diff --git a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md index b31724782786..99c7d6332b7f 100644 --- a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md +++ b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md @@ -1,5 +1,178 @@ # Release History +## 1.0.0-beta.2 (2022-03-02) + +**Features** + + - Added operation AutomationRules.manualTriggerPlaybook + - Added Interface AutomationRulesManualTriggerPlaybookOptionalParams + - Added Interface AzureDevOpsResourceInfo + - Added Interface BookmarkEntityMappings + - Added Interface Deployment + - Added Interface DeploymentInfo + - Added Interface EntityFieldMapping + - Added Interface FusionScenarioExclusionPattern + - Added Interface FusionSourceSettings + - Added Interface FusionSourceSubTypeSetting + - Added Interface FusionSubTypeSeverityFilter + - Added Interface FusionSubTypeSeverityFiltersItem + - Added Interface FusionTemplateSourceSetting + - Added Interface FusionTemplateSourceSubType + - Added Interface FusionTemplateSubTypeSeverityFilter + - Added Interface GitHubResourceInfo + - Added Interface ManualTriggerRequestBody + - Added Interface Office365ProjectConnectorDataTypes + - Added Interface OfficePowerBIConnectorDataTypes + - Added Interface RepositoryResourceInfo + - Added Interface WatchlistsCreateOrUpdateHeaders + - Added Interface WatchlistsDeleteHeaders + - Added Interface Webhook + - Added Type Alias ActionType + - Added Type Alias AlertRuleTemplateWithMitreProperties + - Added Type Alias AutomationRulesDeleteResponse + - Added Type Alias AutomationRulesManualTriggerPlaybookResponse + - Added Type Alias ConditionType + - Added Type Alias DeploymentFetchStatus + - Added Type Alias DeploymentResult + - Added Type Alias DeploymentState + - Added Type Alias Enum12 + - Added Type Alias Office365ProjectCheckRequirements + - Added Type Alias Office365ProjectCheckRequirementsProperties + - Added Type Alias Office365ProjectConnectorDataTypesLogs + - Added Type Alias Office365ProjectDataConnector + - Added Type Alias Office365ProjectDataConnectorProperties + - Added Type Alias OfficePowerBICheckRequirements + - Added Type Alias OfficePowerBICheckRequirementsProperties + - Added Type Alias OfficePowerBIConnectorDataTypesLogs + - Added Type Alias OfficePowerBIDataConnector + - Added Type Alias OfficePowerBIDataConnectorProperties + - Added Type Alias PropertyConditionProperties + - Added Type Alias SourceType + - Added Type Alias ThreatIntelligenceResourceKindUnion + - Added Type Alias Version + - Added Type Alias WatchlistsDeleteResponse + - Interface AutomationRulesCreateOrUpdateOptionalParams has a new optional parameter automationRuleToUpsert + - Interface IncidentAdditionalData has a new optional parameter providerIncidentUrl + - Interface IncidentAdditionalData has a new optional parameter techniques + - Interface ScheduledAlertRuleCommonProperties has a new optional parameter alertDetailsOverride + - Interface ScheduledAlertRuleCommonProperties has a new optional parameter customDetails + - Interface ScheduledAlertRuleCommonProperties has a new optional parameter entityMappings + - Interface ScheduledAlertRuleCommonProperties has a new optional parameter query + - Interface ScheduledAlertRuleCommonProperties has a new optional parameter severity + - Interface WatchlistItemsListNextOptionalParams has a new optional parameter skipToken + - Interface WatchlistItemsListOptionalParams has a new optional parameter skipToken + - Interface WatchlistsListNextOptionalParams has a new optional parameter skipToken + - Interface WatchlistsListOptionalParams has a new optional parameter skipToken + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias MLBehaviorAnalyticsAlertRuleTemplateProperties + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias NrtAlertRuleTemplateProperties + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias ThreatIntelligenceAlertRuleTemplateProperties + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter severity + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter status + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter classification + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter classificationReason + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter classificationComment + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter owner + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter labels + - Type Alias AutomationRuleRunPlaybookAction has a new parameter logicAppResourceId + - Type Alias AutomationRuleRunPlaybookAction has a new parameter tenantId + - Type Alias Bookmark has a new parameter entityMappings + - Type Alias Bookmark has a new parameter tactics + - Type Alias Bookmark has a new parameter techniques + - Type Alias FusionAlertRule has a new parameter sourceSettings + - Type Alias FusionAlertRule has a new parameter scenarioExclusionPatterns + - Type Alias FusionAlertRule has a new parameter techniques + - Type Alias FusionAlertRuleTemplate has a new parameter techniques + - Type Alias FusionAlertRuleTemplate has a new parameter sourceSettings + - Type Alias MetadataModel has a new parameter customVersion + - Type Alias MetadataModel has a new parameter contentSchemaVersion + - Type Alias MetadataModel has a new parameter icon + - Type Alias MetadataModel has a new parameter threatAnalysisTactics + - Type Alias MetadataModel has a new parameter threatAnalysisTechniques + - Type Alias MetadataModel has a new parameter previewImages + - Type Alias MetadataModel has a new parameter previewImagesDark + - Type Alias MetadataPatch has a new parameter customVersion + - Type Alias MetadataPatch has a new parameter contentSchemaVersion + - Type Alias MetadataPatch has a new parameter icon + - Type Alias MetadataPatch has a new parameter threatAnalysisTactics + - Type Alias MetadataPatch has a new parameter threatAnalysisTechniques + - Type Alias MetadataPatch has a new parameter previewImages + - Type Alias MetadataPatch has a new parameter previewImagesDark + - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter displayNamesFilter + - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter displayNamesExcludeFilter + - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter productFilter + - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter severitiesFilter + - Type Alias MLBehaviorAnalyticsAlertRule has a new parameter techniques + - Type Alias MLBehaviorAnalyticsAlertRuleTemplate has a new parameter techniques + - Type Alias NrtAlertRule has a new parameter techniques + - Type Alias NrtAlertRuleTemplate has a new parameter techniques + - Type Alias ScheduledAlertRule has a new parameter techniques + - Type Alias ScheduledAlertRuleProperties has a new parameter alertRuleTemplateName + - Type Alias ScheduledAlertRuleProperties has a new parameter templateVersion + - Type Alias ScheduledAlertRuleProperties has a new parameter description + - Type Alias ScheduledAlertRuleProperties has a new parameter lastModifiedUtc + - Type Alias ScheduledAlertRuleProperties has a new parameter tactics + - Type Alias ScheduledAlertRuleProperties has a new parameter techniques + - Type Alias ScheduledAlertRuleProperties has a new parameter incidentConfiguration + - Type Alias ScheduledAlertRuleTemplate has a new parameter techniques + - Type Alias SourceControl has a new parameter version + - Type Alias SourceControl has a new parameter repositoryResourceInfo + - Type Alias SourceControl has a new parameter lastDeploymentInfo + - Type Alias ThreatIntelligenceAlertRule has a new parameter techniques + - Type Alias ThreatIntelligenceAlertRuleTemplate has a new parameter techniques + - Type Alias Watchlist has a new parameter sourceType + - Added Enum KnownActionType + - Added Enum KnownConditionType + - Added Enum KnownDeploymentFetchStatus + - Added Enum KnownDeploymentResult + - Added Enum KnownDeploymentState + - Added Enum KnownEnum12 + - Added Enum KnownSourceType + - Added Enum KnownVersion + - Enum KnownAttackTactic has a new value ImpairProcessControl + - Enum KnownAttackTactic has a new value InhibitResponseFunction + - Enum KnownAttackTactic has a new value Reconnaissance + - Enum KnownAttackTactic has a new value ResourceDevelopment + - Enum KnownAutomationRulePropertyConditionSupportedProperty has a new value AlertProductNames + - Enum KnownAutomationRulePropertyConditionSupportedProperty has a new value IncidentLabel + - Enum KnownDataConnectorKind has a new value Office365Project + - Enum KnownDataConnectorKind has a new value OfficePowerBI + - Enum KnownIncidentLabelType has a new value AutoAssigned + - Enum KnownKind has a new value AutomationRule + - Enum KnownKind has a new value AzureFunction + - Enum KnownKind has a new value LogicAppsCustomConnector + +**Breaking Changes** + + - Operation AutomationRules.createOrUpdate has a new signature + - Interface QueryBasedAlertRuleTemplateProperties no longer has parameter tactics + - Delete parameters of MicrosoftSecurityIncidentCreationAlertRuleCommonProperties in TypeAlias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias MLBehaviorAnalyticsAlertRuleTemplateProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias NrtAlertRuleTemplateProperties + - Delete parameters of QueryBasedAlertRuleProperties in TypeAlias ScheduledAlertRuleProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias ThreatIntelligenceAlertRuleTemplateProperties + - Type Alias AutomationRuleModifyPropertiesAction no longer has parameter actionConfiguration + - Type Alias AutomationRuleRunPlaybookAction no longer has parameter actionConfiguration + - Type Alias MLBehaviorAnalyticsAlertRuleTemplateProperties no longer has parameter tactics + - Type Alias ThreatIntelligenceAlertRuleTemplateProperties no longer has parameter tactics + - Type Alias Watchlist no longer has parameter watchlistItemsCount + - Type Alias ScheduledAlertRuleProperties has a new parameter displayName + - Type Alias ScheduledAlertRuleProperties has a new parameter enabled + - Type Alias ScheduledAlertRuleProperties has a new parameter suppressionDuration + - Type Alias ScheduledAlertRuleProperties has a new parameter suppressionEnabled + - Type Alias ThreatIntelligenceIndicatorModel has a new parameter kind + - Type Alias ThreatIntelligenceIndicatorModelForRequestBody has a new parameter kind + - Type Alias ThreatIntelligenceInformation has a new parameter kind + - Parameter displayName of Type Alias AutomationRule is now required + - Parameter order of Type Alias AutomationRule is now required + - Parameter triggeringLogic of Type Alias AutomationRule is now required + - Parameter actions of Type Alias AutomationRule is now required + - Removed Enum KnownAutomationRuleActionType + - Removed Enum KnownAutomationRuleConditionType + - Removed Enum KnownEnum8 + - Removed Enum KnownSource + - Enum KnownIncidentLabelType no longer has value System + + ## 1.0.0-beta.1 (2022-01-19) The package of @azure/arm-securityinsight is using our next generation design principles. To learn more, please refer to our documentation [Quick Start](https://aka.ms/js-track2-quickstart). diff --git a/sdk/securityinsight/arm-securityinsight/_meta.json b/sdk/securityinsight/arm-securityinsight/_meta.json index 55f48480abfc..82b90539c1ea 100644 --- a/sdk/securityinsight/arm-securityinsight/_meta.json +++ b/sdk/securityinsight/arm-securityinsight/_meta.json @@ -1,7 +1,7 @@ { - "commit": "1b0a465061c68175898f8f5d27f0301f42ce994c", + "commit": "b7bd0fdbfc31f10360ca02db8a8bb2847182b41d", "readme": "specification/securityinsights/resource-manager/readme.md", - "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=D:\\mydev\\azure-sdk-for-js ../azure-rest-api-specs/specification/iotspaces/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.16.20220114.1 --generate-sample=true", + "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=/home/vsts/work/1/s/azure-sdk-for-js ../azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.16.20220105.1", "repository_url": "https://github.com/Azure/azure-rest-api-specs.git", - "use": "@autorest/typescript@6.0.0-alpha.16.20220114.1" -} + "use": "@autorest/typescript@6.0.0-alpha.16.20220105.1" +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/api-extractor.json b/sdk/securityinsight/arm-securityinsight/api-extractor.json index c343bf73e921..ba4f20f727f2 100644 --- a/sdk/securityinsight/arm-securityinsight/api-extractor.json +++ b/sdk/securityinsight/arm-securityinsight/api-extractor.json @@ -1,18 +1,31 @@ { "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json", "mainEntryPointFilePath": "./dist-esm/src/index.d.ts", - "docModel": { "enabled": true }, - "apiReport": { "enabled": true, "reportFolder": "./review" }, + "docModel": { + "enabled": true + }, + "apiReport": { + "enabled": true, + "reportFolder": "./review" + }, "dtsRollup": { "enabled": true, "untrimmedFilePath": "", "publicTrimmedFilePath": "./types/arm-securityinsight.d.ts" }, "messages": { - "tsdocMessageReporting": { "default": { "logLevel": "none" } }, + "tsdocMessageReporting": { + "default": { + "logLevel": "none" + } + }, "extractorMessageReporting": { - "ae-missing-release-tag": { "logLevel": "none" }, - "ae-unresolved-link": { "logLevel": "none" } + "ae-missing-release-tag": { + "logLevel": "none" + }, + "ae-unresolved-link": { + "logLevel": "none" + } } } -} +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/package.json b/sdk/securityinsight/arm-securityinsight/package.json index 60b9c83bbb72..764262587022 100644 --- a/sdk/securityinsight/arm-securityinsight/package.json +++ b/sdk/securityinsight/arm-securityinsight/package.json @@ -4,7 +4,9 @@ "author": "Microsoft Corporation", "description": "A generated SDK for SecurityInsights.", "version": "1.0.0-beta.1", - "engines": { "node": ">=12.0.0" }, + "engines": { + "node": ">=12.0.0" + }, "dependencies": { "@azure/core-paging": "^1.2.0", "@azure/core-client": "^1.0.0", @@ -12,7 +14,13 @@ "@azure/core-rest-pipeline": "^1.1.0", "tslib": "^2.2.0" }, - "keywords": ["node", "azure", "typescript", "browser", "isomorphic"], + "keywords": [ + "node", + "azure", + "typescript", + "browser", + "isomorphic" + ], "license": "MIT", "main": "./dist/index.js", "module": "./dist-esm/src/index.js", @@ -39,7 +47,9 @@ "type": "git", "url": "https://github.com/Azure/azure-sdk-for-js.git" }, - "bugs": { "url": "https://github.com/Azure/azure-sdk-for-js/issues" }, + "bugs": { + "url": "https://github.com/Azure/azure-sdk-for-js/issues" + }, "files": [ "dist/**/*.js", "dist/**/*.js.map", @@ -86,10 +96,5 @@ "docs": "echo skipped" }, "sideEffects": false, - "//metadata": { - "constantPaths": [ - { "path": "src/SecurityInsights.ts", "prefix": "packageDetails" } - ] - }, "autoPublish": true -} +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md index 0c10f5865d27..0cae37fa66b1 100644 --- a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md +++ b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md @@ -153,6 +153,9 @@ export interface ActionsListByAlertRuleOptionalParams extends coreClient.Operati // @public export type ActionsListByAlertRuleResponse = ActionsList; +// @public +export type ActionType = string; + // @public export type ActivityCustomEntityQuery = CustomEntityQuery & { title?: string; @@ -347,6 +350,12 @@ export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList; // @public (undocumented) export type AlertRuleTemplateUnion = AlertRuleTemplate | MLBehaviorAnalyticsAlertRuleTemplate | FusionAlertRuleTemplate | ThreatIntelligenceAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate | NrtAlertRuleTemplate; +// @public +export type AlertRuleTemplateWithMitreProperties = AlertRuleTemplatePropertiesBase & { + tactics?: AttackTactic[]; + techniques?: string[]; +}; + // @public (undocumented) export type AlertRuleUnion = AlertRule | MLBehaviorAnalyticsAlertRule | FusionAlertRule | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule | NrtAlertRule; @@ -389,57 +398,47 @@ export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & { // @public export type AttackTactic = string; -// @public +// @public (undocumented) export type AutomationRule = ResourceWithEtag & { - displayName?: string; - order?: number; - triggeringLogic?: AutomationRuleTriggeringLogic; - actions?: AutomationRuleActionUnion[]; - readonly createdTimeUtc?: Date; + displayName: string; + order: number; + triggeringLogic: AutomationRuleTriggeringLogic; + actions: AutomationRuleActionUnion[]; readonly lastModifiedTimeUtc?: Date; - readonly createdBy?: ClientInfo; + readonly createdTimeUtc?: Date; readonly lastModifiedBy?: ClientInfo; + readonly createdBy?: ClientInfo; }; // @public export interface AutomationRuleAction { - actionType: "RunPlaybook" | "ModifyProperties"; + actionType: "ModifyProperties" | "RunPlaybook"; + // (undocumented) order: number; } -// @public -export type AutomationRuleActionType = string; - // @public (undocumented) -export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleRunPlaybookAction | AutomationRuleModifyPropertiesAction; +export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction; // @public export interface AutomationRuleCondition { conditionType: "Property"; } -// @public -export type AutomationRuleConditionType = string; - // @public (undocumented) -export type AutomationRuleConditionUnion = AutomationRuleCondition | AutomationRulePropertyValuesCondition; +export type AutomationRuleConditionUnion = AutomationRuleCondition | PropertyConditionProperties; // @public export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { actionType: "ModifyProperties"; - actionConfiguration: AutomationRuleModifyPropertiesActionConfiguration; -}; - -// @public -export interface AutomationRuleModifyPropertiesActionConfiguration { + severity?: IncidentSeverity; + status?: IncidentStatus; classification?: IncidentClassification; - classificationComment?: string; classificationReason?: IncidentClassificationReason; - labels?: IncidentLabel[]; + classificationComment?: string; owner?: IncidentOwnerInfo; - severity?: IncidentSeverity; - status?: IncidentStatus; -} + labels?: IncidentLabel[]; +}; // @public export type AutomationRulePropertyConditionSupportedOperator = string; @@ -447,41 +446,25 @@ export type AutomationRulePropertyConditionSupportedOperator = string; // @public export type AutomationRulePropertyConditionSupportedProperty = string; -// @public -export type AutomationRulePropertyValuesCondition = AutomationRuleCondition & { - conditionType: "Property"; - conditionProperties: AutomationRulePropertyValuesConditionProperties; -}; - -// @public -export interface AutomationRulePropertyValuesConditionProperties { - operator?: AutomationRulePropertyConditionSupportedOperator; - propertyName?: AutomationRulePropertyConditionSupportedProperty; - propertyValues?: string[]; -} - // @public export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { actionType: "RunPlaybook"; - actionConfiguration: AutomationRuleRunPlaybookActionConfiguration; -}; - -// @public -export interface AutomationRuleRunPlaybookActionConfiguration { logicAppResourceId?: string; tenantId?: string; -} +}; // @public export interface AutomationRules { - createOrUpdate(resourceGroupName: string, workspaceName: string, automationRuleId: string, automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams): Promise; + createOrUpdate(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams): Promise; get(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesGetOptionalParams): Promise; list(resourceGroupName: string, workspaceName: string, options?: