "Enum", + allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] + } + }, + triggerThreshold: { + serializedName: "properties.triggerThreshold", + type: { + name: "Number" + } + }, + eventGroupingSettings: { + serializedName: "properties.eventGroupingSettings", + type: { + name: "Composite", + className: "EventGroupingSettings" + } + } + } + } +}; + +export const NrtAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "NRT", + type: { + name: "Composite", + className: "NrtAlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + createdDateUTC: { + serializedName: "properties.createdDateUTC", + readOnly: true, + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } + } + }, + status: { + serializedName: "properties.status", + type: { + name: "String" + } + }, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + version: { + serializedName: "properties.version", + type: { + name: "String" + } + }, + customDetails: { + serializedName: "properties.customDetails", + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + }, + entityMappings: { + serializedName: "properties.entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityMapping" + } + } + } + }, + alertDetailsOverride: { + serializedName: "properties.alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } + } + } + } +}; + +export const SecurityAlert: coreClient.CompositeMapper = { + serializedName: "SecurityAlert", + type: { + name: "Composite", + className: "SecurityAlert", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + alertDisplayName: { + serializedName: "properties.alertDisplayName", + readOnly: true, + type: { + name: "String" + } + }, + alertType: { + serializedName: "properties.alertType", + readOnly: true, + type: { + name: "String" + } + }, + compromisedEntity: { + serializedName: "properties.compromisedEntity", + readOnly: true, + type: { + name: "String" + } + }, + confidenceLevel: { + serializedName: "properties.confidenceLevel", + readOnly: true, + type: { + name: "String" + } + }, + confidenceReasons: { + serializedName: "properties.confidenceReasons", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SecurityAlertPropertiesConfidenceReasonsItem" + } + } + } + }, + confidenceScore: { + serializedName: "properties.confidenceScore", + readOnly: true, + type: { + name: "Number" + } + }, + confidenceScoreStatus: { + serializedName: "properties.confidenceScoreStatus", + readOnly: true, + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + readOnly: true, + type: { + name: "String" + } + }, + endTimeUtc: { + serializedName: "properties.endTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + intent: { + serializedName: "properties.intent", + readOnly: true, + type: { + name: "String" + } + }, + providerAlertId: { + serializedName: "properties.providerAlertId", + readOnly: true, + type: { + name: "String" + } + }, + processingEndTime: { + serializedName: "properties.processingEndTime", + readOnly: true, + type: { + name: "DateTime" + } + }, + productComponentName: { + serializedName: "properties.productComponentName", + readOnly: true, + type: { + name: "String" + } + }, + productName: { + serializedName: "properties.productName", + readOnly: true, + type: { + name: "String" + } + }, + productVersion: { + serializedName: "properties.productVersion", + readOnly: true, + type: { + name: "String" + } + }, + remediationSteps: { + serializedName: "properties.remediationSteps", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + startTimeUtc: { + serializedName: "properties.startTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + status: { + serializedName: "properties.status", + readOnly: true, + type: { + name: "String" + } + }, + systemAlertId: { + serializedName: "properties.systemAlertId", + readOnly: true, + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + timeGenerated: { + serializedName: "properties.timeGenerated", + readOnly: true, + type: { + name: "DateTime" + } + }, + vendorName: { + serializedName: "properties.vendorName", + readOnly: true, + type: { + name: "String" + } + }, + alertLink: { + serializedName: "properties.alertLink", + readOnly: true, + type: { + name: "String" + } + }, + resourceIdentifiers: { + serializedName: "properties.resourceIdentifiers", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } + } + } +}; + +export const HuntingBookmark: coreClient.CompositeMapper = { + serializedName: "Bookmark", + type: { + name: "Composite", + className: "HuntingBookmark", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + created: { + serializedName: "properties.created", + type: { + name: "DateTime" + } + }, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + eventTime: { + serializedName: "properties.eventTime", + type: { + name: "DateTime" + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + notes: { + serializedName: "properties.notes", + type: { + name: "String" + } + }, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + queryResult: { + serializedName: "properties.queryResult", + type: { + name: "String" + } + }, + updated: { + serializedName: "properties.updated", + type: { + name: "DateTime" + } + }, + updatedBy: { + serializedName: "properties.updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + incidentInfo: { + serializedName: "properties.incidentInfo", + type: { + name: "Composite", + className: "IncidentInfo" + } + } + } + } +}; + +export const AccountEntity: coreClient.CompositeMapper = { + serializedName: "Account", + type: { + name: "Composite", + className: "AccountEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + aadTenantId: { + serializedName: "properties.aadTenantId", + readOnly: true, + type: { + name: "String" + } + }, + aadUserId: { + serializedName: "properties.aadUserId", + readOnly: true, + type: { + name: "String" + } + }, + accountName: { + serializedName: "properties.accountName", + readOnly: true, + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + readOnly: true, + type: { + name: "String" + } + }, + hostEntityId: { + serializedName: "properties.hostEntityId", + readOnly: true, + type: { + name: "String" + } + }, + isDomainJoined: { + serializedName: "properties.isDomainJoined", + readOnly: true, + type: { + name: "Boolean" + } + }, + ntDomain: { + serializedName: "properties.ntDomain", + readOnly: true, + type: { + name: "String" + } + }, + objectGuid: { + serializedName: "properties.objectGuid", + readOnly: true, + type: { + name: "Uuid" + } + }, + puid: { + serializedName: "properties.puid", + readOnly: true, + type: { + name: "String" + } + }, + sid: { + serializedName: "properties.sid", + readOnly: true, + type: { + name: "String" + } + }, + upnSuffix: { + serializedName: "properties.upnSuffix", + readOnly: true, + type: { + name: "String" + } + }, + dnsDomain: { + serializedName: "properties.dnsDomain", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const AzureResourceEntity: coreClient.CompositeMapper = { + serializedName: "AzureResource", + type: { + name: "Composite", + className: "AzureResourceEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + resourceId: { + serializedName: "properties.resourceId", + readOnly: true, + type: { + name: "String" + } + }, + subscriptionId: { + serializedName: "properties.subscriptionId", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const CloudApplicationEntity: coreClient.CompositeMapper = { + serializedName: "CloudApplication", + type: { + name: "Composite", + className: "CloudApplicationEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + appId: { + serializedName: "properties.appId", + readOnly: true, + type: { + name: "Number" + } + }, + appName: { + serializedName: "properties.appName", + readOnly: true, + type: { + name: "String" + } + }, + instanceName: { + serializedName: "properties.instanceName", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const DnsEntity: coreClient.CompositeMapper = { + serializedName: "DnsResolution", + type: { + name: "Composite", + className: "DnsEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + dnsServerIpEntityId: { + serializedName: "properties.dnsServerIpEntityId", + readOnly: true, + type: { + name: "String" + } + }, + domainName: { + serializedName: "properties.domainName", + readOnly: true, + type: { + name: "String" + } + }, + hostIpAddressEntityId: { + serializedName: "properties.hostIpAddressEntityId", + readOnly: true, + type: { + name: "String" + } + }, + ipAddressEntityIds: { + serializedName: "properties.ipAddressEntityIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const FileEntity: coreClient.CompositeMapper = { + serializedName: "File", + type: { + name: "Composite", + className: "FileEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + directory: { + serializedName: "properties.directory", + readOnly: true, + type: { + name: "String" + } + }, + fileHashEntityIds: { + serializedName: "properties.fileHashEntityIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + fileName: { + serializedName: "properties.fileName", + readOnly: true, + type: { + name: "String" + } + }, + hostEntityId: { + serializedName: "properties.hostEntityId", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const FileHashEntity: coreClient.CompositeMapper = { + serializedName: "FileHash", + type: { + name: "Composite", + className: "FileHashEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + algorithm: { + serializedName: "properties.algorithm", + readOnly: true, + type: { + name: "String" + } + }, + hashValue: { + serializedName: "properties.hashValue", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const HostEntity: coreClient.CompositeMapper = { + serializedName: "Host", + type: { + name: "Composite", + className: "HostEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + azureID: { + serializedName: "properties.azureID", + readOnly: true, + type: { + name: "String" + } + }, + dnsDomain: { + serializedName: "properties.dnsDomain", + readOnly: true, + type: { + name: "String" + } + }, + hostName: { + serializedName: "properties.hostName", + readOnly: true, + type: { + name: "String" + } + }, + isDomainJoined: { + serializedName: "properties.isDomainJoined", + readOnly: true, + type: { + name: "Boolean" + } + }, + netBiosName: { + serializedName: "properties.netBiosName", + readOnly: true, + type: { + name: "String" + } + }, + ntDomain: { + serializedName: "properties.ntDomain", + readOnly: true, + type: { + name: "String" + } + }, + omsAgentID: { + serializedName: "properties.omsAgentID", + readOnly: true, + type: { + name: "String" + } + }, + osFamily: { + serializedName: "properties.osFamily", + type: { + name: "Enum", + allowedValues: ["Linux", "Windows", "Android", "IOS", "Unknown"] + } + }, + osVersion: { + serializedName: "properties.osVersion", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const IoTDeviceEntity: coreClient.CompositeMapper = { + serializedName: "IoTDevice", + type: { + name: "Composite", + className: "IoTDeviceEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + deviceId: { + serializedName: "properties.deviceId", + readOnly: true, + type: { + name: "String" + } + }, + deviceName: { + serializedName: "properties.deviceName", + readOnly: true, + type: { + name: "String" + } + }, + source: { + serializedName: "properties.source", + readOnly: true, + type: { + name: "String" + } + }, + iotSecurityAgentId: { + serializedName: "properties.iotSecurityAgentId", + readOnly: true, + type: { + name: "Uuid" + } + }, + deviceType: { + serializedName: "properties.deviceType", + readOnly: true, + type: { + name: "String" + } + }, + vendor: { + serializedName: "properties.vendor", + readOnly: true, + type: { + name: "String" + } + }, + edgeId: { + serializedName: "properties.edgeId", + readOnly: true, + type: { + name: "String" + } + }, + macAddress: { + serializedName: "properties.macAddress", + readOnly: true, + type: { + name: "String" + } + }, + model: { + serializedName: "properties.model", + readOnly: true, + type: { + name: "String" + } + }, + serialNumber: { + serializedName: "properties.serialNumber", + readOnly: true, + type: { + name: "String" + } + }, + firmwareVersion: { + serializedName: "properties.firmwareVersion", + readOnly: true, + type: { + name: "String" + } + }, + operatingSystem: { + serializedName: "properties.operatingSystem", + readOnly: true, + type: { + name: "String" + } + }, + iotHubEntityId: { + serializedName: "properties.iotHubEntityId", + readOnly: true, + type: { + name: "String" + } + }, + hostEntityId: { + serializedName: "properties.hostEntityId", + readOnly: true, + type: { + name: "String" + } + }, + ipAddressEntityId: { + serializedName: "properties.ipAddressEntityId", + readOnly: true, + type: { + name: "String" + } + }, + threatIntelligence: { + serializedName: "properties.threatIntelligence", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligence" + } + } + } + }, + protocols: { + serializedName: "properties.protocols", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const IpEntity: coreClient.CompositeMapper = { + serializedName: "Ip", + type: { + name: "Composite", + className: "IpEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + address: { + serializedName: "properties.address", + readOnly: true, + type: { + name: "String" + } + }, + location: { + serializedName: "properties.location", + type: { + name: "Composite", + className: "GeoLocation" + } + }, + threatIntelligence: { + serializedName: "properties.threatIntelligence", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligence" + } + } + } + } + } + } +}; + +export const MailboxEntity: coreClient.CompositeMapper = { + serializedName: "Mailbox", + type: { + name: "Composite", + className: "MailboxEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + mailboxPrimaryAddress: { + serializedName: "properties.mailboxPrimaryAddress", + readOnly: true, + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + readOnly: true, + type: { + name: "String" + } + }, + upn: { + serializedName: "properties.upn", + readOnly: true, + type: { + name: "String" + } + }, + externalDirectoryObjectId: { + serializedName: "properties.externalDirectoryObjectId", + readOnly: true, + type: { + name: "Uuid" + } + } + } + } +}; + +export const MailClusterEntity: coreClient.CompositeMapper = { + serializedName: "MailCluster", + type: { + name: "Composite", + className: "MailClusterEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + networkMessageIds: { + serializedName: "properties.networkMessageIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + countByDeliveryStatus: { + serializedName: "properties.countByDeliveryStatus", + readOnly: true, + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + countByThreatType: { + serializedName: "properties.countByThreatType", + readOnly: true, + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + countByProtectionStatus: { + serializedName: "properties.countByProtectionStatus", + readOnly: true, + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + threats: { + serializedName: "properties.threats", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + query: { + serializedName: "properties.query", + readOnly: true, + type: { + name: "String" + } + }, + queryTime: { + serializedName: "properties.queryTime", + readOnly: true, + type: { + name: "DateTime" + } + }, + mailCount: { + serializedName: "properties.mailCount", + readOnly: true, + type: { + name: "Number" + } + }, + isVolumeAnomaly: { + serializedName: "properties.isVolumeAnomaly", + readOnly: true, + type: { + name: "Boolean" + } + }, + source: { + serializedName: "properties.source", + readOnly: true, + type: { + name: "String" + } + }, + clusterSourceIdentifier: { + serializedName: "properties.clusterSourceIdentifier", + readOnly: true, + type: { + name: "String" + } + }, + clusterSourceType: { + serializedName: "properties.clusterSourceType", + readOnly: true, + type: { + name: "String" + } + }, + clusterQueryStartTime: { + serializedName: "properties.clusterQueryStartTime", + readOnly: true, + type: { + name: "DateTime" + } + }, + clusterQueryEndTime: { + serializedName: "properties.clusterQueryEndTime", + readOnly: true, + type: { + name: "DateTime" + } + }, + clusterGroup: { + serializedName: "properties.clusterGroup", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const MailMessageEntity: coreClient.CompositeMapper = { + serializedName: "MailMessage", + type: { + name: "Composite", + className: "MailMessageEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + fileEntityIds: { + serializedName: "properties.fileEntityIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + recipient: { + serializedName: "properties.recipient", + readOnly: true, + type: { + name: "String" + } + }, + urls: { + serializedName: "properties.urls", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + threats: { + serializedName: "properties.threats", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + p1Sender: { + serializedName: "properties.p1Sender", + readOnly: true, + type: { + name: "String" + } + }, + p1SenderDisplayName: { + serializedName: "properties.p1SenderDisplayName", + readOnly: true, + type: { + name: "String" + } + }, + p1SenderDomain: { + serializedName: "properties.p1SenderDomain", + readOnly: true, + type: { + name: "String" + } + }, + senderIP: { + serializedName: "properties.senderIP", + readOnly: true, + type: { + name: "String" + } + }, + p2Sender: { + serializedName: "properties.p2Sender", + readOnly: true, + type: { + name: "String" + } + }, + p2SenderDisplayName: { + serializedName: "properties.p2SenderDisplayName", + readOnly: true, + type: { + name: "String" + } + }, + p2SenderDomain: { + serializedName: "properties.p2SenderDomain", + readOnly: true, + type: { + name: "String" + } + }, + receiveDate: { + serializedName: "properties.receiveDate", + readOnly: true, + type: { + name: "DateTime" + } + }, + networkMessageId: { + serializedName: "properties.networkMessageId", + readOnly: true, + type: { + name: "Uuid" + } + }, + internetMessageId: { + serializedName: "properties.internetMessageId", + readOnly: true, + type: { + name: "String" + } + }, + subject: { + serializedName: "properties.subject", + readOnly: true, + type: { + name: "String" + } + }, + language: { + serializedName: "properties.language", + readOnly: true, + type: { + name: "String" + } + }, + threatDetectionMethods: { + serializedName: "properties.threatDetectionMethods", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + bodyFingerprintBin1: { + serializedName: "properties.bodyFingerprintBin1", + type: { + name: "Number" + } + }, + bodyFingerprintBin2: { + serializedName: "properties.bodyFingerprintBin2", + type: { + name: "Number" + } + }, + bodyFingerprintBin3: { + serializedName: "properties.bodyFingerprintBin3", + type: { + name: "Number" + } + }, + bodyFingerprintBin4: { + serializedName: "properties.bodyFingerprintBin4", + type: { + name: "Number" + } + }, + bodyFingerprintBin5: { + serializedName: "properties.bodyFingerprintBin5", + type: { + name: "Number" + } + }, + antispamDirection: { + serializedName: "properties.antispamDirection", + type: { + name: "String" + } + }, + deliveryAction: { + serializedName: "properties.deliveryAction", + type: { + name: "Enum", + allowedValues: [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ] + } + }, + deliveryLocation: { + serializedName: "properties.deliveryLocation", + type: { + name: "Enum", + allowedValues: [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ] + } + } + } + } +}; + +export const MalwareEntity: coreClient.CompositeMapper = { + serializedName: "Malware", + type: { + name: "Composite", + className: "MalwareEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + category: { + serializedName: "properties.category", + readOnly: true, + type: { + name: "String" + } + }, + fileEntityIds: { + serializedName: "properties.fileEntityIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + malwareName: { + serializedName: "properties.malwareName", + readOnly: true, + type: { + name: "String" + } + }, + processEntityIds: { + serializedName: "properties.processEntityIds", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ProcessEntity: coreClient.CompositeMapper = { + serializedName: "Process", + type: { + name: "Composite", + className: "ProcessEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + accountEntityId: { + serializedName: "properties.accountEntityId", + readOnly: true, + type: { + name: "String" + } + }, + commandLine: { + serializedName: "properties.commandLine", + readOnly: true, + type: { + name: "String" + } + }, + creationTimeUtc: { + serializedName: "properties.creationTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + elevationToken: { + serializedName: "properties.elevationToken", + type: { + name: "Enum", + allowedValues: ["Default", "Full", "Limited"] + } + }, + hostEntityId: { + serializedName: "properties.hostEntityId", + readOnly: true, + type: { + name: "String" + } + }, + hostLogonSessionEntityId: { + serializedName: "properties.hostLogonSessionEntityId", + readOnly: true, + type: { + name: "String" + } + }, + imageFileEntityId: { + serializedName: "properties.imageFileEntityId", + readOnly: true, + type: { + name: "String" + } + }, + parentProcessEntityId: { + serializedName: "properties.parentProcessEntityId", + readOnly: true, + type: { + name: "String" + } + }, + processId: { + serializedName: "properties.processId", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const RegistryKeyEntity: coreClient.CompositeMapper = { + serializedName: "RegistryKey", + type: { + name: "Composite", + className: "RegistryKeyEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + hive: { + serializedName: "properties.hive", + readOnly: true, + type: { + name: "String" + } + }, + key: { + serializedName: "properties.key", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const RegistryValueEntity: coreClient.CompositeMapper = { + serializedName: "RegistryValue", + type: { + name: "Composite", + className: "RegistryValueEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + keyEntityId: { + serializedName: "properties.keyEntityId", + readOnly: true, + type: { + name: "String" + } + }, + valueData: { + serializedName: "properties.valueData", + readOnly: true, + type: { + name: "String" + } + }, + valueName: { + serializedName: "properties.valueName", + readOnly: true, + type: { + name: "String" + } + }, + valueType: { + serializedName: "properties.valueType", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const SecurityGroupEntity: coreClient.CompositeMapper = { + serializedName: "SecurityGroup", + type: { + name: "Composite", + className: "SecurityGroupEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + distinguishedName: { + serializedName: "properties.distinguishedName", + readOnly: true, + type: { + name: "String" + } + }, + objectGuid: { + serializedName: "properties.objectGuid", + readOnly: true, + type: { + name: "Uuid" + } + }, + sid: { + serializedName: "properties.sid", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const SubmissionMailEntity: coreClient.CompositeMapper = { + serializedName: "SubmissionMail", + type: { + name: "Composite", + className: "SubmissionMailEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + networkMessageId: { + serializedName: "properties.networkMessageId", + readOnly: true, + type: { + name: "Uuid" + } + }, + submissionId: { + serializedName: "properties.submissionId", + readOnly: true, + type: { + name: "Uuid" + } + }, + submitter: { + serializedName: "properties.submitter", + readOnly: true, + type: { + name: "String" + } + }, + submissionDate: { + serializedName: "properties.submissionDate", + readOnly: true, + type: { + name: "DateTime" + } + }, + timestamp: { + serializedName: "properties.timestamp", + readOnly: true, + type: { + name: "DateTime" + } + }, + recipient: { + serializedName: "properties.recipient", + readOnly: true, + type: { + name: "String" + } + }, + sender: { + serializedName: "properties.sender", + readOnly: true, + type: { + name: "String" + } + }, + senderIp: { + serializedName: "properties.senderIp", + readOnly: true, + type: { + name: "String" + } + }, + subject: { + serializedName: "properties.subject", + readOnly: true, + type: { + name: "String" + } + }, + reportType: { + serializedName: "properties.reportType", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const UrlEntity: coreClient.CompositeMapper = { + serializedName: "Url", + type: { + name: "Composite", + className: "UrlEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + url: { + serializedName: "properties.url", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const ActivityEntityQueryTemplate: coreClient.CompositeMapper = { + serializedName: "Activity", + type: { + name: "Composite", + className: "ActivityEntityQueryTemplate", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...EntityQueryTemplate.type.modelProperties, + title: { + serializedName: "properties.title", + type: { + name: "String" + } + }, + content: { + serializedName: "properties.content", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + queryDefinitions: { + serializedName: "properties.queryDefinitions", + type: { + name: "Composite", + className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "DataTypeDefinitions" + } + } + } + }, + inputEntityType: { + serializedName: "properties.inputEntityType", + type: { + name: "String" + } + }, + requiredInputFieldsSets: { + serializedName: "properties.requiredInputFieldsSets", + type: { + name: "Sequence", + element: { + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + }, + entitiesFilter: { + serializedName: "properties.entitiesFilter", + type: { + name: "Dictionary", + value: { + type: { name: "Sequence", element: { type: { name: "String" } } } + } + } + } + } + } +}; + +export const ThreatIntelligenceIndicatorModel: coreClient.CompositeMapper = { + serializedName: "indicator", + type: { + name: "Composite", + className: "ThreatIntelligenceIndicatorModel", + uberParent: "ThreatIntelligenceResourceKind", + polymorphicDiscriminator: + ThreatIntelligenceResourceKind.type.polymorphicDiscriminator, + modelProperties: { + ...ThreatIntelligenceInformation.