AutomationRulesListOptionalParams): PagedAsyncIterableIterator; + manualTriggerPlaybook(resourceGroupName: string, workspaceName: string, incidentIdentifier: string, options?: AutomationRulesManualTriggerPlaybookOptionalParams): Promise; } // @public export interface AutomationRulesCreateOrUpdateOptionalParams extends coreClient.OperationOptions { + automationRuleToUpsert?: AutomationRule; } // @public @@ -491,6 +474,9 @@ export type AutomationRulesCreateOrUpdateResponse = AutomationRule; export interface AutomationRulesDeleteOptionalParams extends coreClient.OperationOptions { } +// @public +export type AutomationRulesDeleteResponse = Record; + // @public export interface AutomationRulesGetOptionalParams extends coreClient.OperationOptions { } @@ -498,10 +484,12 @@ export interface AutomationRulesGetOptionalParams extends coreClient.OperationOp // @public export type AutomationRulesGetResponse = AutomationRule; -// @public +// @public (undocumented) export interface AutomationRulesList { - readonly nextLink?: string; - value: AutomationRule[]; + // (undocumented) + nextLink?: string; + // (undocumented) + value?: AutomationRule[]; } // @public @@ -518,12 +506,23 @@ export interface AutomationRulesListOptionalParams extends coreClient.OperationO // @public export type AutomationRulesListResponse = AutomationRulesList; +// @public +export interface AutomationRulesManualTriggerPlaybookOptionalParams extends coreClient.OperationOptions { + // (undocumented) + requestBody?: ManualTriggerRequestBody; +} + +// @public +export type AutomationRulesManualTriggerPlaybookResponse = Record; + // @public export interface AutomationRuleTriggeringLogic { conditions?: AutomationRuleConditionUnion[]; expirationTimeUtc?: Date; isEnabled: boolean; + // (undocumented) triggersOn: TriggersOn; + // (undocumented) triggersWhen: TriggersWhen; } @@ -573,6 +572,12 @@ export interface AwsS3DataConnectorDataTypes { // @public export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; +// @public +export interface AzureDevOpsResourceInfo { + pipelineId?: string; + serviceConnectionId?: string; +} + // @public export type AzureResourceEntity = Entity & { readonly additionalData?: { @@ -604,8 +609,17 @@ export type Bookmark = ResourceWithEtag & { queryStartTime?: Date; queryEndTime?: Date; incidentInfo?: IncidentInfo; + entityMappings?: BookmarkEntityMappings[]; + tactics?: AttackTactic[]; + techniques?: string[]; }; +// @public +export interface BookmarkEntityMappings { + entityType?: string; + fieldMappings?: EntityFieldMapping[]; +} + // @public export type BookmarkExpandOperationResponse = BookmarkExpandResponse; @@ -886,6 +900,9 @@ export type CodelessUiDataConnector = DataConnector & { connectorUiConfig?: CodelessUiConnectorConfigProperties; }; +// @public +export type ConditionType = string; + // @public export type ConfidenceLevel = string; @@ -1004,7 +1021,7 @@ export interface DataConnectors { // @public export interface DataConnectorsCheckRequirements { - kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "ThreatIntelligence" | "ThreatIntelligenceTaxii"; + kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "Office365Project" | "OfficePowerBI" | "ThreatIntelligence" | "ThreatIntelligenceTaxii"; } // @public @@ -1020,7 +1037,7 @@ export interface DataConnectorsCheckRequirementsPostOptionalParams extends coreC export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; // @public (undocumented) -export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; +export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | Office365ProjectCheckRequirements | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; // @public export interface DataConnectorsConnectOptionalParams extends coreClient.OperationOptions { @@ -1068,7 +1085,7 @@ export interface DataConnectorTenantId { } // @public (undocumented) -export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; +export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | Office365ProjectDataConnector | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; // @public export interface DataConnectorWithAlertsProperties { @@ -1089,6 +1106,31 @@ export type DeliveryAction = "Unknown" | "DeliveredAsSpam" | "Delivered" | "Bloc // @public export type DeliveryLocation = "Unknown" | "Inbox" | "JunkFolder" | "DeletedFolder" | "Quarantine" | "External" | "Failed" | "Dropped" | "Forwarded"; +// @public +export interface Deployment { + deploymentId?: string; + deploymentLogsUrl?: string; + deploymentResult?: DeploymentResult; + deploymentState?: DeploymentState; + deploymentTime?: Date; +} + +// @public +export type DeploymentFetchStatus = string; + +// @public +export interface DeploymentInfo { + deployment?: Deployment; + deploymentFetchStatus?: DeploymentFetchStatus; + message?: string; +} + +// @public +export type DeploymentResult = string; + +// @public +export type DeploymentState = string; + // @public export type DnsEntity = Entity & { readonly additionalData?: { @@ -1358,6 +1400,12 @@ export interface EntityExpandResponseValue { entities?: EntityUnion[]; } +// @public +export interface EntityFieldMapping { + identifier?: string; + value?: string; +} + // @public export interface EntityGetInsightsParameters { addDefaultExtendedTimeRange?: boolean; @@ -1435,7 +1483,7 @@ export type EntityQueriesGetResponse = EntityQueryUnion; // @public export interface EntityQueriesListNextOptionalParams extends coreClient.OperationOptions { - kind?: Enum8; + kind?: Enum12; } // @public @@ -1443,7 +1491,7 @@ export type EntityQueriesListNextResponse = EntityQueryList; // @public export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { - kind?: Enum8; + kind?: Enum12; } // @public @@ -1578,27 +1626,7 @@ export type EntityType = string; export type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity; // @public -export type Enum8 = string; - -// @public -export interface ErrorAdditionalInfo { - readonly info?: Record; - readonly type?: string; -} - -// @public -export interface ErrorDetail { - readonly additionalInfo?: ErrorAdditionalInfo[]; - readonly code?: string; - readonly details?: ErrorDetail[]; - readonly message?: string; - readonly target?: string; -} - -// @public -export interface ErrorResponse { - error?: ErrorDetail; -} +export type Enum12 = string; // @public export type EventGroupingAggregationKind = string; @@ -1687,29 +1715,80 @@ export type FusionAlertRule = AlertRule & { readonly description?: string; readonly displayName?: string; enabled?: boolean; + sourceSettings?: FusionSourceSettings[]; + scenarioExclusionPatterns?: FusionScenarioExclusionPattern[]; readonly lastModifiedUtc?: Date; readonly severity?: AlertSeverity; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; }; // @public export type FusionAlertRuleTemplate = AlertRuleTemplate & { alertRulesCreatedByTemplateCount?: number; - readonly lastUpdatedDateUTC?: Date; readonly createdDateUTC?: Date; + readonly lastUpdatedDateUTC?: Date; description?: string; displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; severity?: AlertSeverity; tactics?: AttackTactic[]; + techniques?: string[]; + sourceSettings?: FusionTemplateSourceSetting[]; }; // @public -export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { +export interface FusionScenarioExclusionPattern { + dateAddedInUTC: string; + exclusionPattern: string; +} + +// @public +export interface FusionSourceSettings { + enabled: boolean; + sourceName: string; + sourceSubTypes?: FusionSourceSubTypeSetting[]; +} + +// @public +export interface FusionSourceSubTypeSetting { + enabled: boolean; + severityFilters: FusionSubTypeSeverityFilter; + readonly sourceSubTypeDisplayName?: string; + sourceSubTypeName: string; +} + +// @public +export interface FusionSubTypeSeverityFilter { + filters?: FusionSubTypeSeverityFiltersItem[]; + readonly isSupported?: boolean; +} + +// @public +export interface FusionSubTypeSeverityFiltersItem { + enabled: boolean; severity: AlertSeverity; - tactics?: AttackTactic[]; -}; +} + +// @public +export interface FusionTemplateSourceSetting { + sourceName: string; + sourceSubTypes?: FusionTemplateSourceSubType[]; +} + +// @public +export interface FusionTemplateSourceSubType { + severityFilter: FusionTemplateSubTypeSeverityFilter; + readonly sourceSubTypeDisplayName?: string; + sourceSubTypeName: string; +} + +// @public +export interface FusionTemplateSubTypeSeverityFilter { + isSupported: boolean; + severityFilters?: AlertSeverity[]; +} // @public export interface GeoLocation { @@ -1740,6 +1819,11 @@ export interface GetQueriesResponse { value?: EntityQueryItemUnion[]; } +// @public +export interface GitHubResourceInfo { + appInstallationId?: string; +} + // @public export interface GraphQueries { baseQuery?: string; @@ -1852,7 +1936,9 @@ export interface IncidentAdditionalData { readonly alertsCount?: number; readonly bookmarksCount?: number; readonly commentsCount?: number; + readonly providerIncidentUrl?: string; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; } // @public @@ -2283,6 +2369,12 @@ export type KillChainIntent = string; // @public export type Kind = string; +// @public +export enum KnownActionType { + ModifyProperties = "ModifyProperties", + RunPlaybook = "RunPlaybook" +} + // @public export enum KnownAlertDetail { DisplayName = "DisplayName", @@ -2349,6 +2441,10 @@ export enum KnownAttackTactic { // (undocumented) Impact = "Impact", // (undocumented) + ImpairProcessControl = "ImpairProcessControl", + // (undocumented) + InhibitResponseFunction = "InhibitResponseFunction", + // (undocumented) InitialAccess = "InitialAccess", // (undocumented) LateralMovement = "LateralMovement", @@ -2357,18 +2453,11 @@ export enum KnownAttackTactic { // (undocumented) PreAttack = "PreAttack", // (undocumented) - PrivilegeEscalation = "PrivilegeEscalation" -} - -// @public -export enum KnownAutomationRuleActionType { - ModifyProperties = "ModifyProperties", - RunPlaybook = "RunPlaybook" -} - -// @public -export enum KnownAutomationRuleConditionType { - Property = "Property" + PrivilegeEscalation = "PrivilegeEscalation", + // (undocumented) + Reconnaissance = "Reconnaissance", + // (undocumented) + ResourceDevelopment = "ResourceDevelopment" } // @public @@ -2393,6 +2482,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { AccountPuid = "AccountPUID", AccountSid = "AccountSid", AccountUPNSuffix = "AccountUPNSuffix", + AlertProductNames = "AlertProductNames", AzureResourceResourceId = "AzureResourceResourceId", AzureResourceSubscriptionId = "AzureResourceSubscriptionId", CloudApplicationAppId = "CloudApplicationAppId", @@ -2407,6 +2497,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { HostNTDomain = "HostNTDomain", HostOSVersion = "HostOSVersion", IncidentDescription = "IncidentDescription", + IncidentLabel = "IncidentLabel", IncidentProviderName = "IncidentProviderName", IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", IncidentSeverity = "IncidentSeverity", @@ -2439,6 +2530,11 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { Url = "Url" } +// @public +export enum KnownConditionType { + Property = "Property" +} + // @public export enum KnownConfidenceLevel { High = "High", @@ -2533,10 +2629,14 @@ export enum KnownDataConnectorKind { // (undocumented) Office365 = "Office365", // (undocumented) + Office365Project = "Office365Project", + // (undocumented) OfficeATP = "OfficeATP", // (undocumented) OfficeIRM = "OfficeIRM", // (undocumented) + OfficePowerBI = "OfficePowerBI", + // (undocumented) ThreatIntelligence = "ThreatIntelligence", // (undocumented) ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii" @@ -2560,6 +2660,38 @@ export enum KnownDataTypeState { Enabled = "Enabled" } +// @public +export enum KnownDeploymentFetchStatus { + // (undocumented) + NotFound = "NotFound", + // (undocumented) + Success = "Success", + // (undocumented) + Unauthorized = "Unauthorized" +} + +// @public +export enum KnownDeploymentResult { + // (undocumented) + Canceled = "Canceled", + // (undocumented) + Failed = "Failed", + // (undocumented) + Success = "Success" +} + +// @public +export enum KnownDeploymentState { + // (undocumented) + Canceling = "Canceling", + // (undocumented) + Completed = "Completed", + // (undocumented) + InProgress = "In_Progress", + // (undocumented) + Queued = "Queued" +} + // @public export enum KnownEntityItemQueryKind { Insight = "Insight" @@ -2661,7 +2793,7 @@ export enum KnownEntityType { } // @public -export enum KnownEnum8 { +export enum KnownEnum12 { // (undocumented) Activity = "Activity", // (undocumented) @@ -2703,7 +2835,7 @@ export enum KnownIncidentClassificationReason { // @public export enum KnownIncidentLabelType { - System = "System", + AutoAssigned = "AutoAssigned", User = "User" } @@ -2747,6 +2879,10 @@ export enum KnownKind { // (undocumented) AnalyticsRuleTemplate = "AnalyticsRuleTemplate", // (undocumented) + AutomationRule = "AutomationRule", + // (undocumented) + AzureFunction = "AzureFunction", + // (undocumented) DataConnector = "DataConnector", // (undocumented) DataType = "DataType", @@ -2755,6 +2891,8 @@ export enum KnownKind { // (undocumented) InvestigationQuery = "InvestigationQuery", // (undocumented) + LogicAppsCustomConnector = "LogicAppsCustomConnector", + // (undocumented) Parser = "Parser", // (undocumented) Playbook = "Playbook", @@ -2921,14 +3059,6 @@ export enum KnownSkuKind { PerGB = "PerGB" } -// @public -export enum KnownSource { - // (undocumented) - LocalFile = "Local file", - // (undocumented) - RemoteStorage = "Remote storage" -} - // @public export enum KnownSourceKind { // (undocumented) @@ -2941,6 +3071,14 @@ export enum KnownSourceKind { SourceRepository = "SourceRepository" } +// @public +export enum KnownSourceType { + // (undocumented) + LocalFile = "Local file", + // (undocumented) + RemoteStorage = "Remote storage" +} + // @public export enum KnownSupportTier { // (undocumented) @@ -2995,6 +3133,14 @@ export enum KnownUebaDataSources { SigninLogs = "SigninLogs" } +// @public +export enum KnownVersion { + // (undocumented) + V1 = "V1", + // (undocumented) + V2 = "V2" +} + // @public export interface LastDataReceivedDataType { lastDataReceivedQuery?: string; @@ -3145,6 +3291,14 @@ export type MalwareEntityProperties = EntityCommonProperties & { readonly processEntityIds?: string[]; }; +// @public (undocumented) +export interface ManualTriggerRequestBody { + // (undocumented) + logicAppsResourceId?: string; + // (undocumented) + tenantId?: string; +} + // @public export type MatchingMethod = string; @@ -3283,6 +3437,13 @@ export type MetadataModel = ResourceWithEtag & { providers?: string[]; firstPublishDate?: Date; lastPublishDate?: Date; + customVersion?: string; + contentSchemaVersion?: string; + icon?: string; + threatAnalysisTactics?: string[]; + threatAnalysisTechniques?: string[]; + previewImages?: string[]; + previewImagesDark?: string[]; }; // @public @@ -3299,6 +3460,13 @@ export type MetadataPatch = ResourceWithEtag & { providers?: string[]; firstPublishDate?: Date; lastPublishDate?: Date; + customVersion?: string; + contentSchemaVersion?: string; + icon?: string; + threatAnalysisTactics?: string[]; + threatAnalysisTechniques?: string[]; + previewImages?: string[]; + previewImagesDark?: string[]; }; // @public @@ -3369,7 +3537,12 @@ export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTempla }; // @public -export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {}; +export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { + displayNamesFilter?: string[]; + displayNamesExcludeFilter?: string[]; + productFilter?: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; +}; // @public export type MicrosoftSecurityProductName = string; @@ -3383,6 +3556,7 @@ export type MLBehaviorAnalyticsAlertRule = AlertRule & { readonly lastModifiedUtc?: Date; readonly severity?: AlertSeverity; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; }; // @public @@ -3394,14 +3568,14 @@ export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; - severity?: AlertSeverity; tactics?: AttackTactic[]; + techniques?: string[]; + severity?: AlertSeverity; }; // @public -export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { +export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { severity: AlertSeverity; - tactics?: AttackTactic[]; }; // @public @@ -3474,13 +3648,14 @@ export type NrtAlertRule = AlertRule & { templateVersion?: string; description?: string; query?: string; + tactics?: AttackTactic[]; + techniques?: string[]; displayName?: string; enabled?: boolean; readonly lastModifiedUtc?: Date; suppressionDuration?: string; suppressionEnabled?: boolean; severity?: AlertSeverity; - tactics?: AttackTactic[]; incidentConfiguration?: IncidentConfiguration; customDetails?: { [propertyName: string]: string; @@ -3489,9 +3664,6 @@ export type NrtAlertRule = AlertRule & { alertDetailsOverride?: AlertDetailsOverride; }; -// @public -export type NrtAlertRuleProperties = QueryBasedAlertRuleProperties & {}; - // @public export type NrtAlertRuleTemplate = AlertRuleTemplate & { alertRulesCreatedByTemplateCount?: number; @@ -3501,9 +3673,10 @@ export type NrtAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; + tactics?: AttackTactic[]; + techniques?: string[]; query?: string; severity?: AlertSeverity; - tactics?: AttackTactic[]; version?: string; customDetails?: { [propertyName: string]: string; @@ -3513,7 +3686,35 @@ export type NrtAlertRuleTemplate = AlertRuleTemplate & { }; // @public -export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & {}; +export type NrtAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & {}; + +// @public +export type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & { + kind: "Office365Project"; + tenantId?: string; +}; + +// @public +export type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export interface Office365ProjectConnectorDataTypes { + logs: Office365ProjectConnectorDataTypesLogs; +} + +// @public +export type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +// @public +export type Office365ProjectDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: Office365ProjectConnectorDataTypes; +}; + +// @public +export type Office365ProjectDataConnectorProperties = DataConnectorTenantId & { + dataTypes: Office365ProjectConnectorDataTypes; +}; // @public export type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & { @@ -3622,6 +3823,34 @@ export type OfficeIRMDataConnector = DataConnector & { // @public export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; +// @public +export type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & { + kind: "OfficePowerBI"; + tenantId?: string; +}; + +// @public +export type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export interface OfficePowerBIConnectorDataTypes { + logs: OfficePowerBIConnectorDataTypesLogs; +} + +// @public +export type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +// @public +export type OfficePowerBIDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: OfficePowerBIConnectorDataTypes; +}; + +// @public +export type OfficePowerBIDataConnectorProperties = DataConnectorTenantId & { + dataTypes: OfficePowerBIConnectorDataTypes; +}; + // @public export interface Operation { display?: OperationDisplay; @@ -3758,28 +3987,15 @@ export interface ProductSettingsUpdateOptionalParams extends coreClient.Operatio export type ProductSettingsUpdateResponse = SettingsUnion; // @public -export type ProviderName = string; +export type PropertyConditionProperties = AutomationRuleCondition & { + conditionType: "Property"; + propertyName?: AutomationRulePropertyConditionSupportedProperty; + operator?: AutomationRulePropertyConditionSupportedOperator; + propertyValues?: string[]; +}; // @public -export interface QueryBasedAlertRuleProperties { - alertDetailsOverride?: AlertDetailsOverride; - alertRuleTemplateName?: string; - customDetails?: { - [propertyName: string]: string; - }; - description?: string; - displayName: string; - enabled: boolean; - entityMappings?: EntityMapping[]; - incidentConfiguration?: IncidentConfiguration; - readonly lastModifiedUtc?: Date; - query?: string; - severity?: AlertSeverity; - suppressionDuration: string; - suppressionEnabled: boolean; - tactics?: AttackTactic[]; - templateVersion?: string; -} +export type ProviderName = string; // @public export interface QueryBasedAlertRuleTemplateProperties { @@ -3790,7 +4006,6 @@ export interface QueryBasedAlertRuleTemplateProperties { entityMappings?: EntityMapping[]; query?: string; severity?: AlertSeverity; - tactics?: AttackTactic[]; version?: string; } @@ -3872,6 +4087,13 @@ export interface Repository { url?: string; } +// @public +export interface RepositoryResourceInfo { + azureDevOpsResourceInfo?: AzureDevOpsResourceInfo; + gitHubResourceInfo?: GitHubResourceInfo; + webhook?: Webhook; +} + // @public export type RepoType = string; @@ -3913,70 +4135,88 @@ export interface SampleQueries { // @public export type ScheduledAlertRule = AlertRule & { + query?: string; queryFrequency?: string; queryPeriod?: string; + severity?: AlertSeverity; triggerOperator?: TriggerOperator; triggerThreshold?: number; eventGroupingSettings?: EventGroupingSettings; + customDetails?: { + [propertyName: string]: string; + }; + entityMappings?: EntityMapping[]; + alertDetailsOverride?: AlertDetailsOverride; alertRuleTemplateName?: string; templateVersion?: string; description?: string; - query?: string; displayName?: string; enabled?: boolean; readonly lastModifiedUtc?: Date; suppressionDuration?: string; suppressionEnabled?: boolean; - severity?: AlertSeverity; tactics?: AttackTactic[]; + techniques?: string[]; incidentConfiguration?: IncidentConfiguration; - customDetails?: { - [propertyName: string]: string; - }; - entityMappings?: EntityMapping[]; - alertDetailsOverride?: AlertDetailsOverride; }; // @public export interface ScheduledAlertRuleCommonProperties { + alertDetailsOverride?: AlertDetailsOverride; + customDetails?: { + [propertyName: string]: string; + }; + entityMappings?: EntityMapping[]; eventGroupingSettings?: EventGroupingSettings; + query?: string; queryFrequency?: string; queryPeriod?: string; + severity?: AlertSeverity; triggerOperator?: TriggerOperator; triggerThreshold?: number; } // @public -export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & QueryBasedAlertRuleProperties & {}; +export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & { + alertRuleTemplateName?: string; + templateVersion?: string; + description?: string; + displayName: string; + enabled: boolean; + readonly lastModifiedUtc?: Date; + suppressionDuration: string; + suppressionEnabled: boolean; + tactics?: AttackTactic[]; + techniques?: string[]; + incidentConfiguration?: IncidentConfiguration; +}; // @public export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { alertRulesCreatedByTemplateCount?: number; - readonly lastUpdatedDateUTC?: Date; readonly createdDateUTC?: Date; + readonly lastUpdatedDateUTC?: Date; description?: string; displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; query?: string; + queryFrequency?: string; + queryPeriod?: string; severity?: AlertSeverity; + triggerOperator?: TriggerOperator; + triggerThreshold?: number; tactics?: AttackTactic[]; + techniques?: string[]; version?: string; + eventGroupingSettings?: EventGroupingSettings; customDetails?: { [propertyName: string]: string; }; entityMappings?: EntityMapping[]; alertDetailsOverride?: AlertDetailsOverride; - queryFrequency?: string; - queryPeriod?: string; - triggerOperator?: TriggerOperator; - triggerThreshold?: number; - eventGroupingSettings?: EventGroupingSettings; }; -// @public -export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & ScheduledAlertRuleCommonProperties & {}; - // @public export type SecurityAlert = Entity & { readonly additionalData?: { @@ -4231,17 +4471,17 @@ export interface Sku { // @public export type SkuKind = string; -// @public -export type Source = string; - // @public export type SourceControl = ResourceWithEtag & { idPropertiesId?: string; + version?: Version; displayName?: string; description?: string; repoType?: RepoType; contentTypes?: ContentType[]; repository?: Repository; + repositoryResourceInfo?: RepositoryResourceInfo; + lastDeploymentInfo?: DeploymentInfo; }; // @public @@ -4312,6 +4552,9 @@ export type SourceControlsListResponse = SourceControlList; // @public export type SourceKind = string; +// @public +export type SourceType = string; + // @public export type SubmissionMailEntity = Entity & { readonly additionalData?: { @@ -4396,6 +4639,7 @@ export type ThreatIntelligenceAlertRule = AlertRule & { readonly lastModifiedUtc?: Date; readonly severity?: AlertSeverity; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; }; // @public @@ -4407,14 +4651,14 @@ export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; - severity?: AlertSeverity; tactics?: AttackTactic[]; + techniques?: string[]; + severity?: AlertSeverity; }; // @public -export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { +export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { severity: AlertSeverity; - tactics?: AttackTactic[]; }; // @public @@ -4511,6 +4755,7 @@ export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceM // @public export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { + kind: "indicator"; readonly additionalData?: { [propertyName: string]: Record; }; @@ -4549,6 +4794,7 @@ export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { // @public export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { + kind: "indicator"; etag?: string; readonly additionalData?: { [propertyName: string]: Record; @@ -4669,7 +4915,9 @@ export interface ThreatIntelligenceIndicatorsListOptionalParams extends coreClie export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList; // @public -export type ThreatIntelligenceInformation = ResourceWithEtag & ThreatIntelligenceResourceKind & {}; +export type ThreatIntelligenceInformation = ResourceWithEtag & ThreatIntelligenceResourceKind & { + kind: "ThreatIntelligenceInformation" | "indicator"; +}; // @public export interface ThreatIntelligenceInformationList { @@ -4724,12 +4972,15 @@ export interface ThreatIntelligenceParsedPatternTypeValue { // @public export interface ThreatIntelligenceResourceKind { - kind: ThreatIntelligenceResourceKindEnum; + kind: "indicator" | "ThreatIntelligenceInformation" | "indicator"; } // @public export type ThreatIntelligenceResourceKindEnum = string; +// @public (undocumented) +export type ThreatIntelligenceResourceKindUnion = ThreatIntelligenceResourceKind | ThreatIntelligenceIndicatorModelForRequestBody | ThreatIntelligenceInformationUnion; + // @public export interface ThreatIntelligenceSortingCriteria { itemKey?: string; @@ -4871,12 +5122,16 @@ export interface UserInfo { objectId?: string; } +// @public +export type Version = string; + // @public export type Watchlist = ResourceWithEtag & { watchlistId?: string; displayName?: string; provider?: string; - source?: Source; + source?: string; + sourceType?: SourceType; created?: Date; updated?: Date; createdBy?: UserInfo; @@ -4893,7 +5148,6 @@ export type Watchlist = ResourceWithEtag & { itemsSearchKey?: string; contentType?: string; uploadStatus?: string; - watchlistItemsCount?: number; }; // @public @@ -4944,6 +5198,7 @@ export type WatchlistItemsGetResponse = WatchlistItem; // @public export interface WatchlistItemsListNextOptionalParams extends coreClient.OperationOptions { + skipToken?: string; } // @public @@ -4951,6 +5206,7 @@ export type WatchlistItemsListNextResponse = WatchlistItemList; // @public export interface WatchlistItemsListOptionalParams extends coreClient.OperationOptions { + skipToken?: string; } // @public @@ -4965,11 +5221,16 @@ export interface WatchlistList { // @public export interface Watchlists { createOrUpdate(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlist: Watchlist, options?: WatchlistsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams): Promise; get(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsGetOptionalParams): Promise; list(resourceGroupName: string, workspaceName: string, options?: WatchlistsListOptionalParams): PagedAsyncIterableIterator; } +// @public +export interface WatchlistsCreateOrUpdateHeaders { + azureAsyncOperation?: string; +} + // @public export interface WatchlistsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { } @@ -4977,10 +5238,18 @@ export interface WatchlistsCreateOrUpdateOptionalParams extends coreClient.Opera // @public export type WatchlistsCreateOrUpdateResponse = Watchlist; +// @public +export interface WatchlistsDeleteHeaders { + azureAsyncOperation?: string; +} + // @public export interface WatchlistsDeleteOptionalParams extends coreClient.OperationOptions { } +// @public +export type WatchlistsDeleteResponse = WatchlistsDeleteHeaders & Watchlist; + // @public export interface WatchlistsGetOptionalParams extends coreClient.OperationOptions { } @@ -4990,6 +5259,7 @@ export type WatchlistsGetResponse = Watchlist; // @public export interface WatchlistsListNextOptionalParams extends coreClient.OperationOptions { + skipToken?: string; } // @public @@ -4997,11 +5267,20 @@ export type WatchlistsListNextResponse = WatchlistList; // @public export interface WatchlistsListOptionalParams extends coreClient.OperationOptions { + skipToken?: string; } // @public export type WatchlistsListResponse = WatchlistList; +// @public +export interface Webhook { + rotateWebhookSecret?: boolean; + webhookId?: string; + webhookSecretUpdateTime?: string; + webhookUrl?: string; +} + // (No @packageDocumentation comment for this package) ``` diff --git a/sdk/securityinsight/arm-securityinsight/src/models/index.ts b/sdk/securityinsight/arm-securityinsight/src/models/index.ts index 592c467dbfea..dc8f2488b4c8 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/index.ts @@ -10,17 +10,21 @@ import * as coreClient from "@azure/core-client"; export type AutomationRuleConditionUnion = | AutomationRuleCondition - | AutomationRulePropertyValuesCondition; + | PropertyConditionProperties; export type AutomationRuleActionUnion = | AutomationRuleAction - | AutomationRuleRunPlaybookAction - | AutomationRuleModifyPropertiesAction; + | AutomationRuleModifyPropertiesAction + | AutomationRuleRunPlaybookAction; export type EntityTimelineItemUnion = | EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | SecurityAlertTimelineItem; export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem; +export type ThreatIntelligenceResourceKindUnion = + | ThreatIntelligenceResourceKind + | ThreatIntelligenceIndicatorModelForRequestBody + | ThreatIntelligenceInformationUnion; export type DataConnectorsCheckRequirementsUnion = | DataConnectorsCheckRequirements | AADCheckRequirements @@ -35,6 +39,8 @@ export type DataConnectorsCheckRequirementsUnion = | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements + | Office365ProjectCheckRequirements + | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; export type AlertRuleTemplateUnion = @@ -107,6 +113,8 @@ export type DataConnectorUnion = | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector + | Office365ProjectDataConnector + | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector @@ -214,26 +222,13 @@ export interface AlertRuleTemplatesList { value: AlertRuleTemplateUnion[]; } -/** List all the automation rules. */ -export interface AutomationRulesList { - /** - * URL to fetch the next set of automation rules. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of automation rules. */ - value: AutomationRule[]; -} - /** Describes automation rule triggering logic */ export interface AutomationRuleTriggeringLogic { - /** Determines whether the automation rule is enabled or disabled. */ + /** Determines whether the automation rule is enabled or disabled */ isEnabled: boolean; /** Determines when the automation rule should automatically expire and be disabled. */ expirationTimeUtc?: Date; - /** The type of object the automation rule triggers on */ triggersOn: TriggersOn; - /** The type of event the automation rule triggers on */ triggersWhen: TriggersWhen; /** The conditions to evaluate to determine if the automation rule should be triggered on a given object */ conditions?: AutomationRuleConditionUnion[]; @@ -248,8 +243,7 @@ export interface AutomationRuleCondition { /** Describes an automation rule action */ export interface AutomationRuleAction { /** Polymorphic discriminator, which specifies the different types this object can be */ - actionType: "RunPlaybook" | "ModifyProperties"; - /** The order of execution of the automation rule action */ + actionType: "ModifyProperties" | "RunPlaybook"; order: number; } @@ -265,10 +259,20 @@ export interface ClientInfo { userPrincipalName?: string; } +export interface AutomationRulesList { + value?: AutomationRule[]; + nextLink?: string; +} + +export interface ManualTriggerRequestBody { + tenantId?: string; + logicAppsResourceId?: string; +} + /** List all the bookmarks. */ export interface BookmarkList { /** - * URL to fetch the next set of cases. + * URL to fetch the next set of bookmarks. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; @@ -304,6 +308,22 @@ export interface IncidentInfo { relationName?: string; } +/** Describes the entity mappings of a single entity */ +export interface BookmarkEntityMappings { + /** The entity type */ + entityType?: string; + /** Array of fields mapping for that entity type */ + fieldMappings?: EntityFieldMapping[]; +} + +/** Map identifiers of a single entity */ +export interface EntityFieldMapping { + /** Alert V3 identifier */ + identifier?: string; + /** The value of the identifier */ + value?: string; +} + /** List of relations. */ export interface RelationList { /** @@ -485,17 +505,6 @@ export interface EnrichmentDomainWhoisContact { email?: string; } -/** List of all the entity queries. */ -export interface EntityQueryList { - /** - * URL to fetch the next set of entity queries. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of entity queries. */ - value: EntityQueryUnion[]; -} - /** List of all the entities. */ export interface EntityList { /** @@ -689,6 +698,28 @@ export interface InsightsTableResultColumnsItem { name?: string; } +/** List of all the entity queries. */ +export interface EntityQueryList { + /** + * URL to fetch the next set of entity queries. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of entity queries. */ + value: EntityQueryUnion[]; +} + +/** List of all the entity query templates. */ +export interface EntityQueryTemplateList { + /** + * URL to fetch the next set of entity query templates. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of entity query templates. */ + value: EntityQueryTemplateUnion[]; +} + /** List all the incidents. */ export interface IncidentList { /** @@ -722,11 +753,21 @@ export interface IncidentAdditionalData { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly alertProductNames?: string[]; + /** + * The provider incident url to the incident in Microsoft 365 Defender portal + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly providerIncidentUrl?: string; /** * The tactics associated with incident * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques associated with incident's tactics' + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; } /** Represents an incident label */ @@ -932,6 +973,17 @@ export interface MetadataCategories { verticals?: string[]; } +/** List of all the office365 consents. */ +export interface OfficeConsentList { + /** + * URL to fetch the next set of office consents. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of the consents. */ + value: OfficeConsent[]; +} + /** List of the Sentinel onboarding states */ export interface SentinelOnboardingStatesList { /** Array of Sentinel onboarding states */ @@ -998,133 +1050,64 @@ export interface ContentPathMap { path?: string; } -/** List all the watchlists. */ -export interface WatchlistList { - /** - * URL to fetch the next set of watchlists. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of watchlist. */ - value: Watchlist[]; -} - -/** List all the watchlist items. */ -export interface WatchlistItemList { - /** - * URL to fetch the next set of watchlist item. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of watchlist items. */ - value: WatchlistItem[]; -} - -/** List all the data connectors. */ -export interface DataConnectorList { - /** - * URL to fetch the next set of data connectors. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of data connectors. */ - value: DataConnectorUnion[]; -} - -/** Represents Codeless API Polling data connector. */ -export interface DataConnectorConnectBody { - /** The authentication kind used to poll the data */ - kind?: ConnectAuthKind; - /** The API key of the audit server. */ - apiKey?: string; - /** The client secret of the OAuth 2.0 application. */ - clientSecret?: string; - /** The client id of the OAuth 2.0 application. */ - clientId?: string; - /** The authorization code used in OAuth 2.0 code flow to issue a token. */ - authorizationCode?: string; - /** The user name in the audit log server. */ - userName?: string; - /** The user password in the audit log server. */ - password?: string; - requestConfigUserInputValues?: Record[]; -} - -/** Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). */ -export interface ErrorResponse { - /** The error object. */ - error?: ErrorDetail; -} - -/** The error detail. */ -export interface ErrorDetail { - /** - * The error code. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly code?: string; - /** - * The error message. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly message?: string; - /** - * The error target. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly target?: string; - /** - * The error details. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly details?: ErrorDetail[]; - /** - * The error additional info. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalInfo?: ErrorAdditionalInfo[]; -} - -/** The resource management error additional info. */ -export interface ErrorAdditionalInfo { - /** - * The additional info type. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly type?: string; - /** - * The additional info. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly info?: Record; -} - -/** Data connector requirements properties. */ -export interface DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: - | "AzureActiveDirectory" - | "AzureAdvancedThreatProtection" - | "AzureSecurityCenter" - | "AmazonWebServicesCloudTrail" - | "AmazonWebServicesS3" - | "Dynamics365" - | "MicrosoftCloudAppSecurity" - | "MicrosoftDefenderAdvancedThreatProtection" - | "MicrosoftThreatIntelligence" - | "MicrosoftThreatProtection" - | "OfficeATP" - | "OfficeIRM" - | "ThreatIntelligence" - | "ThreatIntelligenceTaxii"; +/** Resources created in user's repository for the source-control. */ +export interface RepositoryResourceInfo { + /** The webhook object created for the source-control. */ + webhook?: Webhook; + /** Resources created in GitHub for this source-control. */ + gitHubResourceInfo?: GitHubResourceInfo; + /** Resources created in Azure DevOps for this source-control. */ + azureDevOpsResourceInfo?: AzureDevOpsResourceInfo; +} + +/** Detail about the webhook object. */ +export interface Webhook { + /** Unique identifier for the webhook. */ + webhookId?: string; + /** URL that gets invoked by the webhook. */ + webhookUrl?: string; + /** Time when the webhook secret was updated. */ + webhookSecretUpdateTime?: string; + /** A flag to instruct the backend service to rotate webhook secret. */ + rotateWebhookSecret?: boolean; +} + +/** Resources created in GitHub repository. */ +export interface GitHubResourceInfo { + /** GitHub application installation id. */ + appInstallationId?: string; +} + +/** Resources created in Azure DevOps repository. */ +export interface AzureDevOpsResourceInfo { + /** Id of the pipeline created for the source-control. */ + pipelineId?: string; + /** Id of the service-connection created for the source-control. */ + serviceConnectionId?: string; +} + +/** Information regarding a deployment. */ +export interface DeploymentInfo { + /** Status while fetching the last deployment. */ + deploymentFetchStatus?: DeploymentFetchStatus; + /** Deployment information. */ + deployment?: Deployment; + /** Additional details about the deployment that can be shown to the user. */ + message?: string; } -/** Data connector requirements status. */ -export interface DataConnectorRequirementsState { - /** Authorization state for this connector */ - authorizationState?: DataConnectorAuthorizationState; - /** License state for this connector */ - licenseState?: DataConnectorLicenseState; +/** Description about a deployment. */ +export interface Deployment { + /** Deployment identifier. */ + deploymentId?: string; + /** Current status of the deployment. */ + deploymentState?: DeploymentState; + /** The outcome of the deployment. */ + deploymentResult?: DeploymentResult; + /** The time when the deployment finished. */ + deploymentTime?: Date; + /** Url to access repository action logs. */ + deploymentLogsUrl?: string; } /** Describes threat kill chain phase entity */ @@ -1177,8 +1160,8 @@ export interface ThreatIntelligenceGranularMarkingModel { /** Describes an entity with kind. */ export interface ThreatIntelligenceResourceKind { - /** The kind of the entity. */ - kind: ThreatIntelligenceResourceKindEnum; + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "indicator" | "ThreatIntelligenceInformation" | "indicator"; } /** List of all the threat intelligence information objects. */ @@ -1268,85 +1251,145 @@ export interface ThreatIntelligenceAppendTags { threatIntelligenceTags?: string[]; } -/** Lists the operations available in the SecurityInsights RP. */ -export interface OperationsList { +/** List all the watchlists. */ +export interface WatchlistList { /** - * URL to fetch the next set of operations. + * URL to fetch the next set of watchlists. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of operations */ - value: Operation[]; -} - -/** Operation provided by provider */ -export interface Operation { - /** Properties of the operation */ - display?: OperationDisplay; - /** Name of the operation */ - name?: string; - /** The origin of the operation */ - origin?: string; - /** Indicates whether the operation is a data action */ - isDataAction?: boolean; -} - -/** Properties of the operation */ -export interface OperationDisplay { - /** Description of the operation */ - description?: string; - /** Operation name */ - operation?: string; - /** Provider name */ - provider?: string; - /** Resource name */ - resource?: string; + /** Array of watchlist. */ + value: Watchlist[]; } -/** List of all the office365 consents. */ -export interface OfficeConsentList { +/** List all the watchlist items. */ +export interface WatchlistItemList { /** - * URL to fetch the next set of office consents. + * URL to fetch the next set of watchlist item. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of the consents. */ - value: OfficeConsent[]; + /** Array of watchlist items. */ + value: WatchlistItem[]; } -/** List of all the entity query templates. */ -export interface EntityQueryTemplateList { +/** List all the data connectors. */ +export interface DataConnectorList { /** - * URL to fetch the next set of entity query templates. + * URL to fetch the next set of data connectors. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of entity query templates. */ - value: EntityQueryTemplateUnion[]; -} - -/** alert rule template data sources */ -export interface AlertRuleTemplateDataSource { - /** The connector id that provides the following data types */ - connectorId?: string; - /** The data types used by the alert rule template */ - dataTypes?: string[]; + /** Array of data connectors. */ + value: DataConnectorUnion[]; } -/** Base alert rule template property bag. */ -export interface AlertRuleTemplatePropertiesBase { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; +/** Represents Codeless API Polling data connector. */ +export interface DataConnectorConnectBody { + /** The authentication kind used to poll the data */ + kind?: ConnectAuthKind; + /** The API key of the audit server. */ + apiKey?: string; + /** The client secret of the OAuth 2.0 application. */ + clientSecret?: string; + /** The client id of the OAuth 2.0 application. */ + clientId?: string; + /** The authorization code used in OAuth 2.0 code flow to issue a token. */ + authorizationCode?: string; + /** The user name in the audit log server. */ + userName?: string; + /** The user password in the audit log server. */ + password?: string; + requestConfigUserInputValues?: Record[]; +} + +/** Data connector requirements properties. */ +export interface DataConnectorsCheckRequirements { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: + | "AzureActiveDirectory" + | "AzureAdvancedThreatProtection" + | "AzureSecurityCenter" + | "AmazonWebServicesCloudTrail" + | "AmazonWebServicesS3" + | "Dynamics365" + | "MicrosoftCloudAppSecurity" + | "MicrosoftDefenderAdvancedThreatProtection" + | "MicrosoftThreatIntelligence" + | "MicrosoftThreatProtection" + | "OfficeATP" + | "OfficeIRM" + | "Office365Project" + | "OfficePowerBI" + | "ThreatIntelligence" + | "ThreatIntelligenceTaxii"; +} + +/** Data connector requirements status. */ +export interface DataConnectorRequirementsState { + /** Authorization state for this connector */ + authorizationState?: DataConnectorAuthorizationState; + /** License state for this connector */ + licenseState?: DataConnectorLicenseState; +} + +/** Lists the operations available in the SecurityInsights RP. */ +export interface OperationsList { + /** + * URL to fetch the next set of operations. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of operations */ + value: Operation[]; +} + +/** Operation provided by provider */ +export interface Operation { + /** Properties of the operation */ + display?: OperationDisplay; + /** Name of the operation */ + name?: string; + /** The origin of the operation */ + origin?: string; + /** Indicates whether the operation is a data action */ + isDataAction?: boolean; +} + +/** Properties of the operation */ +export interface OperationDisplay { + /** Description of the operation */ + description?: string; + /** Operation name */ + operation?: string; + /** Provider name */ + provider?: string; + /** Resource name */ + resource?: string; +} + +/** alert rule template data sources */ +export interface AlertRuleTemplateDataSource { + /** The connector id that provides the following data types */ + connectorId?: string; + /** The data types used by the alert rule template */ + dataTypes?: string[]; +} + +/** Base alert rule template property bag. */ +export interface AlertRuleTemplatePropertiesBase { + /** the number of alert rules that were created by this template */ + alertRulesCreatedByTemplateCount?: number; + /** + * The last time that this alert rule template has been updated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastUpdatedDateUTC?: Date; + /** + * The time that this alert rule template has been added. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdDateUTC?: Date; /** The description of the alert rule template. */ description?: string; /** The display name for alert rule template. */ @@ -1363,8 +1406,6 @@ export interface QueryBasedAlertRuleTemplateProperties { query?: string; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ version?: string; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -1403,6 +1444,87 @@ export interface AlertDetailsOverride { alertSeverityColumnName?: string; } +/** Represents a supported source signal configuration in Fusion detection. */ +export interface FusionSourceSettings { + /** Determines whether this source signal is enabled or disabled in Fusion detection. */ + enabled: boolean; + /** Name of the Fusion source signal. Refer to Fusion alert rule template for supported values. */ + sourceName: string; + /** Configuration for all source subtypes under this source signal consumed in fusion detection. */ + sourceSubTypes?: FusionSourceSubTypeSetting[]; +} + +/** Represents a supported source subtype configuration under a source signal in Fusion detection. */ +export interface FusionSourceSubTypeSetting { + /** Determines whether this source subtype under source signal is enabled or disabled in Fusion detection. */ + enabled: boolean; + /** The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values. */ + sourceSubTypeName: string; + /** + * The display name of source subtype under a source signal consumed in Fusion detection. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sourceSubTypeDisplayName?: string; + /** Severity configuration for a source subtype consumed in fusion detection. */ + severityFilters: FusionSubTypeSeverityFilter; +} + +/** Represents severity configuration for a source subtype consumed in Fusion detection. */ +export interface FusionSubTypeSeverityFilter { + /** + * Determines whether this source subtype supports severity configuration or not. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isSupported?: boolean; + /** Individual Severity configuration settings for a given source subtype consumed in Fusion detection. */ + filters?: FusionSubTypeSeverityFiltersItem[]; +} + +/** Represents a Severity filter setting for a given source subtype consumed in Fusion detection. */ +export interface FusionSubTypeSeverityFiltersItem { + /** The Severity for a given source subtype consumed in Fusion detection. */ + severity: AlertSeverity; + /** Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection. */ + enabled: boolean; +} + +/** Represents a Fusion scenario exclusion patterns in Fusion detection. */ +export interface FusionScenarioExclusionPattern { + /** Scenario exclusion pattern. */ + exclusionPattern: string; + /** DateTime when scenario exclusion pattern is added in UTC. */ + dateAddedInUTC: string; +} + +/** Represents a source signal consumed in Fusion detection. */ +export interface FusionTemplateSourceSetting { + /** The name of a source signal consumed in Fusion detection. */ + sourceName: string; + /** All supported source subtypes under this source signal consumed in fusion detection. */ + sourceSubTypes?: FusionTemplateSourceSubType[]; +} + +/** Represents a source subtype under a source signal consumed in Fusion detection. */ +export interface FusionTemplateSourceSubType { + /** The name of source subtype under a source signal consumed in Fusion detection. */ + sourceSubTypeName: string; + /** + * The display name of source subtype under a source signal consumed in Fusion detection. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sourceSubTypeDisplayName?: string; + /** Severity configuration available for a source subtype consumed in fusion detection. */ + severityFilter: FusionTemplateSubTypeSeverityFilter; +} + +/** Represents severity configurations available for a source subtype consumed in Fusion detection. */ +export interface FusionTemplateSubTypeSeverityFilter { + /** Determines whether severity configuration is supported for this source subtype consumed in Fusion detection. */ + isSupported: boolean; + /** List of all supported severities for this source subtype consumed in Fusion detection. */ + severityFilters?: AlertSeverity[]; +} + /** MicrosoftSecurityIncidentCreation rule common property bag. */ export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { /** the alerts' displayNames on which the cases will be generated */ @@ -1415,43 +1537,6 @@ export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { severitiesFilter?: AlertSeverity[]; } -/** Query based alert rule base property bag. */ -export interface QueryBasedAlertRuleProperties { - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ - templateVersion?: string; - /** The description of the alert rule. */ - description?: string; - /** The query that creates alerts for this rule. */ - query?: string; - /** The display name for alerts created by this alert rule. */ - displayName: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled: boolean; - /** - * The last time that this alert rule has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; - /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ - suppressionDuration: string; - /** Determines whether the suppression for this alert rule is enabled or disabled. */ - suppressionEnabled: boolean; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The settings of the incidents that created from alerts triggered by this analytics rule */ - incidentConfiguration?: IncidentConfiguration; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; -} - /** Incident Configuration property bag. */ export interface IncidentConfiguration { /** Create incidents from alerts triggered by this analytics rule */ @@ -1480,16 +1565,26 @@ export interface GroupingConfiguration { /** Scheduled alert rule template property bag. */ export interface ScheduledAlertRuleCommonProperties { + /** The query that creates alerts for this rule. */ + query?: string; /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ queryFrequency?: string; /** The period (in ISO 8601 duration format) that this alert rule looks at. */ queryPeriod?: string; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; /** The operation against the threshold that triggers alert rule. */ triggerOperator?: TriggerOperator; /** The threshold triggers this alert rule. */ triggerThreshold?: number; /** The event grouping settings. */ eventGroupingSettings?: EventGroupingSettings; + /** Dictionary of string key-value pairs of columns to be attached to the alert */ + customDetails?: { [propertyName: string]: string }; + /** Array of the entity mappings of the alert rule */ + entityMappings?: EntityMapping[]; + /** The alert details override settings */ + alertDetailsOverride?: AlertDetailsOverride; } /** Event grouping settings property bag. */ @@ -1498,48 +1593,6 @@ export interface EventGroupingSettings { aggregationKind?: EventGroupingAggregationKind; } -/** The configuration of the run playbook automation rule action */ -export interface AutomationRuleRunPlaybookActionConfiguration { - /** The resource id of the playbook resource */ - logicAppResourceId?: string; - /** The tenant id of the playbook resource */ - tenantId?: string; -} - -/** The configuration of the modify properties automation rule action */ -export interface AutomationRuleModifyPropertiesActionConfiguration { - /** The reason the incident was closed */ - classification?: IncidentClassification; - /** Describes the reason the incident was closed */ - classificationComment?: string; - /** The classification reason the incident was closed with */ - classificationReason?: IncidentClassificationReason; - /** List of labels to add to the incident */ - labels?: IncidentLabel[]; - /** Describes a user that the incident is assigned to */ - owner?: IncidentOwnerInfo; - /** The severity of the incident */ - severity?: IncidentSeverity; - /** The status of the incident */ - status?: IncidentStatus; -} - -/** The configuration of the automation rule condition */ -export interface AutomationRulePropertyValuesConditionProperties { - /** The property to evaluate */ - propertyName?: AutomationRulePropertyConditionSupportedProperty; - /** The operator to use for evaluation the condition */ - operator?: AutomationRulePropertyConditionSupportedOperator; - /** The values to use for evaluating the condition */ - propertyValues?: string[]; -} - -/** The Activity query definitions */ -export interface ActivityEntityQueriesPropertiesQueryDefinitions { - /** The Activity query to run on a given entity */ - query?: string; -} - /** An properties abstract Query item for entity */ export interface EntityQueryItemProperties { /** Data types for template */ @@ -1614,6 +1667,26 @@ export interface InsightQueryItemPropertiesReferenceTimeRange { beforeRange?: string; } +/** The Activity query definitions */ +export interface ActivityEntityQueriesPropertiesQueryDefinitions { + /** The Activity query to run on a given entity */ + query?: string; +} + +/** The Activity query definitions */ +export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { + /** The Activity query to run on a given entity */ + query?: string; + /** The dimensions we want to summarize the timeline results on, this is comma separated list */ + summarizeBy?: string; +} + +/** The data type definition */ +export interface DataTypeDefinitions { + /** The data type name */ + dataType?: string; +} + /** The pricing tier of the solution */ export interface Sku { /** The kind of the tier */ @@ -1678,6 +1751,18 @@ export interface Dynamics365DataConnectorDataTypes { dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities; } +/** The available data types for Office Microsoft Project data connector. */ +export interface Office365ProjectConnectorDataTypes { + /** Logs data type. */ + logs: Office365ProjectConnectorDataTypesLogs; +} + +/** The available data types for Office Microsoft PowerBI data connector. */ +export interface OfficePowerBIConnectorDataTypes { + /** Logs data type. */ + logs: OfficePowerBIConnectorDataTypesLogs; +} + /** The available data types for office data connector. */ export interface OfficeDataConnectorDataTypes { /** Exchange data type connection. */ @@ -1936,20 +2021,6 @@ export interface CodelessConnectorPollingResponseProperties { isGzipCompressed?: boolean; } -/** The Activity query definitions */ -export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { - /** The Activity query to run on a given entity */ - query?: string; - /** The dimensions we want to summarize the timeline results on, this is comma separated list */ - summarizeBy?: string; -} - -/** The data type definition */ -export interface DataTypeDefinitions { - /** The data type name */ - dataType?: string; -} - /** ThreatIntelligence property bag. */ export interface ThreatIntelligence { /** @@ -2041,20 +2112,20 @@ export type Entity = Resource & { kind: EntityKind; }; -/** Consent for Office365 tenant that already made. */ -export type OfficeConsent = Resource & { - /** The tenantId of the Office365 with the consent. */ - tenantId?: string; - /** Help to easily cascade among the data layers. */ - consentId?: string; -}; - /** Specific entity query template. */ export type EntityQueryTemplate = Resource & { /** the entity query template kind */ kind: EntityQueryTemplateKind; }; +/** Consent for Office365 tenant that already made. */ +export type OfficeConsent = Resource & { + /** The tenantId of the Office365 with the consent. */ + tenantId?: string; + /** Help to easily cascade among the data layers. */ + consentId?: string; +}; + /** Action property bag. */ export type ActionResponseProperties = ActionPropertiesBase & { /** The name of the logic app's workflow. */ @@ -2068,27 +2139,43 @@ export type ActionRequestProperties = ActionPropertiesBase & { }; /** Describes an automation rule condition that evaluates a property's value */ -export type AutomationRulePropertyValuesCondition = AutomationRuleCondition & { +export type PropertyConditionProperties = AutomationRuleCondition & { /** Polymorphic discriminator, which specifies the different types this object can be */ conditionType: "Property"; - /** The configuration of the automation rule condition */ - conditionProperties: AutomationRulePropertyValuesConditionProperties; -}; - -/** Describes an automation rule action to run a playbook */ -export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - actionType: "RunPlaybook"; - /** The configuration of the run playbook automation rule action */ - actionConfiguration: AutomationRuleRunPlaybookActionConfiguration; + /** The property to evaluate in an automation rule property condition */ + propertyName?: AutomationRulePropertyConditionSupportedProperty; + operator?: AutomationRulePropertyConditionSupportedOperator; + propertyValues?: string[]; }; /** Describes an automation rule action to modify an object's properties */ export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { /** Polymorphic discriminator, which specifies the different types this object can be */ actionType: "ModifyProperties"; - /** The configuration of the modify properties automation rule action */ - actionConfiguration: AutomationRuleModifyPropertiesActionConfiguration; + /** The severity of the incident */ + severity?: IncidentSeverity; + /** The status of the incident */ + status?: IncidentStatus; + /** The reason the incident was closed */ + classification?: IncidentClassification; + /** The classification reason the incident was closed with */ + classificationReason?: IncidentClassificationReason; + /** Describes the reason the incident was closed */ + classificationComment?: string; + /** Information on the user an incident is assigned to */ + owner?: IncidentOwnerInfo; + /** List of labels to add to the incident */ + labels?: IncidentLabel[]; +}; + +/** Describes an automation rule action to run a playbook */ +export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + actionType: "RunPlaybook"; + /** The resource id of the playbook resource */ + logicAppResourceId?: string; + /** The tenant id of the playbook resource */ + tenantId?: string; }; /** Represents Activity timeline item. */ @@ -3088,6 +3175,87 @@ export type UrlEntityProperties = EntityCommonProperties & { readonly url?: string; }; +/** Threat intelligence indicator entity used in request body. */ +export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "indicator"; + /** Etag of the azure resource */ + etag?: string; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** List of tags */ + threatIntelligenceTags?: string[]; + /** Last updated time in UTC */ + lastUpdatedTimeUtc?: string; + /** Source of a threat intelligence entity */ + source?: string; + /** Display name of a threat intelligence entity */ + displayName?: string; + /** Description of a threat intelligence entity */ + description?: string; + /** Indicator types of threat intelligence entities */ + indicatorTypes?: string[]; + /** Pattern of a threat intelligence entity */ + pattern?: string; + /** Pattern type of a threat intelligence entity */ + patternType?: string; + /** Pattern version of a threat intelligence entity */ + patternVersion?: string; + /** Kill chain phases */ + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + /** Parsed patterns */ + parsedPattern?: ThreatIntelligenceParsedPattern[]; + /** External ID of threat intelligence entity */ + externalId?: string; + /** Created by reference of threat intelligence entity */ + createdByRef?: string; + /** Is threat intelligence entity defanged */ + defanged?: boolean; + /** External last updated time in UTC */ + externalLastUpdatedTimeUtc?: string; + /** External References */ + externalReferences?: ThreatIntelligenceExternalReference[]; + /** Granular Markings */ + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + /** Labels of threat intelligence entity */ + labels?: string[]; + /** Is threat intelligence entity revoked */ + revoked?: boolean; + /** Confidence of threat intelligence entity */ + confidence?: number; + /** Threat intelligence entity object marking references */ + objectMarkingRefs?: string[]; + /** Language of threat intelligence entity */ + language?: string; + /** Threat types */ + threatTypes?: string[]; + /** Valid from */ + validFrom?: string; + /** Valid until */ + validUntil?: string; + /** Created by */ + created?: string; + /** Modified by */ + modified?: string; + /** Extensions map */ + extensions?: { [propertyName: string]: any }; +}; + +/** Threat intelligence information object. */ +export type ThreatIntelligenceInformation = ResourceWithEtag & + ThreatIntelligenceResourceKind & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "ThreatIntelligenceInformation" | "indicator"; + }; + /** Represents AAD (Azure Active Directory) requirements check request. */ export type AADCheckRequirements = DataConnectorsCheckRequirements & { /** Polymorphic discriminator, which specifies the different types this object can be */ @@ -3180,6 +3348,22 @@ export type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & { tenantId?: string; }; +/** Represents Office365 Project requirements check request. */ +export type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "Office365Project"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents Office PowerBI requirements check request. */ +export type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "OfficePowerBI"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + /** Threat Intelligence Platforms data connector check requirements */ export type TICheckRequirements = DataConnectorsCheckRequirements & { /** Polymorphic discriminator, which specifies the different types this object can be */ @@ -3196,117 +3380,28 @@ export type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & { tenantId?: string; }; -/** Threat intelligence indicator entity used in request body. */ -export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { - /** Etag of the azure resource */ - etag?: string; - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** List of tags */ - threatIntelligenceTags?: string[]; - /** Last updated time in UTC */ - lastUpdatedTimeUtc?: string; - /** Source of a threat intelligence entity */ - source?: string; - /** Display name of a threat intelligence entity */ - displayName?: string; - /** Description of a threat intelligence entity */ - description?: string; - /** Indicator types of threat intelligence entities */ - indicatorTypes?: string[]; - /** Pattern of a threat intelligence entity */ - pattern?: string; - /** Pattern type of a threat intelligence entity */ - patternType?: string; - /** Pattern version of a threat intelligence entity */ - patternVersion?: string; - /** Kill chain phases */ - killChainPhases?: ThreatIntelligenceKillChainPhase[]; - /** Parsed patterns */ - parsedPattern?: ThreatIntelligenceParsedPattern[]; - /** External ID of threat intelligence entity */ - externalId?: string; - /** Created by reference of threat intelligence entity */ - createdByRef?: string; - /** Is threat intelligence entity defanged */ - defanged?: boolean; - /** External last updated time in UTC */ - externalLastUpdatedTimeUtc?: string; - /** External References */ - externalReferences?: ThreatIntelligenceExternalReference[]; - /** Granular Markings */ - granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - /** Labels of threat intelligence entity */ - labels?: string[]; - /** Is threat intelligence entity revoked */ - revoked?: boolean; - /** Confidence of threat intelligence entity */ - confidence?: number; - /** Threat intelligence entity object marking references */ - objectMarkingRefs?: string[]; - /** Language of threat intelligence entity */ - language?: string; - /** Threat types */ - threatTypes?: string[]; - /** Valid from */ - validFrom?: string; - /** Valid until */ - validUntil?: string; - /** Created by */ - created?: string; - /** Modified by */ - modified?: string; - /** Extensions map */ - extensions?: { [propertyName: string]: any }; -}; - -/** Threat intelligence information object. */ -export type ThreatIntelligenceInformation = ResourceWithEtag & - ThreatIntelligenceResourceKind & {}; - -/** MLBehaviorAnalytics alert rule template properties. */ -export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template. */ - tactics?: AttackTactic[]; -}; - -/** Fusion alert rule template properties */ -export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; -}; - -/** Threat Intelligence alert rule template properties */ -export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template */ +/** Alert rule template with MITRE property bag. */ +export type AlertRuleTemplateWithMitreProperties = AlertRuleTemplatePropertiesBase & { + /** The tactics of the alert rule */ tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; }; /** MicrosoftSecurityIncidentCreation rule template properties */ -export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & - MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {}; - -/** Scheduled alert rule template properties */ -export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & - QueryBasedAlertRuleTemplateProperties & - ScheduledAlertRuleCommonProperties & {}; +export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { + /** the alerts' displayNames on which the cases will be generated */ + displayNamesFilter?: string[]; + /** the alerts' displayNames on which the cases will not be generated */ + displayNamesExcludeFilter?: string[]; + /** The alerts' productName on which the cases will be generated */ + productFilter?: MicrosoftSecurityProductName; + /** the alerts' severities on which the cases will be generated */ + severitiesFilter?: AlertSeverity[]; +}; /** NRT alert rule template properties */ -export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & +export type NrtAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & {}; /** MicrosoftSecurityIncidentCreation rule property bag. */ @@ -3327,29 +3422,51 @@ export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecu }; /** Scheduled alert rule base property bag. */ -export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & - QueryBasedAlertRuleProperties & {}; - -/** Nrt alert rule base property bag. */ -export type NrtAlertRuleProperties = QueryBasedAlertRuleProperties & {}; - -/** Represents Insight Query. */ -export type InsightQueryItemProperties = EntityQueryItemProperties & { - /** The insight display name. */ - displayName?: string; - /** The insight description. */ +export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & { + /** The Name of the alert rule template used to create this rule. */ + alertRuleTemplateName?: string; + /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ + templateVersion?: string; + /** The description of the alert rule. */ description?: string; - /** The base query of the insight. */ - baseQuery?: string; - /** The insight table query. */ - tableQuery?: InsightQueryItemPropertiesTableQuery; - /** The insight chart query. */ - chartQuery?: Record; - /** The activity query definitions. */ - additionalQuery?: InsightQueryItemPropertiesAdditionalQuery; - /** The insight chart query. */ - defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange; - /** The insight chart query. */ + /** The display name for alerts created by this alert rule. */ + displayName: string; + /** Determines whether this alert rule is enabled or disabled. */ + enabled: boolean; + /** + * The last time that this alert rule has been modified. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedUtc?: Date; + /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ + suppressionDuration: string; + /** Determines whether the suppression for this alert rule is enabled or disabled. */ + suppressionEnabled: boolean; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; + /** The settings of the incidents that created from alerts triggered by this analytics rule */ + incidentConfiguration?: IncidentConfiguration; +}; + +/** Represents Insight Query. */ +export type InsightQueryItemProperties = EntityQueryItemProperties & { + /** The insight display name. */ + displayName?: string; + /** The insight description. */ + description?: string; + /** The base query of the insight. */ + baseQuery?: string; + /** The insight table query. */ + tableQuery?: InsightQueryItemPropertiesTableQuery; + /** The insight chart query. */ + chartQuery?: Record; + /** The activity query definitions. */ + additionalQuery?: InsightQueryItemPropertiesAdditionalQuery; + /** The insight chart query. */ + defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange; + /** The insight chart query. */ referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange; }; @@ -3380,6 +3497,12 @@ export type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {}; /** OfficeIRM (Microsoft Insider Risk Management) requirements check properties. */ export type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {}; +/** Office365 Project requirements check properties. */ +export type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** Office PowerBI requirements check properties. */ +export type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {}; + /** Threat Intelligence Platforms data connector required properties. */ export type TICheckRequirementsProperties = DataConnectorTenantId & {}; @@ -3422,6 +3545,18 @@ export type Dynamics365DataConnectorProperties = DataConnectorTenantId & { export type OfficeATPDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; +/** Office Microsoft Project data connector properties. */ +export type Office365ProjectDataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: Office365ProjectConnectorDataTypes; +}; + +/** Office Microsoft PowerBI data connector properties. */ +export type OfficePowerBIDataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: OfficePowerBIConnectorDataTypes; +}; + /** OfficeIRM (Microsoft Insider Risk Management) data connector properties. */ export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; @@ -3502,6 +3637,12 @@ export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; /** Common Data Service data type connection. */ export type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {}; +/** Logs data type. */ +export type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +/** Logs data type. */ +export type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + /** Exchange data type connection. */ export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; @@ -3556,36 +3697,35 @@ export type ActionRequest = ResourceWithEtag & { triggerUri?: string; }; -/** Represents an automation rule. */ export type AutomationRule = ResourceWithEtag & { - /** The display name of the automation rule */ - displayName?: string; + /** The display name of the automation rule */ + displayName: string; /** The order of execution of the automation rule */ - order?: number; - /** The triggering logic of the automation rule */ - triggeringLogic?: AutomationRuleTriggeringLogic; + order: number; + /** Describes automation rule triggering logic */ + triggeringLogic: AutomationRuleTriggeringLogic; /** The actions to execute when the automation rule is triggered */ - actions?: AutomationRuleActionUnion[]; - /** - * The time the automation rule was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdTimeUtc?: Date; + actions: AutomationRuleActionUnion[]; /** * The last time the automation rule was updated * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedTimeUtc?: Date; /** - * Describes the client that created the automation rule + * The time the automation rule was created * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly createdBy?: ClientInfo; + readonly createdTimeUtc?: Date; /** - * Describes the client that last updated the automation rule + * Information on the client (user or application) that made some action * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedBy?: ClientInfo; + /** + * Information on the client (user or application) that made some action + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdBy?: ClientInfo; }; /** Represents a bookmark in Azure Security Insights. */ @@ -3616,6 +3756,12 @@ export type Bookmark = ResourceWithEtag & { queryEndTime?: Date; /** Describes an incident that relates to bookmark */ incidentInfo?: IncidentInfo; + /** Describes the entity mappings of the bookmark */ + entityMappings?: BookmarkEntityMappings[]; + /** A list of relevant mitre attacks */ + tactics?: AttackTactic[]; + /** A list of relevant mitre techniques */ + techniques?: string[]; }; /** Represents a relation between two resources */ @@ -3760,6 +3906,20 @@ export type MetadataModel = ResourceWithEtag & { firstPublishDate?: Date; /** last publish date for the solution content item */ lastPublishDate?: Date; + /** The custom version of the content. A optional free text */ + customVersion?: string; + /** Schema version of the content. Can be used to distinguish between different flow based on the schema version */ + contentSchemaVersion?: string; + /** the icon identifier. this id can later be fetched from the solution template */ + icon?: string; + /** the tactics the resource covers */ + threatAnalysisTactics?: string[]; + /** the techniques the resource covers, these have to be aligned with the tactics being used */ + threatAnalysisTechniques?: string[]; + /** preview image file names. These will be taken from the solution artifacts */ + previewImages?: string[]; + /** preview image file names. These will be taken from the solution artifacts. used for dark theme support */ + previewImagesDark?: string[]; }; /** Metadata patch request body. */ @@ -3788,6 +3948,20 @@ export type MetadataPatch = ResourceWithEtag & { firstPublishDate?: Date; /** last publish date for the solution content item */ lastPublishDate?: Date; + /** The custom version of the content. A optional free text */ + customVersion?: string; + /** Schema version of the content. Can be used to distinguish between different flow based on the schema version */ + contentSchemaVersion?: string; + /** the icon identifier. this id can later be fetched from the solution template */ + icon?: string; + /** the tactics the resource covers */ + threatAnalysisTactics?: string[]; + /** the techniques the resource covers, these have to be aligned with the tactics being used */ + threatAnalysisTechniques?: string[]; + /** preview image file names. These will be taken from the solution artifacts */ + previewImages?: string[]; + /** preview image file names. These will be taken from the solution artifacts. used for dark theme support */ + previewImagesDark?: string[]; }; /** Sentinel onboarding state */ @@ -3806,6 +3980,8 @@ export type Settings = ResourceWithEtag & { export type SourceControl = ResourceWithEtag & { /** The id (a Guid) of the source control */ idPropertiesId?: string; + /** The version number associated with the source control */ + version?: Version; /** The display name of the source control */ displayName?: string; /** A description of the source control */ @@ -3816,6 +3992,10 @@ export type SourceControl = ResourceWithEtag & { contentTypes?: ContentType[]; /** Repository metadata. */ repository?: Repository; + /** Information regarding the resources created in user's repository. */ + repositoryResourceInfo?: RepositoryResourceInfo; + /** Information regarding the latest deployment for the source control. */ + lastDeploymentInfo?: DeploymentInfo; }; /** Represents a Watchlist in Azure Security Insights. */ @@ -3826,8 +4006,10 @@ export type Watchlist = ResourceWithEtag & { displayName?: string; /** The provider of the watchlist */ provider?: string; - /** The source of the watchlist */ - source?: Source; + /** The filename of the watchlist, called 'source' */ + source?: string; + /** The sourceType of the watchlist */ + sourceType?: SourceType; /** The time the watchlist was created */ created?: Date; /** The last time the watchlist was updated */ @@ -3860,8 +4042,6 @@ export type Watchlist = ResourceWithEtag & { contentType?: string; /** The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted */ uploadStatus?: string; - /** The number of Watchlist Items in the Watchlist */ - watchlistItemsCount?: number; }; /** Represents a Watchlist item in Azure Security Insights. */ @@ -3916,10 +4096,12 @@ export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule template. */ - tactics?: AttackTactic[]; }; /** Represents Fusion alert rule template. */ @@ -3927,20 +4109,20 @@ export type FusionAlertRuleTemplate = AlertRuleTemplate & { /** the number of alert rules that were created by this template */ alertRulesCreatedByTemplateCount?: number; /** - * The last time that this alert rule template has been updated. + * The time that this alert rule template has been added. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly lastUpdatedDateUTC?: Date; + readonly createdDateUTC?: Date; /** - * The time that this alert rule template has been added. + * The time that this alert rule template was last updated. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly createdDateUTC?: Date; + readonly lastUpdatedDateUTC?: Date; /** The description of the alert rule template. */ description?: string; /** The display name for alert rule template. */ displayName?: string; - /** The required data sources for this template */ + /** The required data connectors for this template */ requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; @@ -3948,6 +4130,10 @@ export type FusionAlertRuleTemplate = AlertRuleTemplate & { severity?: AlertSeverity; /** The tactics of the alert rule template */ tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; + /** All supported source signal configurations consumed in fusion detection. */ + sourceSettings?: FusionTemplateSourceSetting[]; }; /** Represents Threat Intelligence alert rule template. */ @@ -3972,10 +4158,12 @@ export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; }; /** Represents MicrosoftSecurityIncidentCreation rule template. */ @@ -4015,47 +4203,49 @@ export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { /** the number of alert rules that were created by this template */ alertRulesCreatedByTemplateCount?: number; /** - * The last time that this alert rule template has been updated. + * The time that this alert rule template has been added. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly lastUpdatedDateUTC?: Date; + readonly createdDateUTC?: Date; /** - * The time that this alert rule template has been added. + * The time that this alert rule template was last updated. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly createdDateUTC?: Date; + readonly lastUpdatedDateUTC?: Date; /** The description of the alert rule template. */ description?: string; /** The display name for alert rule template. */ displayName?: string; - /** The required data sources for this template */ + /** The required data connectors for this template */ requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; /** The query that creates alerts for this rule. */ query?: string; + /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ + queryFrequency?: string; + /** The period (in ISO 8601 duration format) that this alert rule looks at. */ + queryPeriod?: string; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ + /** The operation against the threshold that triggers alert rule. */ + triggerOperator?: TriggerOperator; + /** The threshold triggers this alert rule. */ + triggerThreshold?: number; + /** The tactics of the alert rule template */ tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ version?: string; + /** The event grouping settings. */ + eventGroupingSettings?: EventGroupingSettings; /** Dictionary of string key-value pairs of columns to be attached to the alert */ customDetails?: { [propertyName: string]: string }; /** Array of the entity mappings of the alert rule */ entityMappings?: EntityMapping[]; /** The alert details override settings */ alertDetailsOverride?: AlertDetailsOverride; - /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ - queryFrequency?: string; - /** The period (in ISO 8601 duration format) that this alert rule looks at. */ - queryPeriod?: string; - /** The operation against the threshold that triggers alert rule. */ - triggerOperator?: TriggerOperator; - /** The threshold triggers this alert rule. */ - triggerThreshold?: number; - /** The event grouping settings. */ - eventGroupingSettings?: EventGroupingSettings; }; /** Represents NRT alert rule template. */ @@ -4080,12 +4270,14 @@ export type NrtAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The query that creates alerts for this rule. */ query?: string; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ version?: string; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -5191,6 +5383,8 @@ export type ActivityEntityQueryTemplate = EntityQueryTemplate & { /** Threat intelligence indicator entity. */ export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "indicator"; /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5259,6 +5453,18 @@ export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { extensions?: { [propertyName: string]: any }; }; +/** MLBehaviorAnalytics alert rule template properties. */ +export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { + /** The severity for alerts created by this alert rule. */ + severity: AlertSeverity; +}; + +/** Threat Intelligence alert rule template properties */ +export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { + /** The severity for alerts created by this alert rule. */ + severity: AlertSeverity; +}; + export type PermissionsCustomsItem = Customs & {}; /** Represents MLBehaviorAnalytics alert rule. */ @@ -5292,6 +5498,11 @@ export type MLBehaviorAnalyticsAlertRule = AlertRule & { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; }; /** Represents Fusion alert rule. */ @@ -5310,6 +5521,10 @@ export type FusionAlertRule = AlertRule & { readonly displayName?: string; /** Determines whether this alert rule is enabled or disabled. */ enabled?: boolean; + /** Configuration for all supported source signals in fusion detection. */ + sourceSettings?: FusionSourceSettings[]; + /** Configuration to exclude scenarios in fusion detection. */ + scenarioExclusionPatterns?: FusionScenarioExclusionPattern[]; /** * The last time that this alert has been modified. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5325,6 +5540,11 @@ export type FusionAlertRule = AlertRule & { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; }; /** Represents Threat Intelligence alert rule. */ @@ -5358,6 +5578,11 @@ export type ThreatIntelligenceAlertRule = AlertRule & { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; }; /** Represents MicrosoftSecurityIncidentCreation rule. */ @@ -5387,24 +5612,32 @@ export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & { /** Represents scheduled alert rule. */ export type ScheduledAlertRule = AlertRule & { + /** The query that creates alerts for this rule. */ + query?: string; /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ queryFrequency?: string; /** The period (in ISO 8601 duration format) that this alert rule looks at. */ queryPeriod?: string; + /** The severity for alerts created by this alert rule. */ + severity?: AlertSeverity; /** The operation against the threshold that triggers alert rule. */ triggerOperator?: TriggerOperator; /** The threshold triggers this alert rule. */ triggerThreshold?: number; /** The event grouping settings. */ eventGroupingSettings?: EventGroupingSettings; + /** Dictionary of string key-value pairs of columns to be attached to the alert */ + customDetails?: { [propertyName: string]: string }; + /** Array of the entity mappings of the alert rule */ + entityMappings?: EntityMapping[]; + /** The alert details override settings */ + alertDetailsOverride?: AlertDetailsOverride; /** The Name of the alert rule template used to create this rule. */ alertRuleTemplateName?: string; /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ templateVersion?: string; /** The description of the alert rule. */ description?: string; - /** The query that creates alerts for this rule. */ - query?: string; /** The display name for alerts created by this alert rule. */ displayName?: string; /** Determines whether this alert rule is enabled or disabled. */ @@ -5418,18 +5651,12 @@ export type ScheduledAlertRule = AlertRule & { suppressionDuration?: string; /** Determines whether the suppression for this alert rule is enabled or disabled. */ suppressionEnabled?: boolean; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; /** The tactics of the alert rule */ tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The settings of the incidents that created from alerts triggered by this analytics rule */ incidentConfiguration?: IncidentConfiguration; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; }; /** Represents NRT alert rule. */ @@ -5442,6 +5669,10 @@ export type NrtAlertRule = AlertRule & { description?: string; /** The query that creates alerts for this rule. */ query?: string; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The display name for alerts created by this alert rule. */ displayName?: string; /** Determines whether this alert rule is enabled or disabled. */ @@ -5457,8 +5688,6 @@ export type NrtAlertRule = AlertRule & { suppressionEnabled?: boolean; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The settings of the incidents that created from alerts triggered by this analytics rule */ incidentConfiguration?: IncidentConfiguration; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -5666,6 +5895,22 @@ export type OfficeATPDataConnector = DataConnector & { dataTypes?: AlertsDataTypeOfDataConnector; }; +/** Represents Office Microsoft Project data connector. */ +export type Office365ProjectDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: Office365ProjectConnectorDataTypes; +}; + +/** Represents Office Microsoft PowerBI data connector. */ +export type OfficePowerBIDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: OfficePowerBIConnectorDataTypes; +}; + /** Represents OfficeIRM (Microsoft Insider Risk Management) data connector. */ export type OfficeIRMDataConnector = DataConnector & { /** The tenant id to connect to, and get the data from. */ @@ -5738,6 +5983,18 @@ export type CodelessApiPollingDataConnector = DataConnector & { pollingConfig?: CodelessConnectorPollingConfigProperties; }; +/** Defines headers for Watchlists_delete operation. */ +export interface WatchlistsDeleteHeaders { + /** Contains the status URL on which clients are expected to poll the status of the delete operation. */ + azureAsyncOperation?: string; +} + +/** Defines headers for Watchlists_createOrUpdate operation. */ +export interface WatchlistsCreateOrUpdateHeaders { + /** Contains the status URL on which clients are expected to poll the status of the operation. */ + azureAsyncOperation?: string; +} + /** Known values of {@link AlertRuleKind} that the service accepts. */ export enum KnownAlertRuleKind { Scheduled = "Scheduled", @@ -5812,23 +6069,23 @@ export enum KnownTriggersWhen { */ export type TriggersWhen = string; -/** Known values of {@link AutomationRuleConditionType} that the service accepts. */ -export enum KnownAutomationRuleConditionType { +/** Known values of {@link ConditionType} that the service accepts. */ +export enum KnownConditionType { /** Evaluate an object property value */ Property = "Property" } /** - * Defines values for AutomationRuleConditionType. \ - * {@link KnownAutomationRuleConditionType} can be used interchangeably with AutomationRuleConditionType, + * Defines values for ConditionType. \ + * {@link KnownConditionType} can be used interchangeably with ConditionType, * this enum contains the known values that the service supports. * ### Known values supported by the service * **Property**: Evaluate an object property value */ -export type AutomationRuleConditionType = string; +export type ConditionType = string; -/** Known values of {@link AutomationRuleActionType} that the service accepts. */ -export enum KnownAutomationRuleActionType { +/** Known values of {@link ActionType} that the service accepts. */ +export enum KnownActionType { /** Modify an object's properties */ ModifyProperties = "ModifyProperties", /** Run a playbook on an object */ @@ -5836,14 +6093,14 @@ export enum KnownAutomationRuleActionType { } /** - * Defines values for AutomationRuleActionType. \ - * {@link KnownAutomationRuleActionType} can be used interchangeably with AutomationRuleActionType, + * Defines values for ActionType. \ + * {@link KnownActionType} can be used interchangeably with ActionType, * this enum contains the known values that the service supports. * ### Known values supported by the service * **ModifyProperties**: Modify an object's properties \ * **RunPlaybook**: Run a playbook on an object */ -export type AutomationRuleActionType = string; +export type ActionType = string; /** Known values of {@link IncidentSeverity} that the service accepts. */ export enum KnownIncidentSeverity { @@ -5869,6 +6126,52 @@ export enum KnownIncidentSeverity { */ export type IncidentSeverity = string; +/** Known values of {@link AttackTactic} that the service accepts. */ +export enum KnownAttackTactic { + Reconnaissance = "Reconnaissance", + ResourceDevelopment = "ResourceDevelopment", + InitialAccess = "InitialAccess", + Execution = "Execution", + Persistence = "Persistence", + PrivilegeEscalation = "PrivilegeEscalation", + DefenseEvasion = "DefenseEvasion", + CredentialAccess = "CredentialAccess", + Discovery = "Discovery", + LateralMovement = "LateralMovement", + Collection = "Collection", + Exfiltration = "Exfiltration", + CommandAndControl = "CommandAndControl", + Impact = "Impact", + PreAttack = "PreAttack", + ImpairProcessControl = "ImpairProcessControl", + InhibitResponseFunction = "InhibitResponseFunction" +} + +/** + * Defines values for AttackTactic. \ + * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Reconnaissance** \ + * **ResourceDevelopment** \ + * **InitialAccess** \ + * **Execution** \ + * **Persistence** \ + * **PrivilegeEscalation** \ + * **DefenseEvasion** \ + * **CredentialAccess** \ + * **Discovery** \ + * **LateralMovement** \ + * **Collection** \ + * **Exfiltration** \ + * **CommandAndControl** \ + * **Impact** \ + * **PreAttack** \ + * **ImpairProcessControl** \ + * **InhibitResponseFunction** + */ +export type AttackTactic = string; + /** Known values of {@link EntityKind} that the service accepts. */ export enum KnownEntityKind { /** Entity represents account in the system. */ @@ -5944,21 +6247,41 @@ export enum KnownEntityKind { */ export type EntityKind = string; -/** Known values of {@link Enum8} that the service accepts. */ -export enum KnownEnum8 { - Expansion = "Expansion", - Activity = "Activity" +/** Known values of {@link EntityTimelineKind} that the service accepts. */ +export enum KnownEntityTimelineKind { + /** activity */ + Activity = "Activity", + /** bookmarks */ + Bookmark = "Bookmark", + /** security alerts */ + SecurityAlert = "SecurityAlert" } /** - * Defines values for Enum8. \ - * {@link KnownEnum8} can be used interchangeably with Enum8, + * Defines values for EntityTimelineKind. \ + * {@link KnownEntityTimelineKind} can be used interchangeably with EntityTimelineKind, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Expansion** \ - * **Activity** + * **Activity**: activity \ + * **Bookmark**: bookmarks \ + * **SecurityAlert**: security alerts + */ +export type EntityTimelineKind = string; + +/** Known values of {@link EntityItemQueryKind} that the service accepts. */ +export enum KnownEntityItemQueryKind { + /** insight */ + Insight = "Insight" +} + +/** + * Defines values for EntityItemQueryKind. \ + * {@link KnownEntityItemQueryKind} can be used interchangeably with EntityItemQueryKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Insight**: insight */ -export type Enum8 = string; +export type EntityItemQueryKind = string; /** Known values of {@link EntityQueryKind} that the service accepts. */ export enum KnownEntityQueryKind { @@ -5978,6 +6301,22 @@ export enum KnownEntityQueryKind { */ export type EntityQueryKind = string; +/** Known values of {@link Enum12} that the service accepts. */ +export enum KnownEnum12 { + Expansion = "Expansion", + Activity = "Activity" +} + +/** + * Defines values for Enum12. \ + * {@link KnownEnum12} can be used interchangeably with Enum12, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Expansion** \ + * **Activity** + */ +export type Enum12 = string; + /** Known values of {@link CustomEntityQueryKind} that the service accepts. */ export enum KnownCustomEntityQueryKind { Activity = "Activity" @@ -5992,79 +6331,19 @@ export enum KnownCustomEntityQueryKind { */ export type CustomEntityQueryKind = string; -/** Known values of {@link EntityTimelineKind} that the service accepts. */ -export enum KnownEntityTimelineKind { - /** activity */ - Activity = "Activity", - /** bookmarks */ - Bookmark = "Bookmark", - /** security alerts */ - SecurityAlert = "SecurityAlert" -} - -/** - * Defines values for EntityTimelineKind. \ - * {@link KnownEntityTimelineKind} can be used interchangeably with EntityTimelineKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Activity**: activity \ - * **Bookmark**: bookmarks \ - * **SecurityAlert**: security alerts - */ -export type EntityTimelineKind = string; - -/** Known values of {@link EntityItemQueryKind} that the service accepts. */ -export enum KnownEntityItemQueryKind { - /** insight */ - Insight = "Insight" -} - -/** - * Defines values for EntityItemQueryKind. \ - * {@link KnownEntityItemQueryKind} can be used interchangeably with EntityItemQueryKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Insight**: insight - */ -export type EntityItemQueryKind = string; - -/** Known values of {@link AttackTactic} that the service accepts. */ -export enum KnownAttackTactic { - InitialAccess = "InitialAccess", - Execution = "Execution", - Persistence = "Persistence", - PrivilegeEscalation = "PrivilegeEscalation", - DefenseEvasion = "DefenseEvasion", - CredentialAccess = "CredentialAccess", - Discovery = "Discovery", - LateralMovement = "LateralMovement", - Collection = "Collection", - Exfiltration = "Exfiltration", - CommandAndControl = "CommandAndControl", - Impact = "Impact", - PreAttack = "PreAttack" +/** Known values of {@link