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + threatIntelligenceTags: { + serializedName: "properties.threatIntelligenceTags", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + lastUpdatedTimeUtc: { + serializedName: "properties.lastUpdatedTimeUtc", + type: { + name: "String" + } + }, + source: { + serializedName: "properties.source", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + indicatorTypes: { + serializedName: "properties.indicatorTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + pattern: { + serializedName: "properties.pattern", + type: { + name: "String" + } + }, + patternType: { + serializedName: "properties.patternType", + type: { + name: "String" + } + }, + patternVersion: { + serializedName: "properties.patternVersion", + type: { + name: "String" + } + }, + killChainPhases: { + serializedName: "properties.killChainPhases", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceKillChainPhase" + } + } + } + }, + parsedPattern: { + serializedName: "properties.parsedPattern", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPattern" + } + } + } + }, + externalId: { + serializedName: "properties.externalId", + type: { + name: "String" + } + }, + createdByRef: { + serializedName: "properties.createdByRef", + type: { + name: "String" + } + }, + defanged: { + serializedName: "properties.defanged", + type: { + name: "Boolean" + } + }, + externalLastUpdatedTimeUtc: { + serializedName: "properties.externalLastUpdatedTimeUtc", + type: { + name: "String" + } + }, + externalReferences: { + serializedName: "properties.externalReferences", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceExternalReference" + } + } + } + }, + granularMarkings: { + serializedName: "properties.granularMarkings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceGranularMarkingModel" + } + } + } + }, + labels: { + serializedName: "properties.labels", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + revoked: { + serializedName: "properties.revoked", + type: { + name: "Boolean" + } + }, + confidence: { + serializedName: "properties.confidence", + type: { + name: "Number" + } + }, + objectMarkingRefs: { + serializedName: "properties.objectMarkingRefs", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + language: { + serializedName: "properties.language", + type: { + name: "String" + } + }, + threatTypes: { + serializedName: "properties.threatTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + validFrom: { + serializedName: "properties.validFrom", + type: { + name: "String" + } + }, + validUntil: { + serializedName: "properties.validUntil", + type: { + name: "String" + } + }, + created: { + serializedName: "properties.created", + type: { + name: "String" + } + }, + modified: { + serializedName: "properties.modified", + type: { + name: "String" + } + }, + extensions: { + serializedName: "properties.extensions", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } +}; + +export const PermissionsCustomsItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "PermissionsCustomsItem", + modelProperties: { + ...Customs.type.modelProperties + } + } +}; + +export const MLBehaviorAnalyticsAlertRule: coreClient.CompositeMapper = { + serializedName: "MLBehaviorAnalytics", + type: { + name: "Composite", + className: "MLBehaviorAnalyticsAlertRule", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRule.type.modelProperties, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + readOnly: true, + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + readOnly: true, + type: { + name: "String" + } + }, + enabled: { + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + severity: { + serializedName: "properties.severity", + readOnly: true, + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const FusionAlertRule: coreClient.CompositeMapper = { + serializedName: "Fusion", + type: { + name: "Composite", + className: "FusionAlertRule", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRule.type.modelProperties, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + readOnly: true, + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + readOnly: true, + type: { + name: "String" + } + }, + enabled: { + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + severity: { + serializedName: "properties.severity", + readOnly: true, + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceAlertRule: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligence", + type: { + name: "Composite", + className: "ThreatIntelligenceAlertRule", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRule.type.modelProperties, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + readOnly: true, + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + readOnly: true, + type: { + name: "String" + } + }, + enabled: { + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + severity: { + serializedName: "properties.severity", + readOnly: true, + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRule: coreClient.CompositeMapper = { + serializedName: "MicrosoftSecurityIncidentCreation", + type: { + name: "Composite", + className: "MicrosoftSecurityIncidentCreationAlertRule", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRule.type.modelProperties, + displayNamesFilter: { + serializedName: "properties.displayNamesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + displayNamesExcludeFilter: { + serializedName: "properties.displayNamesExcludeFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + productFilter: { + serializedName: "properties.productFilter", + type: { + name: "String" + } + }, + severitiesFilter: { + serializedName: "properties.severitiesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + enabled: { + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + } + } + } +}; + +export const ScheduledAlertRule: coreClient.CompositeMapper = { + serializedName: "Scheduled", + type: { + name: "Composite", + className: "ScheduledAlertRule", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRule.type.modelProperties, + queryFrequency: { + serializedName: "properties.queryFrequency", + type: { + name: "TimeSpan" + } + }, + queryPeriod: { + serializedName: "properties.queryPeriod", + type: { + name: "TimeSpan" + } + }, + triggerOperator: { + serializedName: "properties.triggerOperator", + type: { + name: "Enum", + allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] + } + }, + triggerThreshold: { + serializedName: "properties.triggerThreshold", + type: { + name: "Number" + } + }, + eventGroupingSettings: { + serializedName: "properties.eventGroupingSettings", + type: { + name: "Composite", + className: "EventGroupingSettings" + } + }, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", + type: { + name: "String" + } + }, + templateVersion: { + serializedName: "properties.templateVersion", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + enabled: { + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + suppressionDuration: { + serializedName: "properties.suppressionDuration", + type: { + name: "TimeSpan" + } + }, + suppressionEnabled: { + serializedName: "properties.suppressionEnabled", + type: { + name: "Boolean" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + incidentConfiguration: { + serializedName: "properties.incidentConfiguration", + type: { + name: "Composite", + className: "IncidentConfiguration" + } + }, + customDetails: { + serializedName: "properties.customDetails", + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + }, + entityMappings: { + serializedName: "properties.entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityMapping" + } + } + } + }, + alertDetailsOverride: { + serializedName: "properties.alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } + } + } + } +}; + +export const NrtAlertRule: coreClient.CompositeMapper = { + serializedName: "NRT", + type: { + name: "Composite", + className: "NrtAlertRule", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRule.type.modelProperties, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", + type: { + name: "String" + } + }, + templateVersion: { + serializedName: "properties.templateVersion", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + enabled: { + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + suppressionDuration: { + serializedName: "properties.suppressionDuration", + type: { + name: "TimeSpan" + } + }, + suppressionEnabled: { + serializedName: "properties.suppressionEnabled", + type: { + name: "Boolean" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + incidentConfiguration: { + serializedName: "properties.incidentConfiguration", + type: { + name: "Composite", + className: "IncidentConfiguration" + } + }, + customDetails: { + serializedName: "properties.customDetails", + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + }, + entityMappings: { + serializedName: "properties.entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityMapping" + } + } + } + }, + alertDetailsOverride: { + serializedName: "properties.alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } + } + } + } +}; + +export const ExpansionEntityQuery: coreClient.CompositeMapper = { + serializedName: "Expansion", + type: { + name: "Composite", + className: "ExpansionEntityQuery", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...EntityQuery.type.modelProperties, + dataSources: { + serializedName: "properties.dataSources", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + inputEntityType: { + serializedName: "properties.inputEntityType", + type: { + name: "String" + } + }, + inputFields: { + serializedName: "properties.inputFields", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + outputEntityTypes: { + serializedName: "properties.outputEntityTypes", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + queryTemplate: { + serializedName: "properties.queryTemplate", + type: { + name: "String" + } + } + } + } +}; + +export const ActivityEntityQuery: coreClient.CompositeMapper = { + serializedName: "Activity", + type: { + name: "Composite", + className: "ActivityEntityQuery", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...EntityQuery.type.modelProperties, + title: { + serializedName: "properties.title", + type: { + name: "String" + } + }, + content: { + serializedName: "properties.content", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + queryDefinitions: { + serializedName: "properties.queryDefinitions", + type: { + name: "Composite", + className: "ActivityEntityQueriesPropertiesQueryDefinitions" + } + }, + inputEntityType: { + serializedName: "properties.inputEntityType", + type: { + name: "String" + } + }, + requiredInputFieldsSets: { + serializedName: "properties.requiredInputFieldsSets", + type: { + name: "Sequence", + element: { + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + }, + entitiesFilter: { + serializedName: "properties.entitiesFilter", + type: { + name: "Dictionary", + value: { + type: { name: "Sequence", element: { type: { name: "String" } } } + } + } + }, + templateName: { + serializedName: "properties.templateName", + type: { + name: "String" + } + }, + enabled: { + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + } + } + } +}; + +export const ActivityCustomEntityQuery: coreClient.CompositeMapper = { + serializedName: "Activity", + type: { + name: "Composite", + className: "ActivityCustomEntityQuery", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...CustomEntityQuery.type.modelProperties, + title: { + serializedName: "properties.title", + type: { + name: "String" + } + }, + content: { + serializedName: "properties.content", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + queryDefinitions: { + serializedName: "properties.queryDefinitions", + type: { + name: "Composite", + className: "ActivityEntityQueriesPropertiesQueryDefinitions" + } + }, + inputEntityType: { + serializedName: "properties.inputEntityType", + type: { + name: "String" + } + }, + requiredInputFieldsSets: { + serializedName: "properties.requiredInputFieldsSets", + type: { + name: "Sequence", + element: { + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + }, + entitiesFilter: { + serializedName: "properties.entitiesFilter", + type: { + name: "Dictionary", + value: { + type: { name: "Sequence", element: { type: { name: "String" } } } + } + } + }, + templateName: { + serializedName: "properties.templateName", + type: { + name: "String" + } + }, + enabled: { + serializedName: "properties.enabled", + type: { + name: "Boolean" + } + }, + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + } + } + } +}; + +export const Anomalies: coreClient.CompositeMapper = { + serializedName: "Anomalies", + type: { + name: "Composite", + className: "Anomalies", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Settings.type.modelProperties, + isEnabled: { + serializedName: "properties.isEnabled", + readOnly: true, + type: { + name: "Boolean" + } + } + } + } +}; + +export const EyesOn: coreClient.CompositeMapper = { + serializedName: "EyesOn", + type: { + name: "Composite", + className: "EyesOn", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Settings.type.modelProperties, + isEnabled: { + serializedName: "properties.isEnabled", + readOnly: true, + type: { + name: "Boolean" + } + } + } + } +}; + +export const EntityAnalytics: coreClient.CompositeMapper = { + serializedName: "EntityAnalytics", + type: { + name: "Composite", + className: "EntityAnalytics", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Settings.type.modelProperties, + isEnabled: { + serializedName: "properties.isEnabled", + readOnly: true, + type: { + name: "Boolean" + } + } + } + } +}; + +export const Ueba: coreClient.CompositeMapper = { + serializedName: "Ueba", + type: { + name: "Composite", + className: "Ueba", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Settings.type.modelProperties, + dataSources: { + serializedName: "properties.dataSources", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const AADDataConnector: coreClient.CompositeMapper = { + serializedName: "AzureActiveDirectory", + type: { + name: "Composite", + className: "AADDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "AlertsDataTypeOfDataConnector" + } + } + } + } +}; + +export const MstiDataConnector: coreClient.CompositeMapper = { + serializedName: "MicrosoftThreatIntelligence", + type: { + name: "Composite", + className: "MstiDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "MstiDataConnectorDataTypes" + } + } + } + } +}; + +export const MTPDataConnector: coreClient.CompositeMapper = { + serializedName: "MicrosoftThreatProtection", + type: { + name: "Composite", + className: "MTPDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "MTPDataConnectorDataTypes" + } + } + } + } +}; + +export const AatpDataConnector: coreClient.CompositeMapper = { + serializedName: "AzureAdvancedThreatProtection", + type: { + name: "Composite", + className: "AatpDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "AlertsDataTypeOfDataConnector" + } + } + } + } +}; + +export const ASCDataConnector: coreClient.CompositeMapper = { + serializedName: "AzureSecurityCenter", + type: { + name: "Composite", + className: "ASCDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "AlertsDataTypeOfDataConnector" + } + }, + subscriptionId: { + serializedName: "properties.subscriptionId", + type: { + name: "String" + } + } + } + } +}; + +export const AwsCloudTrailDataConnector: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesCloudTrail", + type: { + name: "Composite", + className: "AwsCloudTrailDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + awsRoleArn: { + serializedName: "properties.awsRoleArn", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "AwsCloudTrailDataConnectorDataTypes" + } + } + } + } +}; + +export const AwsS3DataConnector: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesS3", + type: { + name: "Composite", + className: "AwsS3DataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + destinationTable: { + serializedName: "properties.destinationTable", + type: { + name: "String" + } + }, + sqsUrls: { + serializedName: "properties.sqsUrls", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + roleArn: { + serializedName: "properties.roleArn", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "AwsS3DataConnectorDataTypes" + } + } + } + } +}; + +export const McasDataConnector: coreClient.CompositeMapper = { + serializedName: "MicrosoftCloudAppSecurity", + type: { + name: "Composite", + className: "McasDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "McasDataConnectorDataTypes" + } + } + } + } +}; + +export const Dynamics365DataConnector: coreClient.CompositeMapper = { + serializedName: "Dynamics365", + type: { + name: "Composite", + className: "Dynamics365DataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "Dynamics365DataConnectorDataTypes" + } + } + } + } +}; + +export const OfficeATPDataConnector: coreClient.CompositeMapper = { + serializedName: "OfficeATP", + type: { + name: "Composite", + className: "OfficeATPDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "AlertsDataTypeOfDataConnector" + } + } + } + } +}; + +export const Office365ProjectDataConnector: coreClient.CompositeMapper = { + serializedName: "Office365Project", + type: { + name: "Composite", + className: "Office365ProjectDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes" + } + } + } + } +}; + +export const OfficePowerBIDataConnector: coreClient.CompositeMapper = { + serializedName: "OfficePowerBI", + type: { + name: "Composite", + className: "OfficePowerBIDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes" + } + } + } + } +}; + +export const OfficeIRMDataConnector: coreClient.CompositeMapper = { + serializedName: "OfficeIRM", + type: { + name: "Composite", + className: "OfficeIRMDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "AlertsDataTypeOfDataConnector" + } + } + } + } +}; + +export const MdatpDataConnector: coreClient.CompositeMapper = { + serializedName: "MicrosoftDefenderAdvancedThreatProtection", + type: { + name: "Composite", + className: "MdatpDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "AlertsDataTypeOfDataConnector" + } + } + } + } +}; + +export const OfficeDataConnector: coreClient.CompositeMapper = { + serializedName: "Office365", + type: { + name: "Composite", + className: "OfficeDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "OfficeDataConnectorDataTypes" + } + } + } + } +}; + +export const TIDataConnector: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligence", + type: { + name: "Composite", + className: "TIDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + tipLookbackPeriod: { + serializedName: "properties.tipLookbackPeriod", + nullable: true, + type: { + name: "DateTime" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "TIDataConnectorDataTypes" + } + } + } + } +}; + +export const TiTaxiiDataConnector: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligenceTaxii", + type: { + name: "Composite", + className: "TiTaxiiDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + workspaceId: { + serializedName: "properties.workspaceId", + type: { + name: "String" + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + type: { + name: "String" + } + }, + taxiiServer: { + serializedName: "properties.taxiiServer", + type: { + name: "String" + } + }, + collectionId: { + serializedName: "properties.collectionId", + type: { + name: "String" + } + }, + userName: { + serializedName: "properties.userName", + type: { + name: "String" + } + }, + password: { + serializedName: "properties.password", + type: { + name: "String" + } + }, + taxiiLookbackPeriod: { + serializedName: "properties.taxiiLookbackPeriod", + nullable: true, + type: { + name: "DateTime" + } + }, + pollingFrequency: { + serializedName: "properties.pollingFrequency", + nullable: true, + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "TiTaxiiDataConnectorDataTypes" + } + } + } + } +}; + +export const CodelessUiDataConnector: coreClient.CompositeMapper = { + serializedName: "GenericUI", + type: { + name: "Composite", + className: "CodelessUiDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + connectorUiConfig: { + serializedName: "properties.connectorUiConfig", + type: { + name: "Composite", + className: "CodelessUiConnectorConfigProperties" + } + } + } + } +}; + +export const CodelessApiPollingDataConnector: coreClient.CompositeMapper = { + serializedName: "APIPolling", + type: { + name: "Composite", + className: "CodelessApiPollingDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + connectorUiConfig: { + serializedName: "properties.connectorUiConfig", + type: { + name: "Composite", + className: "CodelessUiConnectorConfigProperties" + } + }, + pollingConfig: { + serializedName: "properties.pollingConfig", + type: { + name: "Composite", + className: "CodelessConnectorPollingConfigProperties" + } + } + } + } +}; + +export let discriminators = { + AutomationRuleCondition: AutomationRuleCondition, + AutomationRuleAction: AutomationRuleAction, + EntityTimelineItem: EntityTimelineItem, + EntityQueryItem: EntityQueryItem, + DataConnectorsCheckRequirements: DataConnectorsCheckRequirements, + "Resource.AlertRuleTemplate": AlertRuleTemplate, + "Resource.Entity": Entity, + "Resource.EntityQueryTemplate": EntityQueryTemplate, + "AutomationRuleCondition.Property": PropertyConditionProperties, + "AutomationRuleAction.ModifyProperties": AutomationRuleModifyPropertiesAction, + "AutomationRuleAction.RunPlaybook": AutomationRuleRunPlaybookAction, + "EntityTimelineItem.Activity": ActivityTimelineItem, + "EntityTimelineItem.Bookmark": BookmarkTimelineItem, + "EntityTimelineItem.SecurityAlert": SecurityAlertTimelineItem, + "EntityQueryItem.Insight": InsightQueryItem, + "ThreatIntelligenceResourceKind.ThreatIntelligenceInformation": ThreatIntelligenceInformation, + "DataConnectorsCheckRequirements.AzureActiveDirectory": AADCheckRequirements, + "DataConnectorsCheckRequirements.AzureAdvancedThreatProtection": AatpCheckRequirements, + "DataConnectorsCheckRequirements.AzureSecurityCenter": ASCCheckRequirements, + "DataConnectorsCheckRequirements.AmazonWebServicesCloudTrail": AwsCloudTrailCheckRequirements, + "DataConnectorsCheckRequirements.AmazonWebServicesS3": AwsS3CheckRequirements, + "DataConnectorsCheckRequirements.Dynamics365": Dynamics365CheckRequirements, + "DataConnectorsCheckRequirements.MicrosoftCloudAppSecurity": McasCheckRequirements, + "DataConnectorsCheckRequirements.MicrosoftDefenderAdvancedThreatProtection": MdatpCheckRequirements, + "DataConnectorsCheckRequirements.MicrosoftThreatIntelligence": MstiCheckRequirements, + "DataConnectorsCheckRequirements.MicrosoftThreatProtection": MtpCheckRequirements, + "DataConnectorsCheckRequirements.OfficeATP": OfficeATPCheckRequirements, + "DataConnectorsCheckRequirements.OfficeIRM": OfficeIRMCheckRequirements, + "DataConnectorsCheckRequirements.Office365Project": Office365ProjectCheckRequirements, + "DataConnectorsCheckRequirements.OfficePowerBI": OfficePowerBICheckRequirements, + "DataConnectorsCheckRequirements.ThreatIntelligence": TICheckRequirements, + "DataConnectorsCheckRequirements.ThreatIntelligenceTaxii": TiTaxiiCheckRequirements, + "Resource.AlertRule": AlertRule, + "Resource.EntityQuery": EntityQuery, + "Resource.CustomEntityQuery": CustomEntityQuery, + "Resource.Settings": Settings, + "Resource.DataConnector": DataConnector, + "Resource.MLBehaviorAnalytics": MLBehaviorAnalyticsAlertRule, + "Resource.Fusion": FusionAlertRule, + "Resource.ThreatIntelligence": TIDataConnector, + "Resource.MicrosoftSecurityIncidentCreation": MicrosoftSecurityIncidentCreationAlertRule, + "Resource.Scheduled": ScheduledAlertRule, + "Resource.NRT": NrtAlertRule, + "Resource.SecurityAlert": SecurityAlert, + "Resource.Bookmark": HuntingBookmark, + "Resource.Account": AccountEntity, + "Resource.AzureResource": AzureResourceEntity, + "Resource.CloudApplication": CloudApplicationEntity, + "Resource.DnsResolution": DnsEntity, + "Resource.File": FileEntity, + "Resource.FileHash": FileHashEntity, + "Resource.Host": HostEntity, + "Resource.IoTDevice": IoTDeviceEntity, + "Resource.Ip": IpEntity, + "Resource.Mailbox": MailboxEntity, + "Resource.MailCluster": MailClusterEntity, + "Resource.MailMessage": MailMessageEntity, + "Resource.Malware": MalwareEntity, + "Resource.Process": ProcessEntity, + "Resource.RegistryKey": RegistryKeyEntity, + "Resource.RegistryValue": RegistryValueEntity, + "Resource.SecurityGroup": SecurityGroupEntity, + "Resource.SubmissionMail": SubmissionMailEntity, + "Resource.Url": UrlEntity, + "Resource.Activity": ActivityCustomEntityQuery, + "ThreatIntelligenceResourceKind.indicator": ThreatIntelligenceIndicatorModel, + "Resource.Expansion": ExpansionEntityQuery, + "Resource.Anomalies": Anomalies, + "Resource.EyesOn": EyesOn, + "Resource.EntityAnalytics": EntityAnalytics, + "Resource.Ueba": Ueba, + "Resource.AzureActiveDirectory": AADDataConnector, + "Resource.MicrosoftThreatIntelligence": MstiDataConnector, + "Resource.MicrosoftThreatProtection": MTPDataConnector, + "Resource.AzureAdvancedThreatProtection": AatpDataConnector, + "Resource.AzureSecurityCenter": ASCDataConnector, + "Resource.AmazonWebServicesCloudTrail": AwsCloudTrailDataConnector, + "Resource.AmazonWebServicesS3": AwsS3DataConnector, + "Resource.MicrosoftCloudAppSecurity": McasDataConnector, + "Resource.Dynamics365": Dynamics365DataConnector, + "Resource.OfficeATP": OfficeATPDataConnector, + "Resource.Office365Project": Office365ProjectDataConnector, + "Resource.OfficePowerBI": OfficePowerBIDataConnector, + "Resource.OfficeIRM": OfficeIRMDataConnector, + "Resource.MicrosoftDefenderAdvancedThreatProtection": MdatpDataConnector, + "Resource.Office365": OfficeDataConnector, + "Resource.ThreatIntelligenceTaxii": TiTaxiiDataConnector, + "Resource.GenericUI": CodelessUiDataConnector, + "Resource.APIPolling": CodelessApiPollingDataConnector +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts new file mode 100644 index 000000000000..79e8d58e1239 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts @@ -0,0 +1,633 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + OperationParameter, + OperationURLParameter, + OperationQueryParameter +} from "@azure/core-client"; +import { + AlertRule as AlertRuleMapper, + ActionRequest as ActionRequestMapper, + AutomationRule as AutomationRuleMapper, + ManualTriggerRequestBody as ManualTriggerRequestBodyMapper, + Bookmark as BookmarkMapper, + Relation as RelationMapper, + BookmarkExpandParameters as BookmarkExpandParametersMapper, + EntityExpandParameters as EntityExpandParametersMapper, + EntityGetInsightsParameters as EntityGetInsightsParametersMapper, + EntityTimelineParameters as EntityTimelineParametersMapper, + CustomEntityQuery as CustomEntityQueryMapper, + Incident as IncidentMapper, + TeamProperties as TeamPropertiesMapper, + IncidentComment as IncidentCommentMapper, + MetadataModel as MetadataModelMapper, + MetadataPatch as MetadataPatchMapper, + SentinelOnboardingState as SentinelOnboardingStateMapper, + Settings as SettingsMapper, + SourceControl as SourceControlMapper, + ThreatIntelligenceIndicatorModelForRequestBody as ThreatIntelligenceIndicatorModelForRequestBodyMapper, + ThreatIntelligenceFilteringCriteria as ThreatIntelligenceFilteringCriteriaMapper, + ThreatIntelligenceAppendTags as ThreatIntelligenceAppendTagsMapper, + Watchlist as WatchlistMapper, + WatchlistItem as WatchlistItemMapper, + DataConnector as DataConnectorMapper, + DataConnectorConnectBody as DataConnectorConnectBodyMapper, + DataConnectorsCheckRequirements as DataConnectorsCheckRequirementsMapper +} from "../models/mappers"; + +export const accept: OperationParameter = { + parameterPath: "accept", + mapper: { + defaultValue: "application/json", + isConstant: true, + serializedName: "Accept", + type: { + name: "String" + } + } +}; + +export const $host: OperationURLParameter = { + parameterPath: "$host", + mapper: { + serializedName: "$host", + required: true, + type: { + name: "String" + } + }, + skipEncoding: true +}; + +export const apiVersion: OperationQueryParameter = { + parameterPath: "apiVersion", + mapper: { + defaultValue: "2021-10-01-preview", + isConstant: true, + serializedName: "api-version", + type: { + name: "String" + } + } +}; + +export const subscriptionId: OperationURLParameter = { + parameterPath: "subscriptionId", + mapper: { + constraints: { + MinLength: 1 + }, + serializedName: "subscriptionId", + required: true, + type: { + name: "String" + } + } +}; + +export const resourceGroupName: OperationURLParameter = { + parameterPath: "resourceGroupName", + mapper: { + constraints: { + MaxLength: 90, + MinLength: 1 + }, + serializedName: "resourceGroupName", + required: true, + type: { + name: "String" + } + } +}; + +export const workspaceName: OperationURLParameter = { + parameterPath: "workspaceName", + mapper: { + constraints: { + MaxLength: 90, + MinLength: 1 + }, + serializedName: "workspaceName", + required: true, + type: { + name: "String" + } + } +}; + +export const ruleId: OperationURLParameter = { + parameterPath: "ruleId", + mapper: { + serializedName: "ruleId", + required: true, + type: { + name: "String" + } + } +}; + +export const contentType: OperationParameter = { + parameterPath: ["options", "contentType"], + mapper: { + defaultValue: "application/json", + isConstant: true, + serializedName: "Content-Type", + type: { + name: "String" + } + } +}; + +export const alertRule: OperationParameter = { + parameterPath: "alertRule", + mapper: AlertRuleMapper +}; + +export const nextLink: OperationURLParameter = { + parameterPath: "nextLink", + mapper: { + serializedName: "nextLink", + required: true, + type: { + name: "String" + } + }, + skipEncoding: true +}; + +export const actionId: OperationURLParameter = { + parameterPath: "actionId", + mapper: { + serializedName: "actionId", + required: true, + type: { + name: "String" + } + } +}; + +export const action: OperationParameter = { + parameterPath: "action", + mapper: ActionRequestMapper +}; + +export const alertRuleTemplateId: OperationURLParameter = { + parameterPath: "alertRuleTemplateId", + mapper: { + serializedName: "alertRuleTemplateId", + required: true, + type: { + name: "String" + } + } +}; + +export const automationRuleId: OperationURLParameter = { + parameterPath: "automationRuleId", + mapper: { + serializedName: "automationRuleId", + required: true, + type: { + name: "String" + } + } +}; + +export const automationRuleToUpsert: OperationParameter = { + parameterPath: ["options", "automationRuleToUpsert"], + mapper: AutomationRuleMapper +}; + +export const requestBody: OperationParameter = { + parameterPath: ["options", "requestBody"], + mapper: ManualTriggerRequestBodyMapper +}; + +export const incidentIdentifier: OperationURLParameter = { + parameterPath: "incidentIdentifier", + mapper: { + serializedName: "incidentIdentifier", + required: true, + type: { + name: "String" + } + } +}; + +export const bookmarkId: OperationURLParameter = { + parameterPath: "bookmarkId", + mapper: { + serializedName: "bookmarkId", + required: true, + type: { + name: "String" + } + } +}; + +export const bookmark: OperationParameter = { + parameterPath: "bookmark", + mapper: BookmarkMapper +}; + +export const filter: OperationQueryParameter = { + parameterPath: ["options", "filter"], + mapper: { + serializedName: "$filter", + type: { + name: "String" + } + } +}; + +export const orderby: OperationQueryParameter = { + parameterPath: ["options", "orderby"], + mapper: { + serializedName: "$orderby", + type: { + name: "String" + } + } +}; + +export const top: OperationQueryParameter = { + parameterPath: ["options", "top"], + mapper: { + serializedName: "$top", + type: { + name: "Number" + } + } +}; + +export const skipToken: OperationQueryParameter = { + parameterPath: ["options", "skipToken"], + mapper: { + serializedName: "$skipToken", + type: { + name: "String" + } + } +}; + +export const relationName: OperationURLParameter = { + parameterPath: "relationName", + mapper: { + serializedName: "relationName", + required: true, + type: { + name: "String" + } + } +}; + +export const relation: OperationParameter = { + parameterPath: "relation", + mapper: RelationMapper +}; + +export const parameters: OperationParameter = { + parameterPath: "parameters", + mapper: BookmarkExpandParametersMapper +}; + +export const ipAddress: OperationQueryParameter = { + parameterPath: "ipAddress", + mapper: { + serializedName: "ipAddress", + required: true, + type: { + name: "String" + } + } +}; + +export const domain: OperationQueryParameter = { + parameterPath: "domain", + mapper: { + serializedName: "domain", + required: true, + type: { + name: "String" + } + } +}; + +export const entityId: OperationURLParameter = { + parameterPath: "entityId", + mapper: { + serializedName: "entityId", + required: true, + type: { + name: "String" + } + } +}; + +export const parameters1: OperationParameter = { + parameterPath: "parameters", + mapper: EntityExpandParametersMapper +}; + +export const kind: OperationQueryParameter = { + parameterPath: "kind", + mapper: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } +}; + +export const parameters2: OperationParameter = { + parameterPath: "parameters", + mapper: EntityGetInsightsParametersMapper +}; + +export const parameters3: OperationParameter = { + parameterPath: "parameters", + mapper: EntityTimelineParametersMapper +}; + +export const kind1: OperationQueryParameter = { + parameterPath: ["options", "kind"], + mapper: { + serializedName: "kind", + type: { + name: "String" + } + } +}; + +export const entityQueryId: OperationURLParameter = { + parameterPath: "entityQueryId", + mapper: { + serializedName: "entityQueryId", + required: true, + type: { + name: "String" + } + } +}; + +export const entityQuery: OperationParameter = { + parameterPath: "entityQuery", + mapper: CustomEntityQueryMapper +}; + +export const kind2: OperationQueryParameter = { + parameterPath: ["options", "kind"], + mapper: { + defaultValue: "Activity", + isConstant: true, + serializedName: "kind", + type: { + name: "String" + } + } +}; + +export const entityQueryTemplateId: OperationURLParameter = { + parameterPath: "entityQueryTemplateId", + mapper: { + serializedName: "entityQueryTemplateId", + required: true, + type: { + name: "String" + } + } +}; + +export const incidentId: OperationURLParameter = { + parameterPath: "incidentId", + mapper: { + serializedName: "incidentId", + required: true, + type: { + name: "String" + } + } +}; + +export const incident: OperationParameter = { + parameterPath: "incident", + mapper: IncidentMapper +}; + +export const teamProperties: OperationParameter = { + parameterPath: "teamProperties", + mapper: TeamPropertiesMapper +}; + +export const incidentCommentId: OperationURLParameter = { + parameterPath: "incidentCommentId", + mapper: { + serializedName: "incidentCommentId", + required: true, + type: { + name: "String" + } + } +}; + +export const incidentComment: OperationParameter = { + parameterPath: "incidentComment", + mapper: IncidentCommentMapper +}; + +export const skip: OperationQueryParameter = { + parameterPath: ["options", "skip"], + mapper: { + serializedName: "$skip", + type: { + name: "Number" + } + } +}; + +export const metadataName: OperationURLParameter = { + parameterPath: "metadataName", + mapper: { + serializedName: "metadataName", + required: true, + type: { + name: "String" + } + } +}; + +export const metadata: OperationParameter = { + parameterPath: "metadata", + mapper: MetadataModelMapper +}; + +export const metadataPatch: OperationParameter = { + parameterPath: "metadataPatch", + mapper: MetadataPatchMapper +}; + +export const consentId: OperationURLParameter = { + parameterPath: "consentId", + mapper: { + serializedName: "consentId", + required: true, + type: { + name: "String" + } + } +}; + +export const sentinelOnboardingStateName: OperationURLParameter = { + parameterPath: "sentinelOnboardingStateName", + mapper: { + serializedName: "sentinelOnboardingStateName", + required: true, + type: { + name: "String" + } + } +}; + +export const sentinelOnboardingStateParameter: OperationParameter = { + parameterPath: ["options", "sentinelOnboardingStateParameter"], + mapper: SentinelOnboardingStateMapper +}; + +export const settingsName: OperationURLParameter = { + parameterPath: "settingsName", + mapper: { + serializedName: "settingsName", + required: true, + type: { + name: "String" + } + } +}; + +export const settings: OperationParameter = { + parameterPath: "settings", + mapper: SettingsMapper +}; + +export const repoType: OperationParameter = { + parameterPath: "repoType", + mapper: { + serializedName: "repoType", + required: true, + type: { + name: "String" + } + } +}; + +export const sourceControlId: OperationURLParameter = { + parameterPath: "sourceControlId", + mapper: { + serializedName: "sourceControlId", + required: true, + type: { + name: "String" + } + } +}; + +export const sourceControl: OperationParameter = { + parameterPath: "sourceControl", + mapper: SourceControlMapper +}; + +export const threatIntelligenceProperties: OperationParameter = { + parameterPath: "threatIntelligenceProperties", + mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper +}; + +export const name: OperationURLParameter = { + parameterPath: "name", + mapper: { + serializedName: "name", + required: true, + type: { + name: "String" + } + } +}; + +export const threatIntelligenceFilteringCriteria: OperationParameter = { + parameterPath: "threatIntelligenceFilteringCriteria", + mapper: ThreatIntelligenceFilteringCriteriaMapper +}; + +export const threatIntelligenceAppendTags: OperationParameter = { + parameterPath: "threatIntelligenceAppendTags", + mapper: ThreatIntelligenceAppendTagsMapper +}; + +export const threatIntelligenceReplaceTags: OperationParameter = { + parameterPath: "threatIntelligenceReplaceTags", + mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper +}; + +export const watchlistAlias: OperationURLParameter = { + parameterPath: "watchlistAlias", + mapper: { + serializedName: "watchlistAlias", + required: true, + type: { + name: "String" + } + } +}; + +export const watchlist: OperationParameter = { + parameterPath: "watchlist", + mapper: WatchlistMapper +}; + +export const watchlistItemId: OperationURLParameter = { + parameterPath: "watchlistItemId", + mapper: { + serializedName: "watchlistItemId", + required: true, + type: { + name: "String" + } + } +}; + +export const watchlistItem: OperationParameter = { + parameterPath: "watchlistItem", + mapper: WatchlistItemMapper +}; + +export const dataConnectorId: OperationURLParameter = { + parameterPath: "dataConnectorId", + mapper: { + serializedName: "dataConnectorId", + required: true, + type: { + name: "String" + } + } +}; + +export const dataConnector: OperationParameter = { + parameterPath: "dataConnector", + mapper: DataConnectorMapper +}; + +export const connectBody: OperationParameter = { + parameterPath: "connectBody", + mapper: DataConnectorConnectBodyMapper +}; + +export const dataConnectorsCheckRequirements: OperationParameter = { + parameterPath: "dataConnectorsCheckRequirements", + mapper: DataConnectorsCheckRequirementsMapper +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts b/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts new file mode 100644 index 000000000000..72aea9cb6a13 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/actions.ts @@ -0,0 +1,351 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { Actions } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + ActionResponse, + ActionsListByAlertRuleNextOptionalParams, + ActionsListByAlertRuleOptionalParams, + ActionsListByAlertRuleResponse, + ActionsGetOptionalParams, + ActionsGetResponse, + ActionRequest, + ActionsCreateOrUpdateOptionalParams, + ActionsCreateOrUpdateResponse, + ActionsDeleteOptionalParams, + ActionsListByAlertRuleNextResponse +} from "../models"; + +/// +/** Class containing Actions operations. */ +export class ActionsImpl implements Actions { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class Actions class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all actions of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param options The options parameters. + */ + public listByAlertRule( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + options?: ActionsListByAlertRuleOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listByAlertRulePagingAll( + resourceGroupName, + workspaceName, + ruleId, + options + ); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listByAlertRulePagingPage( + resourceGroupName, + workspaceName, + ruleId, + options + ); + } + }; + } + + private async *listByAlertRulePagingPage( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + options?: ActionsListByAlertRuleOptionalParams + ): AsyncIterableIterator { + let result = await this._listByAlertRule( + resourceGroupName, + workspaceName, + ruleId, + options + ); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listByAlertRuleNext( + resourceGroupName, + workspaceName, + ruleId, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listByAlertRulePagingAll( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + options?: ActionsListByAlertRuleOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listByAlertRulePagingPage( + resourceGroupName, + workspaceName, + ruleId, + options + )) { + yield* page; + } + } + + /** + * Gets all actions of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param options The options parameters. + */ + private _listByAlertRule( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + options?: ActionsListByAlertRuleOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, ruleId, options }, + listByAlertRuleOperationSpec + ); + } + + /** + * Gets the action of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + actionId: string, + options?: ActionsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, ruleId, actionId, options }, + getOperationSpec + ); + } + + /** + * Creates or updates the action of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param action The action + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + actionId: string, + action: ActionRequest, + options?: ActionsCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, ruleId, actionId, action, options }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the action of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + actionId: string, + options?: ActionsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, ruleId, actionId, options }, + deleteOperationSpec + ); + } + + /** + * ListByAlertRuleNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param nextLink The nextLink from the previous successful call to the ListByAlertRule method. + * @param options The options parameters. + */ + private _listByAlertRuleNext( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + nextLink: string, + options?: ActionsListByAlertRuleNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, ruleId, nextLink, options }, + listByAlertRuleNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listByAlertRuleOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.ActionsList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.ActionResponse + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId, + Parameters.actionId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.ActionResponse + }, + 201: { + bodyMapper: Mappers.ActionResponse + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.action, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId, + Parameters.actionId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId, + Parameters.actionId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listByAlertRuleNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.ActionsList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts new file mode 100644 index 000000000000..dbad34be967b --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleTemplates.ts @@ -0,0 +1,221 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { AlertRuleTemplates } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + AlertRuleTemplateUnion, + AlertRuleTemplatesListNextOptionalParams, + AlertRuleTemplatesListOptionalParams, + AlertRuleTemplatesListResponse, + AlertRuleTemplatesGetOptionalParams, + AlertRuleTemplatesGetResponse, + AlertRuleTemplatesListNextResponse +} from "../models"; + +/// +/** Class containing AlertRuleTemplates operations. */ +export class AlertRuleTemplatesImpl implements AlertRuleTemplates { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class AlertRuleTemplates class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all alert rule templates. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: AlertRuleTemplatesListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: AlertRuleTemplatesListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: AlertRuleTemplatesListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all alert rule templates. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: AlertRuleTemplatesListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets the alert rule template. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param alertRuleTemplateId Alert rule template ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + alertRuleTemplateId: string, + options?: AlertRuleTemplatesGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, alertRuleTemplateId, options }, + getOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: AlertRuleTemplatesListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.AlertRuleTemplatesList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.AlertRuleTemplate + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.alertRuleTemplateId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.AlertRuleTemplatesList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts b/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts new file mode 100644 index 000000000000..43164a9c587c --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/alertRules.ts @@ -0,0 +1,314 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { AlertRules } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + AlertRuleUnion, + AlertRulesListNextOptionalParams, + AlertRulesListOptionalParams, + AlertRulesListResponse, + AlertRulesGetOptionalParams, + AlertRulesGetResponse, + AlertRulesCreateOrUpdateOptionalParams, + AlertRulesCreateOrUpdateResponse, + AlertRulesDeleteOptionalParams, + AlertRulesListNextResponse +} from "../models"; + +/// +/** Class containing AlertRules operations. */ +export class AlertRulesImpl implements AlertRules { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class AlertRules class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all alert rules. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: AlertRulesListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: AlertRulesListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: AlertRulesListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all alert rules. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: AlertRulesListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets the alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + options?: AlertRulesGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, ruleId, options }, + getOperationSpec + ); + } + + /** + * Creates or updates the alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param alertRule The alert rule + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + alertRule: AlertRuleUnion, + options?: AlertRulesCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, ruleId, alertRule, options }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + options?: AlertRulesDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, ruleId, options }, + deleteOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: AlertRulesListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.AlertRulesList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.AlertRule + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.AlertRule + }, + 201: { + bodyMapper: Mappers.AlertRule + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.alertRule, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.AlertRulesList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts new file mode 100644 index 000000000000..8085591446ce --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts @@ -0,0 +1,369 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { AutomationRules } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + AutomationRule, + AutomationRulesListNextOptionalParams, + AutomationRulesListOptionalParams, + AutomationRulesGetOptionalParams, + AutomationRulesGetResponse, + AutomationRulesCreateOrUpdateOptionalParams, + AutomationRulesCreateOrUpdateResponse, + AutomationRulesDeleteOptionalParams, + AutomationRulesDeleteResponse, + AutomationRulesListResponse, + AutomationRulesManualTriggerPlaybookOptionalParams, + AutomationRulesManualTriggerPlaybookResponse, + AutomationRulesListNextResponse +} from "../models"; + +/// +/** Class containing AutomationRules operations. */ +export class AutomationRulesImpl implements AutomationRules { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class AutomationRules class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all automation rules. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: AutomationRulesListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: AutomationRulesListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: AutomationRulesListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets the automation rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param automationRuleId Automation rule ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + automationRuleId: string, + options?: AutomationRulesGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, automationRuleId, options }, + getOperationSpec + ); + } + + /** + * Creates or updates the automation rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param automationRuleId Automation rule ID + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + automationRuleId: string, + options?: AutomationRulesCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, automationRuleId, options }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the automation rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param automationRuleId Automation rule ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + automationRuleId: string, + options?: AutomationRulesDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, automationRuleId, options }, + deleteOperationSpec + ); + } + + /** + * Gets all automation rules. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: AutomationRulesListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Triggers playbook on a specific incident + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentIdentifier + * @param options The options parameters. + */ + manualTriggerPlaybook( + resourceGroupName: string, + workspaceName: string, + incidentIdentifier: string, + options?: AutomationRulesManualTriggerPlaybookOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentIdentifier, options }, + manualTriggerPlaybookOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: AutomationRulesListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.AutomationRule + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.automationRuleId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.AutomationRule + }, + 201: { + bodyMapper: Mappers.AutomationRule + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.automationRuleToUpsert, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.automationRuleId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", + httpMethod: "DELETE", + responses: { + 200: { + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + }, + 204: { + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.automationRuleId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.AutomationRulesList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const manualTriggerPlaybookOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook", + httpMethod: "POST", + responses: { + 204: { + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.requestBody, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentIdentifier + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.AutomationRulesList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkOperations.ts new file mode 100644 index 000000000000..cd0a944ecdca --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkOperations.ts @@ -0,0 +1,80 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { BookmarkOperations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + BookmarkExpandParameters, + BookmarkExpandOptionalParams, + BookmarkExpandOperationResponse +} from "../models"; + +/** Class containing BookmarkOperations operations. */ +export class BookmarkOperationsImpl implements BookmarkOperations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class BookmarkOperations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Expand an bookmark + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param parameters The parameters required to execute an expand operation on the given bookmark. + * @param options The options parameters. + */ + expand( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + parameters: BookmarkExpandParameters, + options?: BookmarkExpandOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, bookmarkId, parameters, options }, + expandOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const expandOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.BookmarkExpandResponse + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.parameters, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.bookmarkId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts new file mode 100644 index 000000000000..b399a68bbfc5 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts @@ -0,0 +1,369 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { BookmarkRelations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + Relation, + BookmarkRelationsListNextOptionalParams, + BookmarkRelationsListOptionalParams, + BookmarkRelationsListResponse, + BookmarkRelationsGetOptionalParams, + BookmarkRelationsGetResponse, + BookmarkRelationsCreateOrUpdateOptionalParams, + BookmarkRelationsCreateOrUpdateResponse, + BookmarkRelationsDeleteOptionalParams, + BookmarkRelationsListNextResponse +} from "../models"; + +/// +/** Class containing BookmarkRelations operations. */ +export class BookmarkRelationsImpl implements BookmarkRelations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class BookmarkRelations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all bookmark relations. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + options?: BookmarkRelationsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll( + resourceGroupName, + workspaceName, + bookmarkId, + options + ); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage( + resourceGroupName, + workspaceName, + bookmarkId, + options + ); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + options?: BookmarkRelationsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list( + resourceGroupName, + workspaceName, + bookmarkId, + options + ); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + bookmarkId, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + options?: BookmarkRelationsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + bookmarkId, + options + )) { + yield* page; + } + } + + /** + * Gets all bookmark relations. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + options?: BookmarkRelationsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, bookmarkId, options }, + listOperationSpec + ); + } + + /** + * Gets a bookmark relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param relationName Relation Name + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + relationName: string, + options?: BookmarkRelationsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, bookmarkId, relationName, options }, + getOperationSpec + ); + } + + /** + * Creates the bookmark relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param relationName Relation Name + * @param relation The relation model + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + relationName: string, + relation: Relation, + options?: BookmarkRelationsCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + bookmarkId, + relationName, + relation, + options + }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the bookmark relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param relationName Relation Name + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + relationName: string, + options?: BookmarkRelationsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, bookmarkId, relationName, options }, + deleteOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + nextLink: string, + options?: BookmarkRelationsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, bookmarkId, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.RelationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.bookmarkId + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.Relation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.bookmarkId, + Parameters.relationName + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.Relation + }, + 201: { + bodyMapper: Mappers.Relation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.relation, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.bookmarkId, + Parameters.relationName + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.bookmarkId, + Parameters.relationName + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.RelationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink, + Parameters.bookmarkId + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarks.ts b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarks.ts new file mode 100644 index 000000000000..1587a320cf92 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarks.ts @@ -0,0 +1,314 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { Bookmarks } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + Bookmark, + BookmarksListNextOptionalParams, + BookmarksListOptionalParams, + BookmarksListResponse, + BookmarksGetOptionalParams, + BookmarksGetResponse, + BookmarksCreateOrUpdateOptionalParams, + BookmarksCreateOrUpdateResponse, + BookmarksDeleteOptionalParams, + BookmarksListNextResponse +} from "../models"; + +/// +/** Class containing Bookmarks operations. */ +export class BookmarksImpl implements Bookmarks { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class Bookmarks class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all bookmarks. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: BookmarksListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: BookmarksListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: BookmarksListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all bookmarks. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: BookmarksListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets a bookmark. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + options?: BookmarksGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, bookmarkId, options }, + getOperationSpec + ); + } + + /** + * Creates or updates the bookmark. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param bookmark The bookmark + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + bookmark: Bookmark, + options?: BookmarksCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, bookmarkId, bookmark, options }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the bookmark. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + options?: BookmarksDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, bookmarkId, options }, + deleteOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: BookmarksListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.BookmarkList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.Bookmark + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.bookmarkId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.Bookmark + }, + 201: { + bodyMapper: Mappers.Bookmark + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.bookmark, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.bookmarkId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.bookmarkId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.BookmarkList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts new file mode 100644 index 000000000000..82199b6e0cb2 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts @@ -0,0 +1,413 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { DataConnectors } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + DataConnectorUnion, + DataConnectorsListNextOptionalParams, + DataConnectorsListOptionalParams, + DataConnectorsListResponse, + DataConnectorsGetOptionalParams, + DataConnectorsGetResponse, + DataConnectorsCreateOrUpdateOptionalParams, + DataConnectorsCreateOrUpdateResponse, + DataConnectorsDeleteOptionalParams, + DataConnectorConnectBody, + DataConnectorsConnectOptionalParams, + DataConnectorsDisconnectOptionalParams, + DataConnectorsListNextResponse +} from "../models"; + +/// +/** Class containing DataConnectors operations. */ +export class DataConnectorsImpl implements DataConnectors { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class DataConnectors class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all data connectors. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: DataConnectorsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: DataConnectorsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: DataConnectorsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all data connectors. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: DataConnectorsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets a data connector. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorId Connector ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + dataConnectorId: string, + options?: DataConnectorsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, dataConnectorId, options }, + getOperationSpec + ); + } + + /** + * Creates or updates the data connector. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorId Connector ID + * @param dataConnector The data connector + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + dataConnectorId: string, + dataConnector: DataConnectorUnion, + options?: DataConnectorsCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + dataConnectorId, + dataConnector, + options + }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the data connector. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorId Connector ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + dataConnectorId: string, + options?: DataConnectorsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, dataConnectorId, options }, + deleteOperationSpec + ); + } + + /** + * Connects a data connector. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorId Connector ID + * @param connectBody The data connector + * @param options The options parameters. + */ + connect( + resourceGroupName: string, + workspaceName: string, + dataConnectorId: string, + connectBody: DataConnectorConnectBody, + options?: DataConnectorsConnectOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + dataConnectorId, + connectBody, + options + }, + connectOperationSpec + ); + } + + /** + * Disconnect a data connector. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorId Connector ID + * @param options The options parameters. + */ + disconnect( + resourceGroupName: string, + workspaceName: string, + dataConnectorId: string, + options?: DataConnectorsDisconnectOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, dataConnectorId, options }, + disconnectOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: DataConnectorsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.DataConnectorList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.DataConnector + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.dataConnectorId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.DataConnector + }, + 201: { + bodyMapper: Mappers.DataConnector + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.dataConnector, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.dataConnectorId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.dataConnectorId + ], + headerParameters: [Parameters.accept], + serializer +}; +const connectOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect", + httpMethod: "POST", + responses: { + 200: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + requestBody: Parameters.connectBody, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.dataConnectorId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const disconnectOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect", + httpMethod: "POST", + responses: { + 200: {}, + default: { + bodyMapper: Mappers.ErrorResponse + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.dataConnectorId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.DataConnectorList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectorsCheckRequirementsOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectorsCheckRequirementsOperations.ts new file mode 100644 index 000000000000..06ee89237293 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectorsCheckRequirementsOperations.ts @@ -0,0 +1,83 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { DataConnectorsCheckRequirementsOperations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + DataConnectorsCheckRequirementsUnion, + DataConnectorsCheckRequirementsPostOptionalParams, + DataConnectorsCheckRequirementsPostResponse +} from "../models"; + +/** Class containing DataConnectorsCheckRequirementsOperations operations. */ +export class DataConnectorsCheckRequirementsOperationsImpl + implements DataConnectorsCheckRequirementsOperations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class DataConnectorsCheckRequirementsOperations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Get requirements state for a data connector type. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorsCheckRequirements The parameters for requirements check message + * @param options The options parameters. + */ + post( + resourceGroupName: string, + workspaceName: string, + dataConnectorsCheckRequirements: DataConnectorsCheckRequirementsUnion, + options?: DataConnectorsCheckRequirementsPostOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + dataConnectorsCheckRequirements, + options + }, + postOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const postOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.DataConnectorRequirementsState + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.dataConnectorsCheckRequirements, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/domainWhois.ts b/sdk/securityinsight/arm-securityinsight/src/operations/domainWhois.ts new file mode 100644 index 000000000000..adc8023e0349 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/domainWhois.ts @@ -0,0 +1,71 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { DomainWhois } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + DomainWhoisGetOptionalParams, + DomainWhoisGetResponse +} from "../models"; + +/** Class containing DomainWhois operations. */ +export class DomainWhoisImpl implements DomainWhois { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class DomainWhois class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Get whois information for a single domain name + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param domain Domain name to be enriched + * @param options The options parameters. + */ + get( + resourceGroupName: string, + domain: string, + options?: DomainWhoisGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, domain, options }, + getOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.EnrichmentDomainWhois + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion, Parameters.domain], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts new file mode 100644 index 000000000000..3f01a3174daa --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts @@ -0,0 +1,366 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { Entities } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + EntityUnion, + EntitiesListNextOptionalParams, + EntitiesListOptionalParams, + EntitiesListResponse, + EntitiesGetOptionalParams, + EntitiesGetResponse, + EntityExpandParameters, + EntitiesExpandOptionalParams, + EntitiesExpandResponse, + EntityItemQueryKind, + EntitiesQueriesOptionalParams, + EntitiesQueriesResponse, + EntityGetInsightsParameters, + EntitiesGetInsightsOptionalParams, + EntitiesGetInsightsResponse, + EntitiesListNextResponse +} from "../models"; + +/// +/** Class containing Entities operations. */ +export class EntitiesImpl implements Entities { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class Entities class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all entities. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: EntitiesListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: EntitiesListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: EntitiesListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all entities. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: EntitiesListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + entityId: string, + options?: EntitiesGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityId, options }, + getOperationSpec + ); + } + + /** + * Expands an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param parameters The parameters required to execute an expand operation on the given entity. + * @param options The options parameters. + */ + expand( + resourceGroupName: string, + workspaceName: string, + entityId: string, + parameters: EntityExpandParameters, + options?: EntitiesExpandOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityId, parameters, options }, + expandOperationSpec + ); + } + + /** + * Get Insights and Activities for an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param kind The Kind parameter for queries + * @param options The options parameters. + */ + queries( + resourceGroupName: string, + workspaceName: string, + entityId: string, + kind: EntityItemQueryKind, + options?: EntitiesQueriesOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityId, kind, options }, + queriesOperationSpec + ); + } + + /** + * Execute Insights for an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param parameters The parameters required to execute insights on the given entity. + * @param options The options parameters. + */ + getInsights( + resourceGroupName: string, + workspaceName: string, + entityId: string, + parameters: EntityGetInsightsParameters, + options?: EntitiesGetInsightsOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityId, parameters, options }, + getInsightsOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: EntitiesListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.EntityList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.Entity + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.entityId + ], + headerParameters: [Parameters.accept], + serializer +}; +const expandOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.EntityExpandResponse + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.parameters1, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.entityId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const queriesOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.GetQueriesResponse + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion, Parameters.kind], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.entityId + ], + headerParameters: [Parameters.accept], + serializer +}; +const getInsightsOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.EntityGetInsightsResponse + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.parameters2, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.entityId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.EntityList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesGetTimeline.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entitiesGetTimeline.ts new file mode 100644 index 000000000000..52ccbd95b39b --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entitiesGetTimeline.ts @@ -0,0 +1,80 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { EntitiesGetTimeline } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + EntityTimelineParameters, + EntitiesGetTimelineListOptionalParams, + EntitiesGetTimelineListResponse +} from "../models"; + +/** Class containing EntitiesGetTimeline operations. */ +export class EntitiesGetTimelineImpl implements EntitiesGetTimeline { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class EntitiesGetTimeline class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Timeline for an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param parameters The parameters required to execute an timeline operation on the given entity. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + entityId: string, + parameters: EntityTimelineParameters, + options?: EntitiesGetTimelineListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityId, parameters, options }, + listOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.EntityTimelineResponse + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.parameters3, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.entityId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts new file mode 100644 index 000000000000..1117b74cd510 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts @@ -0,0 +1,216 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { EntitiesRelations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + Relation, + EntitiesRelationsListNextOptionalParams, + EntitiesRelationsListOptionalParams, + EntitiesRelationsListResponse, + EntitiesRelationsListNextResponse +} from "../models"; + +/// +/** Class containing EntitiesRelations operations. */ +export class EntitiesRelationsImpl implements EntitiesRelations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class EntitiesRelations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all relations of an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + entityId: string, + options?: EntitiesRelationsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll( + resourceGroupName, + workspaceName, + entityId, + options + ); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage( + resourceGroupName, + workspaceName, + entityId, + options + ); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + entityId: string, + options?: EntitiesRelationsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list( + resourceGroupName, + workspaceName, + entityId, + options + ); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + entityId, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + entityId: string, + options?: EntitiesRelationsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + entityId, + options + )) { + yield* page; + } + } + + /** + * Gets all relations of an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + entityId: string, + options?: EntitiesRelationsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityId, options }, + listOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + entityId: string, + nextLink: string, + options?: EntitiesRelationsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityId, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.RelationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.entityId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.RelationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink, + Parameters.entityId + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts new file mode 100644 index 000000000000..21190c27d569 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts @@ -0,0 +1,315 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { EntityQueries } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + EntityQueryUnion, + EntityQueriesListNextOptionalParams, + EntityQueriesListOptionalParams, + EntityQueriesListResponse, + EntityQueriesGetOptionalParams, + EntityQueriesGetResponse, + CustomEntityQueryUnion, + EntityQueriesCreateOrUpdateOptionalParams, + EntityQueriesCreateOrUpdateResponse, + EntityQueriesDeleteOptionalParams, + EntityQueriesListNextResponse +} from "../models"; + +/// +/** Class containing EntityQueries operations. */ +export class EntityQueriesImpl implements EntityQueries { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class EntityQueries class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all entity queries. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: EntityQueriesListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: EntityQueriesListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: EntityQueriesListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all entity queries. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: EntityQueriesListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets an entity query. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityQueryId entity query ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + entityQueryId: string, + options?: EntityQueriesGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityQueryId, options }, + getOperationSpec + ); + } + + /** + * Creates or updates the entity query. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityQueryId entity query ID + * @param entityQuery The entity query we want to create or update + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + entityQueryId: string, + entityQuery: CustomEntityQueryUnion, + options?: EntityQueriesCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityQueryId, entityQuery, options }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the entity query. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityQueryId entity query ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + entityQueryId: string, + options?: EntityQueriesDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityQueryId, options }, + deleteOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: EntityQueriesListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.EntityQueryList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion, Parameters.kind1], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.EntityQuery + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.entityQueryId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.EntityQuery + }, + 201: { + bodyMapper: Mappers.EntityQuery + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.entityQuery, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.entityQueryId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.entityQueryId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.EntityQueryList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion, Parameters.kind1], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueryTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueryTemplates.ts new file mode 100644 index 000000000000..51b5a4ab4e9b --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueryTemplates.ts @@ -0,0 +1,221 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { EntityQueryTemplates } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + EntityQueryTemplateUnion, + EntityQueryTemplatesListNextOptionalParams, + EntityQueryTemplatesListOptionalParams, + EntityQueryTemplatesListResponse, + EntityQueryTemplatesGetOptionalParams, + EntityQueryTemplatesGetResponse, + EntityQueryTemplatesListNextResponse +} from "../models"; + +/// +/** Class containing EntityQueryTemplates operations. */ +export class EntityQueryTemplatesImpl implements EntityQueryTemplates { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class EntityQueryTemplates class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all entity query templates. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: EntityQueryTemplatesListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: EntityQueryTemplatesListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: EntityQueryTemplatesListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all entity query templates. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: EntityQueryTemplatesListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets an entity query. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityQueryTemplateId entity query template ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + entityQueryTemplateId: string, + options?: EntityQueryTemplatesGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityQueryTemplateId, options }, + getOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: EntityQueryTemplatesListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.EntityQueryTemplateList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion, Parameters.kind2], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.EntityQueryTemplate + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.entityQueryTemplateId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.EntityQueryTemplateList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion, Parameters.kind2], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityRelations.ts new file mode 100644 index 000000000000..e76d8ca12d13 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entityRelations.ts @@ -0,0 +1,78 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { EntityRelations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + EntityRelationsGetRelationOptionalParams, + EntityRelationsGetRelationResponse +} from "../models"; + +/** Class containing EntityRelations operations. */ +export class EntityRelationsImpl implements EntityRelations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class EntityRelations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets an entity relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param relationName Relation Name + * @param options The options parameters. + */ + getRelation( + resourceGroupName: string, + workspaceName: string, + entityId: string, + relationName: string, + options?: EntityRelationsGetRelationOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, entityId, relationName, options }, + getRelationOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const getRelationOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.Relation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.relationName, + Parameters.entityId + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/iPGeodata.ts b/sdk/securityinsight/arm-securityinsight/src/operations/iPGeodata.ts new file mode 100644 index 000000000000..9219973e7167 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/iPGeodata.ts @@ -0,0 +1,68 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { IPGeodata } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { IPGeodataGetOptionalParams, IPGeodataGetResponse } from "../models"; + +/** Class containing IPGeodata operations. */ +export class IPGeodataImpl implements IPGeodata { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class IPGeodata class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Get geodata for a single IP address + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param ipAddress IP address (v4 or v6) to be enriched + * @param options The options parameters. + */ + get( + resourceGroupName: string, + ipAddress: string, + options?: IPGeodataGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, ipAddress, options }, + getOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.EnrichmentIpGeodata + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion, Parameters.ipAddress], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts new file mode 100644 index 000000000000..ae27ca7777d1 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts @@ -0,0 +1,381 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { IncidentComments } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + IncidentComment, + IncidentCommentsListNextOptionalParams, + IncidentCommentsListOptionalParams, + IncidentCommentsListResponse, + IncidentCommentsGetOptionalParams, + IncidentCommentsGetResponse, + IncidentCommentsCreateOrUpdateOptionalParams, + IncidentCommentsCreateOrUpdateResponse, + IncidentCommentsDeleteOptionalParams, + IncidentCommentsListNextResponse +} from "../models"; + +/// +/** Class containing IncidentComments operations. */ +export class IncidentCommentsImpl implements IncidentComments { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class IncidentComments class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all incident comments. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentCommentsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll( + resourceGroupName, + workspaceName, + incidentId, + options + ); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage( + resourceGroupName, + workspaceName, + incidentId, + options + ); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentCommentsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list( + resourceGroupName, + workspaceName, + incidentId, + options + ); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + incidentId, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentCommentsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + incidentId, + options + )) { + yield* page; + } + } + + /** + * Gets all incident comments. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentCommentsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, options }, + listOperationSpec + ); + } + + /** + * Gets an incident comment. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentCommentId: string, + options?: IncidentCommentsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + incidentCommentId, + options + }, + getOperationSpec + ); + } + + /** + * Creates or updates the incident comment. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param incidentComment The incident comment + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentCommentId: string, + incidentComment: IncidentComment, + options?: IncidentCommentsCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + incidentCommentId, + incidentComment, + options + }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the incident comment. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentCommentId: string, + options?: IncidentCommentsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + incidentCommentId, + options + }, + deleteOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + nextLink: string, + options?: IncidentCommentsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.IncidentCommentList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.IncidentComment + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.incidentCommentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.IncidentComment + }, + 201: { + bodyMapper: Mappers.IncidentComment + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.incidentComment, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.incidentCommentId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.incidentCommentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.IncidentCommentList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts new file mode 100644 index 000000000000..86c73b551a2f --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts @@ -0,0 +1,369 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { IncidentRelations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + Relation, + IncidentRelationsListNextOptionalParams, + IncidentRelationsListOptionalParams, + IncidentRelationsListResponse, + IncidentRelationsGetOptionalParams, + IncidentRelationsGetResponse, + IncidentRelationsCreateOrUpdateOptionalParams, + IncidentRelationsCreateOrUpdateResponse, + IncidentRelationsDeleteOptionalParams, + IncidentRelationsListNextResponse +} from "../models"; + +/// +/** Class containing IncidentRelations operations. */ +export class IncidentRelationsImpl implements IncidentRelations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class IncidentRelations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all incident relations. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentRelationsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll( + resourceGroupName, + workspaceName, + incidentId, + options + ); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage( + resourceGroupName, + workspaceName, + incidentId, + options + ); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentRelationsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list( + resourceGroupName, + workspaceName, + incidentId, + options + ); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + incidentId, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentRelationsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + incidentId, + options + )) { + yield* page; + } + } + + /** + * Gets all incident relations. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentRelationsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, options }, + listOperationSpec + ); + } + + /** + * Gets an incident relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + relationName: string, + options?: IncidentRelationsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, relationName, options }, + getOperationSpec + ); + } + + /** + * Creates or updates the incident relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param relation The relation model + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + relationName: string, + relation: Relation, + options?: IncidentRelationsCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + relationName, + relation, + options + }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the incident relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + relationName: string, + options?: IncidentRelationsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, relationName, options }, + deleteOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + nextLink: string, + options?: IncidentRelationsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.RelationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.Relation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.relationName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.Relation + }, + 201: { + bodyMapper: Mappers.Relation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.relation, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.relationName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.relationName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.RelationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts new file mode 100644 index 000000000000..ad5f24a076f9 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts @@ -0,0 +1,508 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { Incidents } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + Incident, + IncidentsListNextOptionalParams, + IncidentsListOptionalParams, + IncidentsListResponse, + IncidentsGetOptionalParams, + IncidentsGetResponse, + IncidentsCreateOrUpdateOptionalParams, + IncidentsCreateOrUpdateResponse, + IncidentsDeleteOptionalParams, + TeamProperties, + IncidentsCreateTeamOptionalParams, + IncidentsCreateTeamResponse, + IncidentsListAlertsOptionalParams, + IncidentsListAlertsResponse, + IncidentsListBookmarksOptionalParams, + IncidentsListBookmarksResponse, + IncidentsListEntitiesOptionalParams, + IncidentsListEntitiesResponse, + IncidentsListNextResponse +} from "../models"; + +/// +/** Class containing Incidents operations. */ +export class IncidentsImpl implements Incidents { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class Incidents class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all incidents. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: IncidentsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: IncidentsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: IncidentsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all incidents. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: IncidentsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets an incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, options }, + getOperationSpec + ); + } + + /** + * Creates or updates the incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incident The incident + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incident: Incident, + options?: IncidentsCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, incident, options }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, options }, + deleteOperationSpec + ); + } + + /** + * Creates a Microsoft team to investigate the incident by sharing information and insights between + * participants. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param teamProperties Team properties + * @param options The options parameters. + */ + createTeam( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + teamProperties: TeamProperties, + options?: IncidentsCreateTeamOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, teamProperties, options }, + createTeamOperationSpec + ); + } + + /** + * Gets all incident alerts. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + listAlerts( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentsListAlertsOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, options }, + listAlertsOperationSpec + ); + } + + /** + * Gets all incident bookmarks. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + listBookmarks( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentsListBookmarksOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, options }, + listBookmarksOperationSpec + ); + } + + /** + * Gets all incident related entities. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + listEntities( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentsListEntitiesOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, options }, + listEntitiesOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: IncidentsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.IncidentList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.Incident + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.Incident + }, + 201: { + bodyMapper: Mappers.Incident + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.incident, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createTeamOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.TeamInformation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.teamProperties, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const listAlertsOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.IncidentAlertList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listBookmarksOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.IncidentBookmarkList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listEntitiesOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.IncidentEntitiesResponse + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.IncidentList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts new file mode 100644 index 000000000000..68f26bcfc90b --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts @@ -0,0 +1,40 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export * from "./alertRules"; +export * from "./actions"; +export * from "./alertRuleTemplates"; +export * from "./automationRules"; +export * from "./bookmarks"; +export * from "./bookmarkRelations"; +export * from "./bookmarkOperations"; +export * from "./iPGeodata"; +export * from "./domainWhois"; +export * from "./entities"; +export * from "./entitiesGetTimeline"; +export * from "./entitiesRelations"; +export * from "./entityRelations"; +export * from "./entityQueries"; +export * from "./entityQueryTemplates"; +export * from "./incidents"; +export * from "./incidentComments"; +export * from "./incidentRelations"; +export * from "./metadata"; +export * from "./officeConsents"; +export * from "./sentinelOnboardingStates"; +export * from "./productSettings"; +export * from "./sourceControlOperations"; +export * from "./sourceControls"; +export * from "./threatIntelligenceIndicator"; +export * from "./threatIntelligenceIndicators"; +export * from "./threatIntelligenceIndicatorMetrics"; +export * from "./watchlists"; +export * from "./watchlistItems"; +export * from "./dataConnectors"; +export * from "./dataConnectorsCheckRequirementsOperations"; +export * from "./operations"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts b/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts new file mode 100644 index 000000000000..be14e682404d --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts @@ -0,0 +1,381 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { Metadata } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + MetadataModel, + MetadataListNextOptionalParams, + MetadataListOptionalParams, + MetadataListResponse, + MetadataGetOptionalParams, + MetadataGetResponse, + MetadataDeleteOptionalParams, + MetadataCreateOptionalParams, + MetadataCreateResponse, + MetadataPatch, + MetadataUpdateOptionalParams, + MetadataUpdateResponse, + MetadataListNextResponse +} from "../models"; + +/// +/** Class containing Metadata operations. */ +export class MetadataImpl implements Metadata { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class Metadata class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * List of all metadata + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: MetadataListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: MetadataListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: MetadataListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * List of all metadata + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: MetadataListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Get a Metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param metadataName The Metadata name. + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + metadataName: string, + options?: MetadataGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, metadataName, options }, + getOperationSpec + ); + } + + /** + * Delete a Metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param metadataName The Metadata name. + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + metadataName: string, + options?: MetadataDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, metadataName, options }, + deleteOperationSpec + ); + } + + /** + * Create a Metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param metadataName The Metadata name. + * @param metadata Metadata resource. + * @param options The options parameters. + */ + create( + resourceGroupName: string, + workspaceName: string, + metadataName: string, + metadata: MetadataModel, + options?: MetadataCreateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, metadataName, metadata, options }, + createOperationSpec + ); + } + + /** + * Update an existing Metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param metadataName The Metadata name. + * @param metadataPatch Partial metadata request. + * @param options The options parameters. + */ + update( + resourceGroupName: string, + workspaceName: string, + metadataName: string, + metadataPatch: MetadataPatch, + options?: MetadataUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + metadataName, + metadataPatch, + options + }, + updateOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: MetadataListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.MetadataList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skip + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.MetadataModel + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.metadataName + ], + headerParameters: [Parameters.accept], + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.metadataName + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.MetadataModel + }, + 201: { + bodyMapper: Mappers.MetadataModel + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.metadata, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.metadataName + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const updateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", + httpMethod: "PATCH", + responses: { + 200: { + bodyMapper: Mappers.MetadataModel + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.metadataPatch, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.metadataName + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.MetadataList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skip + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/officeConsents.ts b/sdk/securityinsight/arm-securityinsight/src/operations/officeConsents.ts new file mode 100644 index 000000000000..28d1a51e8097 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/officeConsents.ts @@ -0,0 +1,263 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { OfficeConsents } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + OfficeConsent, + OfficeConsentsListNextOptionalParams, + OfficeConsentsListOptionalParams, + OfficeConsentsListResponse, + OfficeConsentsGetOptionalParams, + OfficeConsentsGetResponse, + OfficeConsentsDeleteOptionalParams, + OfficeConsentsListNextResponse +} from "../models"; + +/// +/** Class containing OfficeConsents operations. */ +export class OfficeConsentsImpl implements OfficeConsents { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class OfficeConsents class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all office365 consents. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: OfficeConsentsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: OfficeConsentsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: OfficeConsentsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all office365 consents. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: OfficeConsentsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets an office365 consent. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param consentId consent ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + consentId: string, + options?: OfficeConsentsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, consentId, options }, + getOperationSpec + ); + } + + /** + * Delete the office365 consent. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param consentId consent ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + consentId: string, + options?: OfficeConsentsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, consentId, options }, + deleteOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: OfficeConsentsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.OfficeConsentList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.OfficeConsent + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.consentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.consentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.OfficeConsentList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/operations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/operations.ts new file mode 100644 index 000000000000..c4723841b70a --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/operations.ts @@ -0,0 +1,137 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { Operations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + Operation, + OperationsListNextOptionalParams, + OperationsListOptionalParams, + OperationsListResponse, + OperationsListNextResponse +} from "../models"; + +/// +/** Class containing Operations operations. */ +export class OperationsImpl implements Operations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class Operations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Lists all operations available Azure Security Insights Resource Provider. + * @param options The options parameters. + */ + public list( + options?: OperationsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(options); + } + }; + } + + private async *listPagingPage( + options?: OperationsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext(continuationToken, options); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + options?: OperationsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage(options)) { + yield* page; + } + } + + /** + * Lists all operations available Azure Security Insights Resource Provider. + * @param options The options parameters. + */ + private _list( + options?: OperationsListOptionalParams + ): Promise { + return this.client.sendOperationRequest({ options }, listOperationSpec); + } + + /** + * ListNext + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + nextLink: string, + options?: OperationsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: "/providers/Microsoft.SecurityInsights/operations", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.OperationsList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [Parameters.$host], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.OperationsList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [Parameters.$host, Parameters.nextLink], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/productSettings.ts b/sdk/securityinsight/arm-securityinsight/src/operations/productSettings.ts new file mode 100644 index 000000000000..b28a78dde724 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/productSettings.ts @@ -0,0 +1,207 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { ProductSettings } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + ProductSettingsListOptionalParams, + ProductSettingsListResponse, + ProductSettingsGetOptionalParams, + ProductSettingsGetResponse, + ProductSettingsDeleteOptionalParams, + SettingsUnion, + ProductSettingsUpdateOptionalParams, + ProductSettingsUpdateResponse +} from "../models"; + +/** Class containing ProductSettings operations. */ +export class ProductSettingsImpl implements ProductSettings { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class ProductSettings class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * List of all the settings + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: ProductSettingsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets a setting. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + settingsName: string, + options?: ProductSettingsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, settingsName, options }, + getOperationSpec + ); + } + + /** + * Delete setting of the product. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + settingsName: string, + options?: ProductSettingsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, settingsName, options }, + deleteOperationSpec + ); + } + + /** + * Updates setting. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba + * @param settings The setting + * @param options The options parameters. + */ + update( + resourceGroupName: string, + workspaceName: string, + settingsName: string, + settings: SettingsUnion, + options?: ProductSettingsUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, settingsName, settings, options }, + updateOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.SettingList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.Settings + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.settingsName + ], + headerParameters: [Parameters.accept], + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.settingsName + ], + headerParameters: [Parameters.accept], + serializer +}; +const updateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.Settings + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.settings, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.settingsName + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/sentinelOnboardingStates.ts b/sdk/securityinsight/arm-securityinsight/src/operations/sentinelOnboardingStates.ts new file mode 100644 index 000000000000..3694465b4a4e --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/sentinelOnboardingStates.ts @@ -0,0 +1,222 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { SentinelOnboardingStates } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + SentinelOnboardingStatesGetOptionalParams, + SentinelOnboardingStatesGetResponse, + SentinelOnboardingStatesCreateOptionalParams, + SentinelOnboardingStatesCreateResponse, + SentinelOnboardingStatesDeleteOptionalParams, + SentinelOnboardingStatesListOptionalParams, + SentinelOnboardingStatesListResponse +} from "../models"; + +/** Class containing SentinelOnboardingStates operations. */ +export class SentinelOnboardingStatesImpl implements SentinelOnboardingStates { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class SentinelOnboardingStates class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Get Sentinel onboarding state + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + sentinelOnboardingStateName: string, + options?: SentinelOnboardingStatesGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + sentinelOnboardingStateName, + options + }, + getOperationSpec + ); + } + + /** + * Create Sentinel onboarding state + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default + * @param options The options parameters. + */ + create( + resourceGroupName: string, + workspaceName: string, + sentinelOnboardingStateName: string, + options?: SentinelOnboardingStatesCreateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + sentinelOnboardingStateName, + options + }, + createOperationSpec + ); + } + + /** + * Delete Sentinel onboarding state + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + sentinelOnboardingStateName: string, + options?: SentinelOnboardingStatesDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + sentinelOnboardingStateName, + options + }, + deleteOperationSpec + ); + } + + /** + * Gets all Sentinel onboarding states + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: SentinelOnboardingStatesListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.SentinelOnboardingState + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.sentinelOnboardingStateName + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.SentinelOnboardingState + }, + 201: { + bodyMapper: Mappers.SentinelOnboardingState + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.sentinelOnboardingStateParameter, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.sentinelOnboardingStateName + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.sentinelOnboardingStateName + ], + headerParameters: [Parameters.accept], + serializer +}; +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.SentinelOnboardingStatesList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/sourceControlOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/sourceControlOperations.ts new file mode 100644 index 000000000000..1337fe8b5caa --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/sourceControlOperations.ts @@ -0,0 +1,206 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { SourceControlOperations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + Repo, + RepoType, + SourceControlListRepositoriesNextOptionalParams, + SourceControlListRepositoriesOptionalParams, + SourceControlListRepositoriesResponse, + SourceControlListRepositoriesNextResponse +} from "../models"; + +/// +/** Class containing SourceControlOperations operations. */ +export class SourceControlOperationsImpl implements SourceControlOperations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class SourceControlOperations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets a list of repositories metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param repoType The repo type. + * @param options The options parameters. + */ + public listRepositories( + resourceGroupName: string, + workspaceName: string, + repoType: RepoType, + options?: SourceControlListRepositoriesOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listRepositoriesPagingAll( + resourceGroupName, + workspaceName, + repoType, + options + ); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listRepositoriesPagingPage( + resourceGroupName, + workspaceName, + repoType, + options + ); + } + }; + } + + private async *listRepositoriesPagingPage( + resourceGroupName: string, + workspaceName: string, + repoType: RepoType, + options?: SourceControlListRepositoriesOptionalParams + ): AsyncIterableIterator { + let result = await this._listRepositories( + resourceGroupName, + workspaceName, + repoType, + options + ); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listRepositoriesNext( + resourceGroupName, + workspaceName, + repoType, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listRepositoriesPagingAll( + resourceGroupName: string, + workspaceName: string, + repoType: RepoType, + options?: SourceControlListRepositoriesOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listRepositoriesPagingPage( + resourceGroupName, + workspaceName, + repoType, + options + )) { + yield* page; + } + } + + /** + * Gets a list of repositories metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param repoType The repo type. + * @param options The options parameters. + */ + private _listRepositories( + resourceGroupName: string, + workspaceName: string, + repoType: RepoType, + options?: SourceControlListRepositoriesOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, repoType, options }, + listRepositoriesOperationSpec + ); + } + + /** + * ListRepositoriesNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param repoType The repo type. + * @param nextLink The nextLink from the previous successful call to the ListRepositories method. + * @param options The options parameters. + */ + private _listRepositoriesNext( + resourceGroupName: string, + workspaceName: string, + repoType: RepoType, + nextLink: string, + options?: SourceControlListRepositoriesNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, repoType, nextLink, options }, + listRepositoriesNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listRepositoriesOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.RepoList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.repoType, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const listRepositoriesNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.RepoList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/sourceControls.ts b/sdk/securityinsight/arm-securityinsight/src/operations/sourceControls.ts new file mode 100644 index 000000000000..4fc9a379dd59 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/sourceControls.ts @@ -0,0 +1,320 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { SourceControls } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + SourceControl, + SourceControlsListNextOptionalParams, + SourceControlsListOptionalParams, + SourceControlsListResponse, + SourceControlsGetOptionalParams, + SourceControlsGetResponse, + SourceControlsDeleteOptionalParams, + SourceControlsCreateOptionalParams, + SourceControlsCreateResponse, + SourceControlsListNextResponse +} from "../models"; + +/// +/** Class containing SourceControls operations. */ +export class SourceControlsImpl implements SourceControls { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class SourceControls class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all source controls, without source control items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: SourceControlsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: SourceControlsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: SourceControlsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all source controls, without source control items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: SourceControlsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets a source control byt its identifier. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sourceControlId Source control Id + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + sourceControlId: string, + options?: SourceControlsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, sourceControlId, options }, + getOperationSpec + ); + } + + /** + * Delete a source control. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sourceControlId Source control Id + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + sourceControlId: string, + options?: SourceControlsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, sourceControlId, options }, + deleteOperationSpec + ); + } + + /** + * Creates a source control. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sourceControlId Source control Id + * @param sourceControl The SourceControl + * @param options The options parameters. + */ + create( + resourceGroupName: string, + workspaceName: string, + sourceControlId: string, + sourceControl: SourceControl, + options?: SourceControlsCreateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + sourceControlId, + sourceControl, + options + }, + createOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: SourceControlsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.SourceControlList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.SourceControl + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.sourceControlId + ], + headerParameters: [Parameters.accept], + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.sourceControlId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.SourceControl + }, + 201: { + bodyMapper: Mappers.SourceControl + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.sourceControl, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.sourceControlId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.SourceControlList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicator.ts b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicator.ts new file mode 100644 index 000000000000..a64f200cc916 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicator.ts @@ -0,0 +1,526 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { ThreatIntelligenceIndicator } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + ThreatIntelligenceInformationUnion, + ThreatIntelligenceFilteringCriteria, + ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams, + ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams, + ThreatIntelligenceIndicatorModelForRequestBody, + ThreatIntelligenceIndicatorCreateIndicatorOptionalParams, + ThreatIntelligenceIndicatorCreateIndicatorResponse, + ThreatIntelligenceIndicatorGetOptionalParams, + ThreatIntelligenceIndicatorGetResponse, + ThreatIntelligenceIndicatorCreateOptionalParams, + ThreatIntelligenceIndicatorCreateResponse, + ThreatIntelligenceIndicatorDeleteOptionalParams, + ThreatIntelligenceIndicatorQueryIndicatorsResponse, + ThreatIntelligenceAppendTags, + ThreatIntelligenceIndicatorAppendTagsOptionalParams, + ThreatIntelligenceIndicatorReplaceTagsOptionalParams, + ThreatIntelligenceIndicatorReplaceTagsResponse, + ThreatIntelligenceIndicatorQueryIndicatorsNextResponse +} from "../models"; + +/// +/** Class containing ThreatIntelligenceIndicator operations. */ +export class ThreatIntelligenceIndicatorImpl + implements ThreatIntelligenceIndicator { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class ThreatIntelligenceIndicator class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Query threat intelligence indicators as per filtering criteria. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence + * indicators. + * @param options The options parameters. + */ + public listQueryIndicators( + resourceGroupName: string, + workspaceName: string, + threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, + options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.queryIndicatorsPagingAll( + resourceGroupName, + workspaceName, + threatIntelligenceFilteringCriteria, + options + ); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.queryIndicatorsPagingPage( + resourceGroupName, + workspaceName, + threatIntelligenceFilteringCriteria, + options + ); + } + }; + } + + private async *queryIndicatorsPagingPage( + resourceGroupName: string, + workspaceName: string, + threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, + options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams + ): AsyncIterableIterator { + let result = await this._queryIndicators( + resourceGroupName, + workspaceName, + threatIntelligenceFilteringCriteria, + options + ); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._queryIndicatorsNext( + resourceGroupName, + workspaceName, + threatIntelligenceFilteringCriteria, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *queryIndicatorsPagingAll( + resourceGroupName: string, + workspaceName: string, + threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, + options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams + ): AsyncIterableIterator { + for await (const page of this.queryIndicatorsPagingPage( + resourceGroupName, + workspaceName, + threatIntelligenceFilteringCriteria, + options + )) { + yield* page; + } + } + + /** + * Create a new threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and + * update. + * @param options The options parameters. + */ + createIndicator( + resourceGroupName: string, + workspaceName: string, + threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, + options?: ThreatIntelligenceIndicatorCreateIndicatorOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + threatIntelligenceProperties, + options + }, + createIndicatorOperationSpec + ); + } + + /** + * View a threat intelligence indicator by name. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + name: string, + options?: ThreatIntelligenceIndicatorGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, name, options }, + getOperationSpec + ); + } + + /** + * Update a threat Intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and + * update. + * @param options The options parameters. + */ + create( + resourceGroupName: string, + workspaceName: string, + name: string, + threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, + options?: ThreatIntelligenceIndicatorCreateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + name, + threatIntelligenceProperties, + options + }, + createOperationSpec + ); + } + + /** + * Delete a threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + name: string, + options?: ThreatIntelligenceIndicatorDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, name, options }, + deleteOperationSpec + ); + } + + /** + * Query threat intelligence indicators as per filtering criteria. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence + * indicators. + * @param options The options parameters. + */ + private _queryIndicators( + resourceGroupName: string, + workspaceName: string, + threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, + options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + threatIntelligenceFilteringCriteria, + options + }, + queryIndicatorsOperationSpec + ); + } + + /** + * Append tags to a threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceAppendTags The threat intelligence append tags request body + * @param options The options parameters. + */ + appendTags( + resourceGroupName: string, + workspaceName: string, + name: string, + threatIntelligenceAppendTags: ThreatIntelligenceAppendTags, + options?: ThreatIntelligenceIndicatorAppendTagsOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + name, + threatIntelligenceAppendTags, + options + }, + appendTagsOperationSpec + ); + } + + /** + * Replace tags added to a threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceReplaceTags Tags in the threat intelligence indicator to be replaced. + * @param options The options parameters. + */ + replaceTags( + resourceGroupName: string, + workspaceName: string, + name: string, + threatIntelligenceReplaceTags: ThreatIntelligenceIndicatorModelForRequestBody, + options?: ThreatIntelligenceIndicatorReplaceTagsOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + name, + threatIntelligenceReplaceTags, + options + }, + replaceTagsOperationSpec + ); + } + + /** + * QueryIndicatorsNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence + * indicators. + * @param nextLink The nextLink from the previous successful call to the QueryIndicators method. + * @param options The options parameters. + */ + private _queryIndicatorsNext( + resourceGroupName: string, + workspaceName: string, + threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, + nextLink: string, + options?: ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + threatIntelligenceFilteringCriteria, + nextLink, + options + }, + queryIndicatorsNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const createIndicatorOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + 201: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.threatIntelligenceProperties, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.name + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + 201: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.threatIntelligenceProperties, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.name + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.name + ], + headerParameters: [Parameters.accept], + serializer +}; +const queryIndicatorsOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.threatIntelligenceFilteringCriteria, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const appendTagsOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags", + httpMethod: "POST", + responses: { + 200: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.threatIntelligenceAppendTags, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.name + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const replaceTagsOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags", + httpMethod: "POST", + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.threatIntelligenceReplaceTags, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.name + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const queryIndicatorsNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicatorMetrics.ts b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicatorMetrics.ts new file mode 100644 index 000000000000..fa1a50561ed1 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicatorMetrics.ts @@ -0,0 +1,73 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { ThreatIntelligenceIndicatorMetrics } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + ThreatIntelligenceIndicatorMetricsListOptionalParams, + ThreatIntelligenceIndicatorMetricsListResponse +} from "../models"; + +/** Class containing ThreatIntelligenceIndicatorMetrics operations. */ +export class ThreatIntelligenceIndicatorMetricsImpl + implements ThreatIntelligenceIndicatorMetrics { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class ThreatIntelligenceIndicatorMetrics class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: ThreatIntelligenceIndicatorMetricsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceMetricsList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts new file mode 100644 index 000000000000..af9eb6c60f9b --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts @@ -0,0 +1,190 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { ThreatIntelligenceIndicators } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + ThreatIntelligenceInformationUnion, + ThreatIntelligenceIndicatorsListNextOptionalParams, + ThreatIntelligenceIndicatorsListOptionalParams, + ThreatIntelligenceIndicatorsListResponse, + ThreatIntelligenceIndicatorsListNextResponse +} from "../models"; + +/// +/** Class containing ThreatIntelligenceIndicators operations. */ +export class ThreatIntelligenceIndicatorsImpl + implements ThreatIntelligenceIndicators { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class ThreatIntelligenceIndicators class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Get all threat intelligence indicators. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: ThreatIntelligenceIndicatorsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: ThreatIntelligenceIndicatorsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: ThreatIntelligenceIndicatorsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Get all threat intelligence indicators. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: ThreatIntelligenceIndicatorsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: ThreatIntelligenceIndicatorsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.ThreatIntelligenceInformationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [ + Parameters.apiVersion, + Parameters.filter, + Parameters.orderby, + Parameters.top, + Parameters.skipToken + ], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts b/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts new file mode 100644 index 000000000000..3493b054956a --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts @@ -0,0 +1,369 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { WatchlistItems } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + WatchlistItem, + WatchlistItemsListNextOptionalParams, + WatchlistItemsListOptionalParams, + WatchlistItemsListResponse, + WatchlistItemsGetOptionalParams, + WatchlistItemsGetResponse, + WatchlistItemsDeleteOptionalParams, + WatchlistItemsCreateOrUpdateOptionalParams, + WatchlistItemsCreateOrUpdateResponse, + WatchlistItemsListNextResponse +} from "../models"; + +/// +/** Class containing WatchlistItems operations. */ +export class WatchlistItemsImpl implements WatchlistItems { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class WatchlistItems class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all watchlist Items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + options?: WatchlistItemsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll( + resourceGroupName, + workspaceName, + watchlistAlias, + options + ); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage( + resourceGroupName, + workspaceName, + watchlistAlias, + options + ); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + options?: WatchlistItemsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list( + resourceGroupName, + workspaceName, + watchlistAlias, + options + ); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + watchlistAlias, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + options?: WatchlistItemsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + watchlistAlias, + options + )) { + yield* page; + } + } + + /** + * Gets all watchlist Items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + options?: WatchlistItemsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, watchlistAlias, options }, + listOperationSpec + ); + } + + /** + * Gets a watchlist, without its watchlist items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param watchlistItemId Watchlist Item Id (GUID) + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + watchlistItemId: string, + options?: WatchlistItemsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + watchlistAlias, + watchlistItemId, + options + }, + getOperationSpec + ); + } + + /** + * Delete a watchlist item. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param watchlistItemId Watchlist Item Id (GUID) + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + watchlistItemId: string, + options?: WatchlistItemsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + watchlistAlias, + watchlistItemId, + options + }, + deleteOperationSpec + ); + } + + /** + * Creates or updates a watchlist item. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param watchlistItemId Watchlist Item Id (GUID) + * @param watchlistItem The watchlist item + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + watchlistItemId: string, + watchlistItem: WatchlistItem, + options?: WatchlistItemsCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + watchlistAlias, + watchlistItemId, + watchlistItem, + options + }, + createOrUpdateOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + nextLink: string, + options?: WatchlistItemsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, watchlistAlias, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.WatchlistItemList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.watchlistAlias + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.WatchlistItem + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.watchlistAlias, + Parameters.watchlistItemId + ], + headerParameters: [Parameters.accept], + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.watchlistAlias, + Parameters.watchlistItemId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.WatchlistItem + }, + 201: { + bodyMapper: Mappers.WatchlistItem + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.watchlistItem, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.watchlistAlias, + Parameters.watchlistItemId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.WatchlistItemList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink, + Parameters.watchlistAlias + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts b/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts new file mode 100644 index 000000000000..bf8ea3e0b683 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts @@ -0,0 +1,316 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { Watchlists } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + Watchlist, + WatchlistsListNextOptionalParams, + WatchlistsListOptionalParams, + WatchlistsListResponse, + WatchlistsGetOptionalParams, + WatchlistsGetResponse, + WatchlistsDeleteOptionalParams, + WatchlistsCreateOrUpdateOptionalParams, + WatchlistsCreateOrUpdateResponse, + WatchlistsListNextResponse +} from "../models"; + +/// +/** Class containing Watchlists operations. */ +export class WatchlistsImpl implements Watchlists { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class Watchlists class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all watchlists, without watchlist items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: WatchlistsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: () => { + return this.listPagingPage(resourceGroupName, workspaceName, options); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: WatchlistsListOptionalParams + ): AsyncIterableIterator { + let result = await this._list(resourceGroupName, workspaceName, options); + yield result.value || []; + let continuationToken = result.nextLink; + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + yield result.value || []; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: WatchlistsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets all watchlists, without watchlist items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: WatchlistsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Gets a watchlist, without its watchlist items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + options?: WatchlistsGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, watchlistAlias, options }, + getOperationSpec + ); + } + + /** + * Delete a watchlist. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + options?: WatchlistsDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, watchlistAlias, options }, + deleteOperationSpec + ); + } + + /** + * Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content + * type). To create a Watchlist and its items, we should call this endpoint with rawContent and + * contentType properties. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param watchlist The watchlist + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + watchlist: Watchlist, + options?: WatchlistsCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, watchlistAlias, watchlist, options }, + createOrUpdateOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: WatchlistsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.WatchlistList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.Watchlist + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.watchlistAlias + ], + headerParameters: [Parameters.accept], + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.watchlistAlias + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.Watchlist + }, + 201: { + bodyMapper: Mappers.Watchlist + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.watchlist, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.watchlistAlias + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.WatchlistList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/actions.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/actions.ts new file mode 100644 index 000000000000..72dfe1476baa --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/actions.ts @@ -0,0 +1,84 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + ActionResponse, + ActionsListByAlertRuleOptionalParams, + ActionsGetOptionalParams, + ActionsGetResponse, + ActionRequest, + ActionsCreateOrUpdateOptionalParams, + ActionsCreateOrUpdateResponse, + ActionsDeleteOptionalParams +} from "../models"; + +/// +/** Interface representing a Actions. */ +export interface Actions { + /** + * Gets all actions of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param options The options parameters. + */ + listByAlertRule( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + options?: ActionsListByAlertRuleOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets the action of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + actionId: string, + options?: ActionsGetOptionalParams + ): Promise; + /** + * Creates or updates the action of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param action The action + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + actionId: string, + action: ActionRequest, + options?: ActionsCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the action of alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param actionId Action ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + actionId: string, + options?: ActionsDeleteOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRuleTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRuleTemplates.ts new file mode 100644 index 000000000000..de75b2a3cda3 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRuleTemplates.ts @@ -0,0 +1,44 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + AlertRuleTemplateUnion, + AlertRuleTemplatesListOptionalParams, + AlertRuleTemplatesGetOptionalParams, + AlertRuleTemplatesGetResponse +} from "../models"; + +/// +/** Interface representing a AlertRuleTemplates. */ +export interface AlertRuleTemplates { + /** + * Gets all alert rule templates. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: AlertRuleTemplatesListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets the alert rule template. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param alertRuleTemplateId Alert rule template ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + alertRuleTemplateId: string, + options?: AlertRuleTemplatesGetOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRules.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRules.ts new file mode 100644 index 000000000000..2c4f2da816f5 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRules.ts @@ -0,0 +1,75 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + AlertRuleUnion, + AlertRulesListOptionalParams, + AlertRulesGetOptionalParams, + AlertRulesGetResponse, + AlertRulesCreateOrUpdateOptionalParams, + AlertRulesCreateOrUpdateResponse, + AlertRulesDeleteOptionalParams +} from "../models"; + +/// +/** Interface representing a AlertRules. */ +export interface AlertRules { + /** + * Gets all alert rules. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: AlertRulesListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets the alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + options?: AlertRulesGetOptionalParams + ): Promise; + /** + * Creates or updates the alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param alertRule The alert rule + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + alertRule: AlertRuleUnion, + options?: AlertRulesCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the alert rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + options?: AlertRulesDeleteOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts new file mode 100644 index 000000000000..9b8aee0e56ff --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts @@ -0,0 +1,89 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + AutomationRule, + AutomationRulesListOptionalParams, + AutomationRulesGetOptionalParams, + AutomationRulesGetResponse, + AutomationRulesCreateOrUpdateOptionalParams, + AutomationRulesCreateOrUpdateResponse, + AutomationRulesDeleteOptionalParams, + AutomationRulesDeleteResponse, + AutomationRulesManualTriggerPlaybookOptionalParams, + AutomationRulesManualTriggerPlaybookResponse +} from "../models"; + +/// +/** Interface representing a AutomationRules. */ +export interface AutomationRules { + /** + * Gets all automation rules. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: AutomationRulesListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets the automation rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param automationRuleId Automation rule ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + automationRuleId: string, + options?: AutomationRulesGetOptionalParams + ): Promise; + /** + * Creates or updates the automation rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param automationRuleId Automation rule ID + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + automationRuleId: string, + options?: AutomationRulesCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the automation rule. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param automationRuleId Automation rule ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + automationRuleId: string, + options?: AutomationRulesDeleteOptionalParams + ): Promise; + /** + * Triggers playbook on a specific incident + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentIdentifier + * @param options The options parameters. + */ + manualTriggerPlaybook( + resourceGroupName: string, + workspaceName: string, + incidentIdentifier: string, + options?: AutomationRulesManualTriggerPlaybookOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkOperations.ts new file mode 100644 index 000000000000..99a1802aa35a --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkOperations.ts @@ -0,0 +1,32 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + BookmarkExpandParameters, + BookmarkExpandOptionalParams, + BookmarkExpandOperationResponse +} from "../models"; + +/** Interface representing a BookmarkOperations. */ +export interface BookmarkOperations { + /** + * Expand an bookmark + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param parameters The parameters required to execute an expand operation on the given bookmark. + * @param options The options parameters. + */ + expand( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + parameters: BookmarkExpandParameters, + options?: BookmarkExpandOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkRelations.ts new file mode 100644 index 000000000000..f2100626e2a9 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkRelations.ts @@ -0,0 +1,83 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + Relation, + BookmarkRelationsListOptionalParams, + BookmarkRelationsGetOptionalParams, + BookmarkRelationsGetResponse, + BookmarkRelationsCreateOrUpdateOptionalParams, + BookmarkRelationsCreateOrUpdateResponse, + BookmarkRelationsDeleteOptionalParams +} from "../models"; + +/// +/** Interface representing a BookmarkRelations. */ +export interface BookmarkRelations { + /** + * Gets all bookmark relations. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + options?: BookmarkRelationsListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets a bookmark relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param relationName Relation Name + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + relationName: string, + options?: BookmarkRelationsGetOptionalParams + ): Promise; + /** + * Creates the bookmark relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param relationName Relation Name + * @param relation The relation model + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + relationName: string, + relation: Relation, + options?: BookmarkRelationsCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the bookmark relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param relationName Relation Name + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + relationName: string, + options?: BookmarkRelationsDeleteOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarks.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarks.ts new file mode 100644 index 000000000000..0cf11ccd2d18 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarks.ts @@ -0,0 +1,75 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + Bookmark, + BookmarksListOptionalParams, + BookmarksGetOptionalParams, + BookmarksGetResponse, + BookmarksCreateOrUpdateOptionalParams, + BookmarksCreateOrUpdateResponse, + BookmarksDeleteOptionalParams +} from "../models"; + +/// +/** Interface representing a Bookmarks. */ +export interface Bookmarks { + /** + * Gets all bookmarks. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: BookmarksListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets a bookmark. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + options?: BookmarksGetOptionalParams + ): Promise; + /** + * Creates or updates the bookmark. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param bookmark The bookmark + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + bookmark: Bookmark, + options?: BookmarksCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the bookmark. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param bookmarkId Bookmark ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + bookmarkId: string, + options?: BookmarksDeleteOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts new file mode 100644 index 000000000000..e9cb04512c91 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts @@ -0,0 +1,106 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + DataConnectorUnion, + DataConnectorsListOptionalParams, + DataConnectorsGetOptionalParams, + DataConnectorsGetResponse, + DataConnectorsCreateOrUpdateOptionalParams, + DataConnectorsCreateOrUpdateResponse, + DataConnectorsDeleteOptionalParams, + DataConnectorConnectBody, + DataConnectorsConnectOptionalParams, + DataConnectorsDisconnectOptionalParams +} from "../models"; + +/// +/** Interface representing a DataConnectors. */ +export interface DataConnectors { + /** + * Gets all data connectors. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: DataConnectorsListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets a data connector. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorId Connector ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + dataConnectorId: string, + options?: DataConnectorsGetOptionalParams + ): Promise; + /** + * Creates or updates the data connector. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorId Connector ID + * @param dataConnector The data connector + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + dataConnectorId: string, + dataConnector: DataConnectorUnion, + options?: DataConnectorsCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the data connector. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorId Connector ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + dataConnectorId: string, + options?: DataConnectorsDeleteOptionalParams + ): Promise; + /** + * Connects a data connector. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorId Connector ID + * @param connectBody The data connector + * @param options The options parameters. + */ + connect( + resourceGroupName: string, + workspaceName: string, + dataConnectorId: string, + connectBody: DataConnectorConnectBody, + options?: DataConnectorsConnectOptionalParams + ): Promise; + /** + * Disconnect a data connector. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorId Connector ID + * @param options The options parameters. + */ + disconnect( + resourceGroupName: string, + workspaceName: string, + dataConnectorId: string, + options?: DataConnectorsDisconnectOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectorsCheckRequirementsOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectorsCheckRequirementsOperations.ts new file mode 100644 index 000000000000..bcb6e67df617 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectorsCheckRequirementsOperations.ts @@ -0,0 +1,30 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + DataConnectorsCheckRequirementsUnion, + DataConnectorsCheckRequirementsPostOptionalParams, + DataConnectorsCheckRequirementsPostResponse +} from "../models"; + +/** Interface representing a DataConnectorsCheckRequirementsOperations. */ +export interface DataConnectorsCheckRequirementsOperations { + /** + * Get requirements state for a data connector type. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param dataConnectorsCheckRequirements The parameters for requirements check message + * @param options The options parameters. + */ + post( + resourceGroupName: string, + workspaceName: string, + dataConnectorsCheckRequirements: DataConnectorsCheckRequirementsUnion, + options?: DataConnectorsCheckRequirementsPostOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/domainWhois.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/domainWhois.ts new file mode 100644 index 000000000000..d10705b58b73 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/domainWhois.ts @@ -0,0 +1,27 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + DomainWhoisGetOptionalParams, + DomainWhoisGetResponse +} from "../models"; + +/** Interface representing a DomainWhois. */ +export interface DomainWhois { + /** + * Get whois information for a single domain name + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param domain Domain name to be enriched + * @param options The options parameters. + */ + get( + resourceGroupName: string, + domain: string, + options?: DomainWhoisGetOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entities.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entities.ts new file mode 100644 index 000000000000..ac24d1939afa --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entities.ts @@ -0,0 +1,98 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + EntityUnion, + EntitiesListOptionalParams, + EntitiesGetOptionalParams, + EntitiesGetResponse, + EntityExpandParameters, + EntitiesExpandOptionalParams, + EntitiesExpandResponse, + EntityItemQueryKind, + EntitiesQueriesOptionalParams, + EntitiesQueriesResponse, + EntityGetInsightsParameters, + EntitiesGetInsightsOptionalParams, + EntitiesGetInsightsResponse +} from "../models"; + +/// +/** Interface representing a Entities. */ +export interface Entities { + /** + * Gets all entities. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: EntitiesListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + entityId: string, + options?: EntitiesGetOptionalParams + ): Promise; + /** + * Expands an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param parameters The parameters required to execute an expand operation on the given entity. + * @param options The options parameters. + */ + expand( + resourceGroupName: string, + workspaceName: string, + entityId: string, + parameters: EntityExpandParameters, + options?: EntitiesExpandOptionalParams + ): Promise; + /** + * Get Insights and Activities for an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param kind The Kind parameter for queries + * @param options The options parameters. + */ + queries( + resourceGroupName: string, + workspaceName: string, + entityId: string, + kind: EntityItemQueryKind, + options?: EntitiesQueriesOptionalParams + ): Promise; + /** + * Execute Insights for an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param parameters The parameters required to execute insights on the given entity. + * @param options The options parameters. + */ + getInsights( + resourceGroupName: string, + workspaceName: string, + entityId: string, + parameters: EntityGetInsightsParameters, + options?: EntitiesGetInsightsOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesGetTimeline.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesGetTimeline.ts new file mode 100644 index 000000000000..996a01b8049f --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesGetTimeline.ts @@ -0,0 +1,32 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + EntityTimelineParameters, + EntitiesGetTimelineListOptionalParams, + EntitiesGetTimelineListResponse +} from "../models"; + +/** Interface representing a EntitiesGetTimeline. */ +export interface EntitiesGetTimeline { + /** + * Timeline for an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param parameters The parameters required to execute an timeline operation on the given entity. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + entityId: string, + parameters: EntityTimelineParameters, + options?: EntitiesGetTimelineListOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesRelations.ts new file mode 100644 index 000000000000..3c16852eab43 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesRelations.ts @@ -0,0 +1,28 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { Relation, EntitiesRelationsListOptionalParams } from "../models"; + +/// +/** Interface representing a EntitiesRelations. */ +export interface EntitiesRelations { + /** + * Gets all relations of an entity. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + entityId: string, + options?: EntitiesRelationsListOptionalParams + ): PagedAsyncIterableIterator; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueries.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueries.ts new file mode 100644 index 000000000000..33ad4415d960 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueries.ts @@ -0,0 +1,76 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + EntityQueryUnion, + EntityQueriesListOptionalParams, + EntityQueriesGetOptionalParams, + EntityQueriesGetResponse, + CustomEntityQueryUnion, + EntityQueriesCreateOrUpdateOptionalParams, + EntityQueriesCreateOrUpdateResponse, + EntityQueriesDeleteOptionalParams +} from "../models"; + +/// +/** Interface representing a EntityQueries. */ +export interface EntityQueries { + /** + * Gets all entity queries. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: EntityQueriesListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets an entity query. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityQueryId entity query ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + entityQueryId: string, + options?: EntityQueriesGetOptionalParams + ): Promise; + /** + * Creates or updates the entity query. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityQueryId entity query ID + * @param entityQuery The entity query we want to create or update + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + entityQueryId: string, + entityQuery: CustomEntityQueryUnion, + options?: EntityQueriesCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the entity query. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityQueryId entity query ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + entityQueryId: string, + options?: EntityQueriesDeleteOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueryTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueryTemplates.ts new file mode 100644 index 000000000000..a3a023d1c5b8 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueryTemplates.ts @@ -0,0 +1,44 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + EntityQueryTemplateUnion, + EntityQueryTemplatesListOptionalParams, + EntityQueryTemplatesGetOptionalParams, + EntityQueryTemplatesGetResponse +} from "../models"; + +/// +/** Interface representing a EntityQueryTemplates. */ +export interface EntityQueryTemplates { + /** + * Gets all entity query templates. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: EntityQueryTemplatesListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets an entity query. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityQueryTemplateId entity query template ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + entityQueryTemplateId: string, + options?: EntityQueryTemplatesGetOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityRelations.ts new file mode 100644 index 000000000000..5416a8543a30 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityRelations.ts @@ -0,0 +1,31 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + EntityRelationsGetRelationOptionalParams, + EntityRelationsGetRelationResponse +} from "../models"; + +/** Interface representing a EntityRelations. */ +export interface EntityRelations { + /** + * Gets an entity relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param entityId entity ID + * @param relationName Relation Name + * @param options The options parameters. + */ + getRelation( + resourceGroupName: string, + workspaceName: string, + entityId: string, + relationName: string, + options?: EntityRelationsGetRelationOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/iPGeodata.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/iPGeodata.ts new file mode 100644 index 000000000000..b6060c5c6e20 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/iPGeodata.ts @@ -0,0 +1,24 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { IPGeodataGetOptionalParams, IPGeodataGetResponse } from "../models"; + +/** Interface representing a IPGeodata. */ +export interface IPGeodata { + /** + * Get geodata for a single IP address + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param ipAddress IP address (v4 or v6) to be enriched + * @param options The options parameters. + */ + get( + resourceGroupName: string, + ipAddress: string, + options?: IPGeodataGetOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts new file mode 100644 index 000000000000..3bce6e5213cf --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts @@ -0,0 +1,83 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + IncidentComment, + IncidentCommentsListOptionalParams, + IncidentCommentsGetOptionalParams, + IncidentCommentsGetResponse, + IncidentCommentsCreateOrUpdateOptionalParams, + IncidentCommentsCreateOrUpdateResponse, + IncidentCommentsDeleteOptionalParams +} from "../models"; + +/// +/** Interface representing a IncidentComments. */ +export interface IncidentComments { + /** + * Gets all incident comments. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentCommentsListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets an incident comment. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentCommentId: string, + options?: IncidentCommentsGetOptionalParams + ): Promise; + /** + * Creates or updates the incident comment. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param incidentComment The incident comment + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentCommentId: string, + incidentComment: IncidentComment, + options?: IncidentCommentsCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the incident comment. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentCommentId Incident comment ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentCommentId: string, + options?: IncidentCommentsDeleteOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentRelations.ts new file mode 100644 index 000000000000..6e4d50d7995e --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentRelations.ts @@ -0,0 +1,83 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + Relation, + IncidentRelationsListOptionalParams, + IncidentRelationsGetOptionalParams, + IncidentRelationsGetResponse, + IncidentRelationsCreateOrUpdateOptionalParams, + IncidentRelationsCreateOrUpdateResponse, + IncidentRelationsDeleteOptionalParams +} from "../models"; + +/// +/** Interface representing a IncidentRelations. */ +export interface IncidentRelations { + /** + * Gets all incident relations. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentRelationsListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets an incident relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + relationName: string, + options?: IncidentRelationsGetOptionalParams + ): Promise; + /** + * Creates or updates the incident relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param relation The relation model + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + relationName: string, + relation: Relation, + options?: IncidentRelationsCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the incident relation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param relationName Relation Name + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + relationName: string, + options?: IncidentRelationsDeleteOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts new file mode 100644 index 000000000000..472272b92f69 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts @@ -0,0 +1,139 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + Incident, + IncidentsListOptionalParams, + IncidentsGetOptionalParams, + IncidentsGetResponse, + IncidentsCreateOrUpdateOptionalParams, + IncidentsCreateOrUpdateResponse, + IncidentsDeleteOptionalParams, + TeamProperties, + IncidentsCreateTeamOptionalParams, + IncidentsCreateTeamResponse, + IncidentsListAlertsOptionalParams, + IncidentsListAlertsResponse, + IncidentsListBookmarksOptionalParams, + IncidentsListBookmarksResponse, + IncidentsListEntitiesOptionalParams, + IncidentsListEntitiesResponse +} from "../models"; + +/// +/** Interface representing a Incidents. */ +export interface Incidents { + /** + * Gets all incidents. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: IncidentsListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets an incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentsGetOptionalParams + ): Promise; + /** + * Creates or updates the incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incident The incident + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incident: Incident, + options?: IncidentsCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the incident. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentsDeleteOptionalParams + ): Promise; + /** + * Creates a Microsoft team to investigate the incident by sharing information and insights between + * participants. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param teamProperties Team properties + * @param options The options parameters. + */ + createTeam( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + teamProperties: TeamProperties, + options?: IncidentsCreateTeamOptionalParams + ): Promise; + /** + * Gets all incident alerts. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + listAlerts( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentsListAlertsOptionalParams + ): Promise; + /** + * Gets all incident bookmarks. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + listBookmarks( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentsListBookmarksOptionalParams + ): Promise; + /** + * Gets all incident related entities. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + listEntities( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentsListEntitiesOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts new file mode 100644 index 000000000000..68f26bcfc90b --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts @@ -0,0 +1,40 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +export * from "./alertRules"; +export * from "./actions"; +export * from "./alertRuleTemplates"; +export * from "./automationRules"; +export * from "./bookmarks"; +export * from "./bookmarkRelations"; +export * from "./bookmarkOperations"; +export * from "./iPGeodata"; +export * from "./domainWhois"; +export * from "./entities"; +export * from "./entitiesGetTimeline"; +export * from "./entitiesRelations"; +export * from "./entityRelations"; +export * from "./entityQueries"; +export * from "./entityQueryTemplates"; +export * from "./incidents"; +export * from "./incidentComments"; +export * from "./incidentRelations"; +export * from "./metadata"; +export * from "./officeConsents"; +export * from "./sentinelOnboardingStates"; +export * from "./productSettings"; +export * from "./sourceControlOperations"; +export * from "./sourceControls"; +export * from "./threatIntelligenceIndicator"; +export * from "./threatIntelligenceIndicators"; +export * from "./threatIntelligenceIndicatorMetrics"; +export * from "./watchlists"; +export * from "./watchlistItems"; +export * from "./dataConnectors"; +export * from "./dataConnectorsCheckRequirementsOperations"; +export * from "./operations"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/metadata.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/metadata.ts new file mode 100644 index 000000000000..c0ea5a0cfd97 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/metadata.ts @@ -0,0 +1,93 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + MetadataModel, + MetadataListOptionalParams, + MetadataGetOptionalParams, + MetadataGetResponse, + MetadataDeleteOptionalParams, + MetadataCreateOptionalParams, + MetadataCreateResponse, + MetadataPatch, + MetadataUpdateOptionalParams, + MetadataUpdateResponse +} from "../models"; + +/// +/** Interface representing a Metadata. */ +export interface Metadata { + /** + * List of all metadata + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: MetadataListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Get a Metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param metadataName The Metadata name. + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + metadataName: string, + options?: MetadataGetOptionalParams + ): Promise; + /** + * Delete a Metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param metadataName The Metadata name. + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + metadataName: string, + options?: MetadataDeleteOptionalParams + ): Promise; + /** + * Create a Metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param metadataName The Metadata name. + * @param metadata Metadata resource. + * @param options The options parameters. + */ + create( + resourceGroupName: string, + workspaceName: string, + metadataName: string, + metadata: MetadataModel, + options?: MetadataCreateOptionalParams + ): Promise; + /** + * Update an existing Metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param metadataName The Metadata name. + * @param metadataPatch Partial metadata request. + * @param options The options parameters. + */ + update( + resourceGroupName: string, + workspaceName: string, + metadataName: string, + metadataPatch: MetadataPatch, + options?: MetadataUpdateOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/officeConsents.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/officeConsents.ts new file mode 100644 index 000000000000..6a5cdc6c10db --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/officeConsents.ts @@ -0,0 +1,58 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + OfficeConsent, + OfficeConsentsListOptionalParams, + OfficeConsentsGetOptionalParams, + OfficeConsentsGetResponse, + OfficeConsentsDeleteOptionalParams +} from "../models"; + +/// +/** Interface representing a OfficeConsents. */ +export interface OfficeConsents { + /** + * Gets all office365 consents. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: OfficeConsentsListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets an office365 consent. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param consentId consent ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + consentId: string, + options?: OfficeConsentsGetOptionalParams + ): Promise; + /** + * Delete the office365 consent. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param consentId consent ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + consentId: string, + options?: OfficeConsentsDeleteOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/operations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/operations.ts new file mode 100644 index 000000000000..5a0c43c0248c --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/operations.ts @@ -0,0 +1,22 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { Operation, OperationsListOptionalParams } from "../models"; + +/// +/** Interface representing a Operations. */ +export interface Operations { + /** + * Lists all operations available Azure Security Insights Resource Provider. + * @param options The options parameters. + */ + list( + options?: OperationsListOptionalParams + ): PagedAsyncIterableIterator; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/productSettings.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/productSettings.ts new file mode 100644 index 000000000000..e88280b71695 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/productSettings.ts @@ -0,0 +1,74 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + ProductSettingsListOptionalParams, + ProductSettingsListResponse, + ProductSettingsGetOptionalParams, + ProductSettingsGetResponse, + ProductSettingsDeleteOptionalParams, + SettingsUnion, + ProductSettingsUpdateOptionalParams, + ProductSettingsUpdateResponse +} from "../models"; + +/** Interface representing a ProductSettings. */ +export interface ProductSettings { + /** + * List of all the settings + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: ProductSettingsListOptionalParams + ): Promise; + /** + * Gets a setting. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + settingsName: string, + options?: ProductSettingsGetOptionalParams + ): Promise; + /** + * Delete setting of the product. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + settingsName: string, + options?: ProductSettingsDeleteOptionalParams + ): Promise; + /** + * Updates setting. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba + * @param settings The setting + * @param options The options parameters. + */ + update( + resourceGroupName: string, + workspaceName: string, + settingsName: string, + settings: SettingsUnion, + options?: ProductSettingsUpdateOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sentinelOnboardingStates.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sentinelOnboardingStates.ts new file mode 100644 index 000000000000..1c092cb668d2 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sentinelOnboardingStates.ts @@ -0,0 +1,71 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + SentinelOnboardingStatesGetOptionalParams, + SentinelOnboardingStatesGetResponse, + SentinelOnboardingStatesCreateOptionalParams, + SentinelOnboardingStatesCreateResponse, + SentinelOnboardingStatesDeleteOptionalParams, + SentinelOnboardingStatesListOptionalParams, + SentinelOnboardingStatesListResponse +} from "../models"; + +/** Interface representing a SentinelOnboardingStates. */ +export interface SentinelOnboardingStates { + /** + * Get Sentinel onboarding state + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + sentinelOnboardingStateName: string, + options?: SentinelOnboardingStatesGetOptionalParams + ): Promise; + /** + * Create Sentinel onboarding state + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default + * @param options The options parameters. + */ + create( + resourceGroupName: string, + workspaceName: string, + sentinelOnboardingStateName: string, + options?: SentinelOnboardingStatesCreateOptionalParams + ): Promise; + /** + * Delete Sentinel onboarding state + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sentinelOnboardingStateName The Sentinel onboarding state name. Supports - default + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + sentinelOnboardingStateName: string, + options?: SentinelOnboardingStatesDeleteOptionalParams + ): Promise; + /** + * Gets all Sentinel onboarding states + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: SentinelOnboardingStatesListOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControlOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControlOperations.ts new file mode 100644 index 000000000000..75cb1cd61a83 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControlOperations.ts @@ -0,0 +1,32 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + Repo, + RepoType, + SourceControlListRepositoriesOptionalParams +} from "../models"; + +/// +/** Interface representing a SourceControlOperations. */ +export interface SourceControlOperations { + /** + * Gets a list of repositories metadata. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param repoType The repo type. + * @param options The options parameters. + */ + listRepositories( + resourceGroupName: string, + workspaceName: string, + repoType: RepoType, + options?: SourceControlListRepositoriesOptionalParams + ): PagedAsyncIterableIterator; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControls.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControls.ts new file mode 100644 index 000000000000..2e675d5f49a7 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControls.ts @@ -0,0 +1,75 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + SourceControl, + SourceControlsListOptionalParams, + SourceControlsGetOptionalParams, + SourceControlsGetResponse, + SourceControlsDeleteOptionalParams, + SourceControlsCreateOptionalParams, + SourceControlsCreateResponse +} from "../models"; + +/// +/** Interface representing a SourceControls. */ +export interface SourceControls { + /** + * Gets all source controls, without source control items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: SourceControlsListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets a source control byt its identifier. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sourceControlId Source control Id + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + sourceControlId: string, + options?: SourceControlsGetOptionalParams + ): Promise; + /** + * Delete a source control. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sourceControlId Source control Id + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + sourceControlId: string, + options?: SourceControlsDeleteOptionalParams + ): Promise; + /** + * Creates a source control. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param sourceControlId Source control Id + * @param sourceControl The SourceControl + * @param options The options parameters. + */ + create( + resourceGroupName: string, + workspaceName: string, + sourceControlId: string, + sourceControl: SourceControl, + options?: SourceControlsCreateOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicator.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicator.ts new file mode 100644 index 000000000000..01d594102cda --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicator.ts @@ -0,0 +1,131 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + ThreatIntelligenceInformationUnion, + ThreatIntelligenceFilteringCriteria, + ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams, + ThreatIntelligenceIndicatorModelForRequestBody, + ThreatIntelligenceIndicatorCreateIndicatorOptionalParams, + ThreatIntelligenceIndicatorCreateIndicatorResponse, + ThreatIntelligenceIndicatorGetOptionalParams, + ThreatIntelligenceIndicatorGetResponse, + ThreatIntelligenceIndicatorCreateOptionalParams, + ThreatIntelligenceIndicatorCreateResponse, + ThreatIntelligenceIndicatorDeleteOptionalParams, + ThreatIntelligenceAppendTags, + ThreatIntelligenceIndicatorAppendTagsOptionalParams, + ThreatIntelligenceIndicatorReplaceTagsOptionalParams, + ThreatIntelligenceIndicatorReplaceTagsResponse +} from "../models"; + +/// +/** Interface representing a ThreatIntelligenceIndicator. */ +export interface ThreatIntelligenceIndicator { + /** + * Query threat intelligence indicators as per filtering criteria. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceFilteringCriteria Filtering criteria for querying threat intelligence + * indicators. + * @param options The options parameters. + */ + listQueryIndicators( + resourceGroupName: string, + workspaceName: string, + threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, + options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams + ): PagedAsyncIterableIterator; + /** + * Create a new threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and + * update. + * @param options The options parameters. + */ + createIndicator( + resourceGroupName: string, + workspaceName: string, + threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, + options?: ThreatIntelligenceIndicatorCreateIndicatorOptionalParams + ): Promise; + /** + * View a threat intelligence indicator by name. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + name: string, + options?: ThreatIntelligenceIndicatorGetOptionalParams + ): Promise; + /** + * Update a threat Intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceProperties Properties of threat intelligence indicators to create and + * update. + * @param options The options parameters. + */ + create( + resourceGroupName: string, + workspaceName: string, + name: string, + threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, + options?: ThreatIntelligenceIndicatorCreateOptionalParams + ): Promise; + /** + * Delete a threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + name: string, + options?: ThreatIntelligenceIndicatorDeleteOptionalParams + ): Promise; + /** + * Append tags to a threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceAppendTags The threat intelligence append tags request body + * @param options The options parameters. + */ + appendTags( + resourceGroupName: string, + workspaceName: string, + name: string, + threatIntelligenceAppendTags: ThreatIntelligenceAppendTags, + options?: ThreatIntelligenceIndicatorAppendTagsOptionalParams + ): Promise; + /** + * Replace tags added to a threat intelligence indicator. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param name Threat intelligence indicator name field. + * @param threatIntelligenceReplaceTags Tags in the threat intelligence indicator to be replaced. + * @param options The options parameters. + */ + replaceTags( + resourceGroupName: string, + workspaceName: string, + name: string, + threatIntelligenceReplaceTags: ThreatIntelligenceIndicatorModelForRequestBody, + options?: ThreatIntelligenceIndicatorReplaceTagsOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicatorMetrics.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicatorMetrics.ts new file mode 100644 index 000000000000..980e0ccabd6f --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicatorMetrics.ts @@ -0,0 +1,27 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + ThreatIntelligenceIndicatorMetricsListOptionalParams, + ThreatIntelligenceIndicatorMetricsListResponse +} from "../models"; + +/** Interface representing a ThreatIntelligenceIndicatorMetrics. */ +export interface ThreatIntelligenceIndicatorMetrics { + /** + * Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: ThreatIntelligenceIndicatorMetricsListOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicators.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicators.ts new file mode 100644 index 000000000000..0048743735b8 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/threatIntelligenceIndicators.ts @@ -0,0 +1,29 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + ThreatIntelligenceInformationUnion, + ThreatIntelligenceIndicatorsListOptionalParams +} from "../models"; + +/// +/** Interface representing a ThreatIntelligenceIndicators. */ +export interface ThreatIntelligenceIndicators { + /** + * Get all threat intelligence indicators. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: ThreatIntelligenceIndicatorsListOptionalParams + ): PagedAsyncIterableIterator; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlistItems.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlistItems.ts new file mode 100644 index 000000000000..d5713dbc41a7 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlistItems.ts @@ -0,0 +1,83 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + WatchlistItem, + WatchlistItemsListOptionalParams, + WatchlistItemsGetOptionalParams, + WatchlistItemsGetResponse, + WatchlistItemsDeleteOptionalParams, + WatchlistItemsCreateOrUpdateOptionalParams, + WatchlistItemsCreateOrUpdateResponse +} from "../models"; + +/// +/** Interface representing a WatchlistItems. */ +export interface WatchlistItems { + /** + * Gets all watchlist Items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + options?: WatchlistItemsListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets a watchlist, without its watchlist items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param watchlistItemId Watchlist Item Id (GUID) + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + watchlistItemId: string, + options?: WatchlistItemsGetOptionalParams + ): Promise; + /** + * Delete a watchlist item. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param watchlistItemId Watchlist Item Id (GUID) + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + watchlistItemId: string, + options?: WatchlistItemsDeleteOptionalParams + ): Promise; + /** + * Creates or updates a watchlist item. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param watchlistItemId Watchlist Item Id (GUID) + * @param watchlistItem The watchlist item + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + watchlistItemId: string, + watchlistItem: WatchlistItem, + options?: WatchlistItemsCreateOrUpdateOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts new file mode 100644 index 000000000000..0a7dbb3ef8a0 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts @@ -0,0 +1,77 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + Watchlist, + WatchlistsListOptionalParams, + WatchlistsGetOptionalParams, + WatchlistsGetResponse, + WatchlistsDeleteOptionalParams, + WatchlistsCreateOrUpdateOptionalParams, + WatchlistsCreateOrUpdateResponse +} from "../models"; + +/// +/** Interface representing a Watchlists. */ +export interface Watchlists { + /** + * Gets all watchlists, without watchlist items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: WatchlistsListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets a watchlist, without its watchlist items. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + options?: WatchlistsGetOptionalParams + ): Promise; + /** + * Delete a watchlist. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + options?: WatchlistsDeleteOptionalParams + ): Promise; + /** + * Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content + * type). To create a Watchlist and its items, we should call this endpoint with rawContent and + * contentType properties. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param watchlistAlias Watchlist Alias + * @param watchlist The watchlist + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + watchlistAlias: string, + watchlist: Watchlist, + options?: WatchlistsCreateOrUpdateOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts new file mode 100644 index 000000000000..7befdb74dc12 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts @@ -0,0 +1,211 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import * as coreClient from "@azure/core-client"; +import * as coreAuth from "@azure/core-auth"; +import { + AlertRulesImpl, + ActionsImpl, + AlertRuleTemplatesImpl, + AutomationRulesImpl, + BookmarksImpl, + BookmarkRelationsImpl, + BookmarkOperationsImpl, + IPGeodataImpl, + DomainWhoisImpl, + EntitiesImpl, + EntitiesGetTimelineImpl, + EntitiesRelationsImpl, + EntityRelationsImpl, + EntityQueriesImpl, + EntityQueryTemplatesImpl, + IncidentsImpl, + IncidentCommentsImpl, + IncidentRelationsImpl, + MetadataImpl, + OfficeConsentsImpl, + SentinelOnboardingStatesImpl, + ProductSettingsImpl, + SourceControlOperationsImpl, + SourceControlsImpl, + ThreatIntelligenceIndicatorImpl, + ThreatIntelligenceIndicatorsImpl, + ThreatIntelligenceIndicatorMetricsImpl, + WatchlistsImpl, + WatchlistItemsImpl, + DataConnectorsImpl, + DataConnectorsCheckRequirementsOperationsImpl, + OperationsImpl +} from "./operations"; +import { + AlertRules, + Actions, + AlertRuleTemplates, + AutomationRules, + Bookmarks, + BookmarkRelations, + BookmarkOperations, + IPGeodata, + DomainWhois, + Entities, + EntitiesGetTimeline, + EntitiesRelations, + EntityRelations, + EntityQueries, + EntityQueryTemplates, + Incidents, + IncidentComments, + IncidentRelations, + Metadata, + OfficeConsents, + SentinelOnboardingStates, + ProductSettings, + SourceControlOperations, + SourceControls, + ThreatIntelligenceIndicator, + ThreatIntelligenceIndicators, + ThreatIntelligenceIndicatorMetrics, + Watchlists, + WatchlistItems, + DataConnectors, + DataConnectorsCheckRequirementsOperations, + Operations +} from "./operationsInterfaces"; +import { SecurityInsightsOptionalParams } from "./models"; + +export class SecurityInsights extends coreClient.ServiceClient { + $host: string; + apiVersion: string; + subscriptionId: string; + + /** + * Initializes a new instance of the SecurityInsights class. + * @param credentials Subscription credentials which uniquely identify client subscription. + * @param subscriptionId The ID of the target subscription. + * @param options The parameter options + */ + constructor( + credentials: coreAuth.TokenCredential, + subscriptionId: string, + options?: SecurityInsightsOptionalParams + ) { + if (credentials === undefined) { + throw new Error("'credentials' cannot be null"); + } + if (subscriptionId === undefined) { + throw new Error("'subscriptionId' cannot be null"); + } + + // Initializing default values for options + if (!options) { + options = {}; + } + const defaults: SecurityInsightsOptionalParams = { + requestContentType: "application/json; charset=utf-8", + credential: credentials + }; + + const packageDetails = `azsdk-js-arm-securityinsight/1.0.0-beta.1`; + const userAgentPrefix = + options.userAgentOptions && options.userAgentOptions.userAgentPrefix + ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}` + : `${packageDetails}`; + + if (!options.credentialScopes) { + options.credentialScopes = ["https://management.azure.com/.default"]; + } + const optionsWithDefaults = { + ...defaults, + ...options, + userAgentOptions: { + userAgentPrefix + }, + baseUri: options.endpoint || "https://management.azure.com" + }; + super(optionsWithDefaults); + // Parameter assignments + this.subscriptionId = subscriptionId; + + // Assigning values to Constant parameters + this.$host = options.$host || "https://management.azure.com"; + this.apiVersion = options.apiVersion || "2021-10-01-preview"; + this.alertRules = new AlertRulesImpl(this); + this.actions = new ActionsImpl(this); + this.alertRuleTemplates = new AlertRuleTemplatesImpl(this); + this.automationRules = new AutomationRulesImpl(this); + this.bookmarks = new BookmarksImpl(this); + this.bookmarkRelations = new BookmarkRelationsImpl(this); + this.bookmarkOperations = new BookmarkOperationsImpl(this); + this.iPGeodata = new IPGeodataImpl(this); + this.domainWhois = new DomainWhoisImpl(this); + this.entities = new EntitiesImpl(this); + this.entitiesGetTimeline = new EntitiesGetTimelineImpl(this); + this.entitiesRelations = new EntitiesRelationsImpl(this); + this.entityRelations = new EntityRelationsImpl(this); + this.entityQueries = new EntityQueriesImpl(this); + this.entityQueryTemplates = new EntityQueryTemplatesImpl(this); + this.incidents = new IncidentsImpl(this); + this.incidentComments = new IncidentCommentsImpl(this); + this.incidentRelations = new IncidentRelationsImpl(this); + this.metadata = new MetadataImpl(this); + this.officeConsents = new OfficeConsentsImpl(this); + this.sentinelOnboardingStates = new SentinelOnboardingStatesImpl(this); + this.productSettings = new ProductSettingsImpl(this); + this.sourceControlOperations = new SourceControlOperationsImpl(this); + this.sourceControls = new SourceControlsImpl(this); + this.threatIntelligenceIndicator = new ThreatIntelligenceIndicatorImpl( + this + ); + this.threatIntelligenceIndicators = new ThreatIntelligenceIndicatorsImpl( + this + ); + this.threatIntelligenceIndicatorMetrics = new ThreatIntelligenceIndicatorMetricsImpl( + this + ); + this.watchlists = new WatchlistsImpl(this); + this.watchlistItems = new WatchlistItemsImpl(this); + this.dataConnectors = new DataConnectorsImpl(this); + this.dataConnectorsCheckRequirementsOperations = new DataConnectorsCheckRequirementsOperationsImpl( + this + ); + this.operations = new OperationsImpl(this); + } + + alertRules: AlertRules; + actions: Actions; + alertRuleTemplates: AlertRuleTemplates; + automationRules: AutomationRules; + bookmarks: Bookmarks; + bookmarkRelations: BookmarkRelations; + bookmarkOperations: BookmarkOperations; + iPGeodata: IPGeodata; + domainWhois: DomainWhois; + entities: Entities; + entitiesGetTimeline: EntitiesGetTimeline; + entitiesRelations: EntitiesRelations; + entityRelations: EntityRelations; + entityQueries: EntityQueries; + entityQueryTemplates: EntityQueryTemplates; + incidents: Incidents; + incidentComments: IncidentComments; + incidentRelations: IncidentRelations; + metadata: Metadata; + officeConsents: OfficeConsents; + sentinelOnboardingStates: SentinelOnboardingStates; + productSettings: ProductSettings; + sourceControlOperations: SourceControlOperations; + sourceControls: SourceControls; + threatIntelligenceIndicator: ThreatIntelligenceIndicator; + threatIntelligenceIndicators: ThreatIntelligenceIndicators; + threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; + watchlists: Watchlists; + watchlistItems: WatchlistItems; + dataConnectors: DataConnectors; + dataConnectorsCheckRequirementsOperations: DataConnectorsCheckRequirementsOperations; + operations: Operations; +} diff --git a/sdk/securityinsight/arm-securityinsight/test/sampleTest.ts b/sdk/securityinsight/arm-securityinsight/test/sampleTest.ts new file mode 100644 index 000000000000..7ed89b043e1b --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/test/sampleTest.ts @@ -0,0 +1,48 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + env, + record, + RecorderEnvironmentSetup, + Recorder +} from "@azure-tools/test-recorder"; +import * as assert from "assert"; + +const recorderEnvSetup: RecorderEnvironmentSetup = { + replaceableVariables: { + AZURE_CLIENT_ID: "azure_client_id", + AZURE_CLIENT_SECRET: "azure_client_secret", + AZURE_TENANT_ID: "88888888-8888-8888-8888-888888888888", + SUBSCRIPTION_ID: "azure_subscription_id" + }, + customizationsOnRecordings: [ + (recording: any): any => + recording.replace( + /"access_token":"[^"]*"/g, + `"access_token":"access_token"` + ) + ], + queryParametersToSkip: [] +}; + +describe("My test", () => { + let recorder: Recorder; + + beforeEach(async function() { + recorder = record(this, recorderEnvSetup); + }); + + afterEach(async function() { + await recorder.stop(); + }); + + it("sample test", async function() { + console.log("Hi, I'm a test!"); + }); +}); diff --git a/sdk/securityinsight/arm-securityinsight/tsconfig.json b/sdk/securityinsight/arm-securityinsight/tsconfig.json new file mode 100644 index 000000000000..3e6ae96443f3 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/tsconfig.json @@ -0,0 +1,27 @@ +{ + "compilerOptions": { + "module": "es6", + "moduleResolution": "node", + "strict": true, + "target": "es6", + "sourceMap": true, + "declarationMap": true, + "esModuleInterop": true, + "allowSyntheticDefaultImports": true, + "forceConsistentCasingInFileNames": true, + "lib": [ + "es6", + "dom" + ], + "declaration": true, + "outDir": "./dist-esm", + "importHelpers": true + }, + "include": [ + "./src/**/*.ts", + "./test/**/*.ts" + ], + "exclude": [ + "node_modules" + ] +} \ No newline at end of file diff --git a/sdk/securityinsight/ci.yml b/sdk/securityinsight/ci.yml new file mode 100644 index 000000000000..a97983fac033 --- /dev/null +++ b/sdk/securityinsight/ci.yml @@ -0,0 +1,30 @@ +# NOTE: Please refer to https://aka.ms/azsdk/engsys/ci-yaml before editing this file. + +trigger: + branches: + include: + - main + - release/* + - hotfix/* + paths: + include: + - sdk/securityinsight/ + +pr: + branches: + include: + - main + - release/* + - hotfix/* + paths: + include: + - sdk/securityinsight/ + +extends: + template: ../../eng/pipelines/templates/stages/archetype-sdk-client.yml + parameters: + ServiceDirectory: securityinsight + Artifacts: + - name: azure-arm-securityinsight + safeName: azurearmsecurityinsight + \ No newline at end of file