EntityQueryTemplateKind} that the service accepts. */ +export enum KnownEntityQueryTemplateKind { + Activity = "Activity" } /** - * Defines values for AttackTactic. \ - * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, + * Defines values for EntityQueryTemplateKind. \ + * {@link KnownEntityQueryTemplateKind} can be used interchangeably with EntityQueryTemplateKind, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **InitialAccess** \ - * **Execution** \ - * **Persistence** \ - * **PrivilegeEscalation** \ - * **DefenseEvasion** \ - * **CredentialAccess** \ - * **Discovery** \ - * **LateralMovement** \ - * **Collection** \ - * **Exfiltration** \ - * **CommandAndControl** \ - * **Impact** \ - * **PreAttack** + * **Activity** */ -export type AttackTactic = string; +export type EntityQueryTemplateKind = string; /** Known values of {@link IncidentClassification} that the service accepts. */ export enum KnownIncidentClassification { @@ -6119,7 +6398,7 @@ export enum KnownIncidentLabelType { /** Label manually created by a user */ User = "User", /** Label automatically created by the system */ - System = "System" + AutoAssigned = "AutoAssigned" } /** @@ -6128,7 +6407,7 @@ export enum KnownIncidentLabelType { * this enum contains the known values that the service supports. * ### Known values supported by the service * **User**: Label manually created by a user \ - * **System**: Label automatically created by the system + * **AutoAssigned**: Label automatically created by the system */ export type IncidentLabelType = string; @@ -6339,7 +6618,10 @@ export enum KnownKind { Parser = "Parser", Watchlist = "Watchlist", WatchlistTemplate = "WatchlistTemplate", - Solution = "Solution" + Solution = "Solution", + AzureFunction = "AzureFunction", + LogicAppsCustomConnector = "LogicAppsCustomConnector", + AutomationRule = "AutomationRule" } /** @@ -6360,7 +6642,10 @@ export enum KnownKind { * **Parser** \ * **Watchlist** \ * **WatchlistTemplate** \ - * **Solution** + * **Solution** \ + * **AzureFunction** \ + * **LogicAppsCustomConnector** \ + * **AutomationRule** */ export type Kind = string; @@ -6454,6 +6739,22 @@ export enum KnownRepoType { */ export type RepoType = string; +/** Known values of {@link Version} that the service accepts. */ +export enum KnownVersion { + V1 = "V1", + V2 = "V2" +} + +/** + * Defines values for Version. \ + * {@link KnownVersion} can be used interchangeably with Version, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **V1** \ + * **V2** + */ +export type Version = string; + /** Known values of {@link ContentType} that the service accepts. */ export enum KnownContentType { AnalyticRule = "AnalyticRule", @@ -6470,21 +6771,110 @@ export enum KnownContentType { */ export type ContentType = string; -/** Known values of {@link Source} that the service accepts. */ -export enum KnownSource { +/** Known values of {@link DeploymentFetchStatus} that the service accepts. */ +export enum KnownDeploymentFetchStatus { + Success = "Success", + Unauthorized = "Unauthorized", + NotFound = "NotFound" +} + +/** + * Defines values for DeploymentFetchStatus. \ + * {@link KnownDeploymentFetchStatus} can be used interchangeably with DeploymentFetchStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Success** \ + * **Unauthorized** \ + * **NotFound** + */ +export type DeploymentFetchStatus = string; + +/** Known values of {@link DeploymentState} that the service accepts. */ +export enum KnownDeploymentState { + InProgress = "In_Progress", + Completed = "Completed", + Queued = "Queued", + Canceling = "Canceling" +} + +/** + * Defines values for DeploymentState. \ + * {@link KnownDeploymentState} can be used interchangeably with DeploymentState, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **In_Progress** \ + * **Completed** \ + * **Queued** \ + * **Canceling** + */ +export type DeploymentState = string; + +/** Known values of {@link DeploymentResult} that the service accepts. */ +export enum KnownDeploymentResult { + Success = "Success", + Canceled = "Canceled", + Failed = "Failed" +} + +/** + * Defines values for DeploymentResult. \ + * {@link KnownDeploymentResult} can be used interchangeably with DeploymentResult, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Success** \ + * **Canceled** \ + * **Failed** + */ +export type DeploymentResult = string; + +/** Known values of {@link ThreatIntelligenceResourceKindEnum} that the service accepts. */ +export enum KnownThreatIntelligenceResourceKindEnum { + /** Entity represents threat intelligence indicator in the system. */ + Indicator = "indicator" +} + +/** + * Defines values for ThreatIntelligenceResourceKindEnum. \ + * {@link KnownThreatIntelligenceResourceKindEnum} can be used interchangeably with ThreatIntelligenceResourceKindEnum, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **indicator**: Entity represents threat intelligence indicator in the system. + */ +export type ThreatIntelligenceResourceKindEnum = string; + +/** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */ +export enum KnownThreatIntelligenceSortingCriteriaEnum { + Unsorted = "unsorted", + Ascending = "ascending", + Descending = "descending" +} + +/** + * Defines values for ThreatIntelligenceSortingCriteriaEnum. \ + * {@link KnownThreatIntelligenceSortingCriteriaEnum} can be used interchangeably with ThreatIntelligenceSortingCriteriaEnum, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **unsorted** \ + * **ascending** \ + * **descending** + */ +export type ThreatIntelligenceSortingCriteriaEnum = string; + +/** Known values of {@link SourceType} that the service accepts. */ +export enum KnownSourceType { LocalFile = "Local file", RemoteStorage = "Remote storage" } /** - * Defines values for Source. \ - * {@link KnownSource} can be used interchangeably with Source, + * Defines values for SourceType. \ + * {@link KnownSourceType} can be used interchangeably with SourceType, * this enum contains the known values that the service supports. * ### Known values supported by the service * **Local file** \ * **Remote storage** */ -export type Source = string; +export type SourceType = string; /** Known values of {@link DataConnectorKind} that the service accepts. */ export enum KnownDataConnectorKind { @@ -6496,6 +6886,8 @@ export enum KnownDataConnectorKind { Office365 = "Office365", OfficeATP = "OfficeATP", OfficeIRM = "OfficeIRM", + Office365Project = "Office365Project", + OfficePowerBI = "OfficePowerBI", AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", AmazonWebServicesS3 = "AmazonWebServicesS3", AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", @@ -6520,6 +6912,8 @@ export enum KnownDataConnectorKind { * **Office365** \ * **OfficeATP** \ * **OfficeIRM** \ + * **Office365Project** \ + * **OfficePowerBI** \ * **AmazonWebServicesCloudTrail** \ * **AmazonWebServicesS3** \ * **AzureAdvancedThreatProtection** \ @@ -6584,53 +6978,6 @@ export enum KnownDataConnectorLicenseState { */ export type DataConnectorLicenseState = string; -/** Known values of {@link ThreatIntelligenceResourceKindEnum} that the service accepts. */ -export enum KnownThreatIntelligenceResourceKindEnum { - /** Entity represents threat intelligence indicator in the system. */ - Indicator = "indicator" -} - -/** - * Defines values for ThreatIntelligenceResourceKindEnum. \ - * {@link KnownThreatIntelligenceResourceKindEnum} can be used interchangeably with ThreatIntelligenceResourceKindEnum, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **indicator**: Entity represents threat intelligence indicator in the system. - */ -export type ThreatIntelligenceResourceKindEnum = string; - -/** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */ -export enum KnownThreatIntelligenceSortingCriteriaEnum { - Unsorted = "unsorted", - Ascending = "ascending", - Descending = "descending" -} - -/** - * Defines values for ThreatIntelligenceSortingCriteriaEnum. \ - * {@link KnownThreatIntelligenceSortingCriteriaEnum} can be used interchangeably with ThreatIntelligenceSortingCriteriaEnum, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **unsorted** \ - * **ascending** \ - * **descending** - */ -export type ThreatIntelligenceSortingCriteriaEnum = string; - -/** Known values of {@link EntityQueryTemplateKind} that the service accepts. */ -export enum KnownEntityQueryTemplateKind { - Activity = "Activity" -} - -/** - * Defines values for EntityQueryTemplateKind. \ - * {@link KnownEntityQueryTemplateKind} can be used interchangeably with EntityQueryTemplateKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Activity** - */ -export type EntityQueryTemplateKind = string; - /** Known values of {@link TemplateStatus} that the service accepts. */ export enum KnownTemplateStatus { /** Alert rule template installed. and can not use more then once */ @@ -6809,15 +7156,17 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { IncidentSeverity = "IncidentSeverity", /** The status of the incident */ IncidentStatus = "IncidentStatus", - /** The tactics of the incident */ - IncidentTactics = "IncidentTactics", /** The related Analytic rule ids of the incident */ IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", + /** The tactics of the incident */ + IncidentTactics = "IncidentTactics", + /** The labels of the incident */ + IncidentLabel = "IncidentLabel", /** The provider name of the incident */ IncidentProviderName = "IncidentProviderName", /** The account Azure Active Directory tenant id */ AccountAadTenantId = "AccountAadTenantId", - /** The account Azure Active Directory user id. */ + /** The account Azure Active Directory user id */ AccountAadUserId = "AccountAadUserId", /** The account name */ AccountName = "AccountName", @@ -6831,6 +7180,8 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { AccountObjectGuid = "AccountObjectGuid", /** The account user principal name suffix */ AccountUPNSuffix = "AccountUPNSuffix", + /** The name of the product of the alert */ + AlertProductNames = "AlertProductNames", /** The Azure resource id */ AzureResourceResourceId = "AzureResourceResourceId", /** The Azure resource subscription id */ @@ -6857,7 +7208,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { HostNTDomain = "HostNTDomain", /** The host operating system */ HostOSVersion = "HostOSVersion", - /** The IoT device id */ + /** "The IoT device id */ IoTDeviceId = "IoTDeviceId", /** The IoT device name */ IoTDeviceName = "IoTDeviceName", @@ -6916,17 +7267,19 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { * **IncidentDescription**: The description of the incident \ * **IncidentSeverity**: The severity of the incident \ * **IncidentStatus**: The status of the incident \ - * **IncidentTactics**: The tactics of the incident \ * **IncidentRelatedAnalyticRuleIds**: The related Analytic rule ids of the incident \ + * **IncidentTactics**: The tactics of the incident \ + * **IncidentLabel**: The labels of the incident \ * **IncidentProviderName**: The provider name of the incident \ * **AccountAadTenantId**: The account Azure Active Directory tenant id \ - * **AccountAadUserId**: The account Azure Active Directory user id. \ + * **AccountAadUserId**: The account Azure Active Directory user id \ * **AccountName**: The account name \ * **AccountNTDomain**: The account NetBIOS domain name \ * **AccountPUID**: The account Azure Active Directory Passport User ID \ * **AccountSid**: The account security identifier \ * **AccountObjectGuid**: The account unique identifier \ * **AccountUPNSuffix**: The account user principal name suffix \ + * **AlertProductNames**: The name of the product of the alert \ * **AzureResourceResourceId**: The Azure resource id \ * **AzureResourceSubscriptionId**: The Azure resource subscription id \ * **CloudApplicationAppId**: The cloud application identifier \ @@ -6940,7 +7293,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { * **HostNetBiosName**: The host NetBIOS name \ * **HostNTDomain**: The host NT domain \ * **HostOSVersion**: The host operating system \ - * **IoTDeviceId**: The IoT device id \ + * **IoTDeviceId**: "The IoT device id \ * **IoTDeviceName**: The IoT device name \ * **IoTDeviceType**: The IoT device type \ * **IoTDeviceVendor**: The IoT device vendor \ @@ -7482,13 +7835,6 @@ export interface AlertRuleTemplatesListNextOptionalParams /** Contains response data for the listNext operation. */ export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList; -/** Optional parameters. */ -export interface AutomationRulesListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type AutomationRulesListResponse = AutomationRulesList; - /** Optional parameters. */ export interface AutomationRulesGetOptionalParams extends coreClient.OperationOptions {} @@ -7498,7 +7844,10 @@ export type AutomationRulesGetResponse = AutomationRule; /** Optional parameters. */ export interface AutomationRulesCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} + extends coreClient.OperationOptions { + /** The automation rule */ + automationRuleToUpsert?: AutomationRule; +} /** Contains response data for the createOrUpdate operation. */ export type AutomationRulesCreateOrUpdateResponse = AutomationRule; @@ -7507,6 +7856,28 @@ export type AutomationRulesCreateOrUpdateResponse = AutomationRule; export interface AutomationRulesDeleteOptionalParams extends coreClient.OperationOptions {} +/** Contains response data for the delete operation. */ +export type AutomationRulesDeleteResponse = Record; + +/** Optional parameters. */ +export interface AutomationRulesListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type AutomationRulesListResponse = AutomationRulesList; + +/** Optional parameters. */ +export interface AutomationRulesManualTriggerPlaybookOptionalParams + extends coreClient.OperationOptions { + requestBody?: ManualTriggerRequestBody; +} + +/** Contains response data for the manualTriggerPlaybook operation. */ +export type AutomationRulesManualTriggerPlaybookResponse = Record< + string, + unknown +>; + /** Optional parameters. */ export interface AutomationRulesListNextOptionalParams extends coreClient.OperationOptions {} @@ -7617,44 +7988,6 @@ export interface DomainWhoisGetOptionalParams /** Contains response data for the get operation. */ export type DomainWhoisGetResponse = EnrichmentDomainWhois; -/** Optional parameters. */ -export interface EntityQueriesListOptionalParams - extends coreClient.OperationOptions { - /** The entity query kind we want to fetch */ - kind?: Enum8; -} - -/** Contains response data for the list operation. */ -export type EntityQueriesListResponse = EntityQueryList; - -/** Optional parameters. */ -export interface EntityQueriesGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type EntityQueriesGetResponse = EntityQueryUnion; - -/** Optional parameters. */ -export interface EntityQueriesCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; - -/** Optional parameters. */ -export interface EntityQueriesDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface EntityQueriesListNextOptionalParams - extends coreClient.OperationOptions { - /** The entity query kind we want to fetch */ - kind?: Enum8; -} - -/** Contains response data for the listNext operation. */ -export type EntityQueriesListNextResponse = EntityQueryList; - /** Optional parameters. */ export interface EntitiesListOptionalParams extends coreClient.OperationOptions {} @@ -7744,20 +8077,79 @@ export interface EntityRelationsGetRelationOptionalParams export type EntityRelationsGetRelationResponse = Relation; /** Optional parameters. */ -export interface IncidentsListOptionalParams +export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; + /** The entity query kind we want to fetch */ + kind?: Enum12; } /** Contains response data for the list operation. */ -export type IncidentsListResponse = IncidentList; +export type EntityQueriesListResponse = EntityQueryList; + +/** Optional parameters. */ +export interface EntityQueriesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type EntityQueriesGetResponse = EntityQueryUnion; + +/** Optional parameters. */ +export interface EntityQueriesCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; + +/** Optional parameters. */ +export interface EntityQueriesDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface EntityQueriesListNextOptionalParams + extends coreClient.OperationOptions { + /** The entity query kind we want to fetch */ + kind?: Enum12; +} + +/** Contains response data for the listNext operation. */ +export type EntityQueriesListNextResponse = EntityQueryList; + +/** Optional parameters. */ +export interface EntityQueryTemplatesListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; + +/** Optional parameters. */ +export interface EntityQueryTemplatesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; + +/** Optional parameters. */ +export interface EntityQueryTemplatesListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; + +/** Optional parameters. */ +export interface IncidentsListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the list operation. */ +export type IncidentsListResponse = IncidentList; /** Optional parameters. */ export interface IncidentsGetOptionalParams @@ -7978,6 +8370,31 @@ export interface MetadataListNextOptionalParams /** Contains response data for the listNext operation. */ export type MetadataListNextResponse = MetadataList; +/** Optional parameters. */ +export interface OfficeConsentsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type OfficeConsentsListResponse = OfficeConsentList; + +/** Optional parameters. */ +export interface OfficeConsentsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type OfficeConsentsGetResponse = OfficeConsent; + +/** Optional parameters. */ +export interface OfficeConsentsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface OfficeConsentsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type OfficeConsentsListNextResponse = OfficeConsentList; + /** Optional parameters. */ export interface SentinelOnboardingStatesGetOptionalParams extends coreClient.OperationOptions {} @@ -8077,117 +8494,6 @@ export interface SourceControlsListNextOptionalParams /** Contains response data for the listNext operation. */ export type SourceControlsListNextResponse = SourceControlList; -/** Optional parameters. */ -export interface WatchlistsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type WatchlistsListResponse = WatchlistList; - -/** Optional parameters. */ -export interface WatchlistsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type WatchlistsGetResponse = Watchlist; - -/** Optional parameters. */ -export interface WatchlistsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface WatchlistsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type WatchlistsCreateOrUpdateResponse = Watchlist; - -/** Optional parameters. */ -export interface WatchlistsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type WatchlistsListNextResponse = WatchlistList; - -/** Optional parameters. */ -export interface WatchlistItemsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type WatchlistItemsListResponse = WatchlistItemList; - -/** Optional parameters. */ -export interface WatchlistItemsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type WatchlistItemsGetResponse = WatchlistItem; - -/** Optional parameters. */ -export interface WatchlistItemsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface WatchlistItemsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem; - -/** Optional parameters. */ -export interface WatchlistItemsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type WatchlistItemsListNextResponse = WatchlistItemList; - -/** Optional parameters. */ -export interface DataConnectorsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type DataConnectorsListResponse = DataConnectorList; - -/** Optional parameters. */ -export interface DataConnectorsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type DataConnectorsGetResponse = DataConnectorUnion; - -/** Optional parameters. */ -export interface DataConnectorsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; - -/** Optional parameters. */ -export interface DataConnectorsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsConnectOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsDisconnectOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type DataConnectorsListNextResponse = DataConnectorList; - -/** Optional parameters. */ -export interface DataConnectorsCheckRequirementsPostOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the post operation. */ -export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; - /** Optional parameters. */ export interface ThreatIntelligenceIndicatorCreateIndicatorOptionalParams extends coreClient.OperationOptions {} @@ -8278,64 +8584,144 @@ export interface ThreatIntelligenceIndicatorMetricsListOptionalParams export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList; /** Optional parameters. */ -export interface OperationsListOptionalParams - extends coreClient.OperationOptions {} +export interface WatchlistsListOptionalParams + extends coreClient.OperationOptions { + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} /** Contains response data for the list operation. */ -export type OperationsListResponse = OperationsList; +export type WatchlistsListResponse = WatchlistList; /** Optional parameters. */ -export interface OperationsListNextOptionalParams +export interface WatchlistsGetOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the listNext operation. */ -export type OperationsListNextResponse = OperationsList; +/** Contains response data for the get operation. */ +export type WatchlistsGetResponse = Watchlist; /** Optional parameters. */ -export interface OfficeConsentsListOptionalParams +export interface WatchlistsDeleteOptionalParams extends coreClient.OperationOptions {} +/** Contains response data for the delete operation. */ +export type WatchlistsDeleteResponse = WatchlistsDeleteHeaders & Watchlist; + +/** Optional parameters. */ +export interface WatchlistsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type WatchlistsCreateOrUpdateResponse = Watchlist; + +/** Optional parameters. */ +export interface WatchlistsListNextOptionalParams + extends coreClient.OperationOptions { + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the listNext operation. */ +export type WatchlistsListNextResponse = WatchlistList; + +/** Optional parameters. */ +export interface WatchlistItemsListOptionalParams + extends coreClient.OperationOptions { + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + /** Contains response data for the list operation. */ -export type OfficeConsentsListResponse = OfficeConsentList; +export type WatchlistItemsListResponse = WatchlistItemList; /** Optional parameters. */ -export interface OfficeConsentsGetOptionalParams +export interface WatchlistItemsGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type OfficeConsentsGetResponse = OfficeConsent; +export type WatchlistItemsGetResponse = WatchlistItem; /** Optional parameters. */ -export interface OfficeConsentsDeleteOptionalParams +export interface WatchlistItemsDeleteOptionalParams extends coreClient.OperationOptions {} /** Optional parameters. */ -export interface OfficeConsentsListNextOptionalParams +export interface WatchlistItemsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} +/** Contains response data for the createOrUpdate operation. */ +export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem; + +/** Optional parameters. */ +export interface WatchlistItemsListNextOptionalParams + extends coreClient.OperationOptions { + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + /** Contains response data for the listNext operation. */ -export type OfficeConsentsListNextResponse = OfficeConsentList; +export type WatchlistItemsListNextResponse = WatchlistItemList; /** Optional parameters. */ -export interface EntityQueryTemplatesListOptionalParams +export interface DataConnectorsListOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the list operation. */ -export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; +export type DataConnectorsListResponse = DataConnectorList; /** Optional parameters. */ -export interface EntityQueryTemplatesGetOptionalParams +export interface DataConnectorsGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; +export type DataConnectorsGetResponse = DataConnectorUnion; /** Optional parameters. */ -export interface EntityQueryTemplatesListNextOptionalParams +export interface DataConnectorsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; + +/** Optional parameters. */ +export interface DataConnectorsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsConnectOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsDisconnectOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsListNextOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the listNext operation. */ -export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; +export type DataConnectorsListNextResponse = DataConnectorList; + +/** Optional parameters. */ +export interface DataConnectorsCheckRequirementsPostOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the post operation. */ +export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; + +/** Optional parameters. */ +export interface OperationsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type OperationsListResponse = OperationsList; + +/** Optional parameters. */ +export interface OperationsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type OperationsListNextResponse = OperationsList; /** Optional parameters. */ export interface SecurityInsightsOptionalParams diff --git a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts index dee7eb969f7d..82b15150d440 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts @@ -232,35 +232,6 @@ export const AlertRuleTemplatesList: coreClient.CompositeMapper = { } }; -export const AutomationRulesList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRulesList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AutomationRule" - } - } - } - } - } - } -}; - export const AutomationRuleTriggeringLogic: coreClient.CompositeMapper = { type: { name: "Composite", @@ -391,6 +362,54 @@ export const ClientInfo: coreClient.CompositeMapper = { } }; +export const AutomationRulesList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AutomationRulesList", + modelProperties: { + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AutomationRule" + } + } + } + }, + nextLink: { + serializedName: "nextLink", + type: { + name: "String" + } + } + } + } +}; + +export const ManualTriggerRequestBody: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ManualTriggerRequestBody", + modelProperties: { + tenantId: { + serializedName: "tenantId", + type: { + name: "Uuid" + } + }, + logicAppsResourceId: { + serializedName: "logicAppsResourceId", + type: { + name: "String" + } + } + } + } +}; + export const BookmarkList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -483,6 +502,54 @@ export const IncidentInfo: coreClient.CompositeMapper = { } }; +export const BookmarkEntityMappings: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "BookmarkEntityMappings", + modelProperties: { + entityType: { + serializedName: "entityType", + type: { + name: "String" + } + }, + fieldMappings: { + serializedName: "fieldMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityFieldMapping" + } + } + } + } + } + } +}; + +export const EntityFieldMapping: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityFieldMapping", + modelProperties: { + identifier: { + serializedName: "identifier", + type: { + name: "String" + } + }, + value: { + serializedName: "value", + type: { + name: "String" + } + } + } + } +}; + export const RelationList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -1031,35 +1098,6 @@ export const EnrichmentDomainWhoisContact: coreClient.CompositeMapper = { } }; -export const EntityQueryList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQuery" - } - } - } - } - } - } -}; - export const EntityList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -1685,6 +1723,64 @@ export const InsightsTableResultColumnsItem: coreClient.CompositeMapper = { } }; +export const EntityQueryList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQuery" + } + } + } + } + } + } +}; + +export const EntityQueryTemplateList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryTemplateList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQueryTemplate" + } + } + } + } + } + } +}; + export const IncidentList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -1752,6 +1848,13 @@ export const IncidentAdditionalData: coreClient.CompositeMapper = { } } }, + providerIncidentUrl: { + serializedName: "providerIncidentUrl", + readOnly: true, + type: { + name: "String" + } + }, tactics: { serializedName: "tactics", readOnly: true, @@ -1763,6 +1866,18 @@ export const IncidentAdditionalData: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -2297,6 +2412,35 @@ export const MetadataCategories: coreClient.CompositeMapper = { } }; +export const OfficeConsentList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeConsentList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "OfficeConsent" + } + } + } + } + } + } +}; + export const SentinelOnboardingStatesList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -2497,265 +2641,125 @@ export const ContentPathMap: coreClient.CompositeMapper = { } }; -export const WatchlistList: coreClient.CompositeMapper = { +export const RepositoryResourceInfo: coreClient.CompositeMapper = { type: { name: "Composite", - className: "WatchlistList", + className: "RepositoryResourceInfo", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + webhook: { + serializedName: "webhook", type: { - name: "String" + name: "Composite", + className: "Webhook" } }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Watchlist" - } - } - } - } - } - } -}; - -export const WatchlistItemList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "WatchlistItemList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "WatchlistItem" - } - } - } - } - } - } -}; - -export const DataConnectorList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataConnectorList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + gitHubResourceInfo: { + serializedName: "gitHubResourceInfo", type: { - name: "String" + name: "Composite", + className: "GitHubResourceInfo" } }, - value: { - serializedName: "value", - required: true, + azureDevOpsResourceInfo: { + serializedName: "azureDevOpsResourceInfo", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "DataConnector" - } - } + name: "Composite", + className: "AzureDevOpsResourceInfo" } } } } }; -export const DataConnectorConnectBody: coreClient.CompositeMapper = { +export const Webhook: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorConnectBody", + className: "Webhook", modelProperties: { - kind: { - serializedName: "kind", - type: { - name: "String" - } - }, - apiKey: { - serializedName: "apiKey", - type: { - name: "String" - } - }, - clientSecret: { - serializedName: "clientSecret", - type: { - name: "String" - } - }, - clientId: { - serializedName: "clientId", - type: { - name: "String" - } - }, - authorizationCode: { - serializedName: "authorizationCode", + webhookId: { + serializedName: "webhookId", type: { name: "String" } }, - userName: { - serializedName: "userName", + webhookUrl: { + serializedName: "webhookUrl", type: { name: "String" } }, - password: { - serializedName: "password", + webhookSecretUpdateTime: { + serializedName: "webhookSecretUpdateTime", type: { name: "String" } }, - requestConfigUserInputValues: { - serializedName: "requestConfigUserInputValues", + rotateWebhookSecret: { + serializedName: "rotateWebhookSecret", type: { - name: "Sequence", - element: { - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } + name: "Boolean" } } } } }; -export const ErrorResponse: coreClient.CompositeMapper = { +export const GitHubResourceInfo: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ErrorResponse", + className: "GitHubResourceInfo", modelProperties: { - error: { - serializedName: "error", + appInstallationId: { + serializedName: "appInstallationId", type: { - name: "Composite", - className: "ErrorDetail" + name: "String" } } } } }; -export const ErrorDetail: coreClient.CompositeMapper = { +export const AzureDevOpsResourceInfo: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ErrorDetail", + className: "AzureDevOpsResourceInfo", modelProperties: { - code: { - serializedName: "code", - readOnly: true, - type: { - name: "String" - } - }, - message: { - serializedName: "message", - readOnly: true, + pipelineId: { + serializedName: "pipelineId", type: { name: "String" } }, - target: { - serializedName: "target", - readOnly: true, + serviceConnectionId: { + serializedName: "serviceConnectionId", type: { name: "String" } - }, - details: { - serializedName: "details", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ErrorDetail" - } - } - } - }, - additionalInfo: { - serializedName: "additionalInfo", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ErrorAdditionalInfo" - } - } - } } } } }; -export const ErrorAdditionalInfo: coreClient.CompositeMapper = { +export const DeploymentInfo: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ErrorAdditionalInfo", + className: "DeploymentInfo", modelProperties: { - type: { - serializedName: "type", - readOnly: true, + deploymentFetchStatus: { + serializedName: "deploymentFetchStatus", type: { name: "String" } }, - info: { - serializedName: "info", - readOnly: true, + deployment: { + serializedName: "deployment", type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "Composite", + className: "Deployment" } - } - } - } -}; - -export const DataConnectorsCheckRequirements: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataConnectorsCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - kind: { - serializedName: "kind", - required: true, + }, + message: { + serializedName: "message", type: { name: "String" } @@ -2764,19 +2768,37 @@ export const DataConnectorsCheckRequirements: coreClient.CompositeMapper = { } }; -export const DataConnectorRequirementsState: coreClient.CompositeMapper = { +export const Deployment: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorRequirementsState", + className: "Deployment", modelProperties: { - authorizationState: { - serializedName: "authorizationState", + deploymentId: { + serializedName: "deploymentId", type: { name: "String" } }, - licenseState: { - serializedName: "licenseState", + deploymentState: { + serializedName: "deploymentState", + type: { + name: "String" + } + }, + deploymentResult: { + serializedName: "deploymentResult", + type: { + name: "String" + } + }, + deploymentTime: { + serializedName: "deploymentTime", + type: { + name: "DateTime" + } + }, + deploymentLogsUrl: { + serializedName: "deploymentLogsUrl", type: { name: "String" } @@ -2930,6 +2952,11 @@ export const ThreatIntelligenceResourceKind: coreClient.CompositeMapper = { type: { name: "Composite", className: "ThreatIntelligenceResourceKind", + uberParent: "ThreatIntelligenceResourceKind", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { kind: { serializedName: "kind", @@ -3240,10 +3267,10 @@ export const ThreatIntelligenceAppendTags: coreClient.CompositeMapper = { } }; -export const OperationsList: coreClient.CompositeMapper = { +export const WatchlistList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "OperationsList", + className: "WatchlistList", modelProperties: { nextLink: { serializedName: "nextLink", @@ -3260,7 +3287,7 @@ export const OperationsList: coreClient.CompositeMapper = { element: { type: { name: "Composite", - className: "Operation" + className: "Watchlist" } } } @@ -3269,94 +3296,119 @@ export const OperationsList: coreClient.CompositeMapper = { } }; -export const Operation: coreClient.CompositeMapper = { +export const WatchlistItemList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "Operation", + className: "WatchlistItemList", modelProperties: { - display: { - serializedName: "display", - type: { - name: "Composite", - className: "OperationDisplay" - } - }, - name: { - serializedName: "name", - type: { - name: "String" - } - }, - origin: { - serializedName: "origin", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } }, - isDataAction: { - serializedName: "isDataAction", + value: { + serializedName: "value", + required: true, type: { - name: "Boolean" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "WatchlistItem" + } + } } } } } }; -export const OperationDisplay: coreClient.CompositeMapper = { +export const DataConnectorList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "OperationDisplay", + className: "DataConnectorList", modelProperties: { - description: { - serializedName: "description", - type: { - name: "String" - } - }, - operation: { - serializedName: "operation", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } }, - provider: { - serializedName: "provider", + value: { + serializedName: "value", + required: true, type: { - name: "String" - } - }, - resource: { - serializedName: "resource", - type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "DataConnector" + } + } } } } } }; -export const OfficeConsentList: coreClient.CompositeMapper = { +export const DataConnectorConnectBody: coreClient.CompositeMapper = { type: { name: "Composite", - className: "OfficeConsentList", + className: "DataConnectorConnectBody", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + kind: { + serializedName: "kind", type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + apiKey: { + serializedName: "apiKey", + type: { + name: "String" + } + }, + clientSecret: { + serializedName: "clientSecret", + type: { + name: "String" + } + }, + clientId: { + serializedName: "clientId", + type: { + name: "String" + } + }, + authorizationCode: { + serializedName: "authorizationCode", + type: { + name: "String" + } + }, + userName: { + serializedName: "userName", + type: { + name: "String" + } + }, + password: { + serializedName: "password", + type: { + name: "String" + } + }, + requestConfigUserInputValues: { + serializedName: "requestConfigUserInputValues", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "OfficeConsent" + name: "Dictionary", + value: { type: { name: "any" } } } } } @@ -3365,10 +3417,52 @@ export const OfficeConsentList: coreClient.CompositeMapper = { } }; -export const EntityQueryTemplateList: coreClient.CompositeMapper = { +export const DataConnectorsCheckRequirements: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityQueryTemplateList", + className: "DataConnectorsCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const DataConnectorRequirementsState: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataConnectorRequirementsState", + modelProperties: { + authorizationState: { + serializedName: "authorizationState", + type: { + name: "String" + } + }, + licenseState: { + serializedName: "licenseState", + type: { + name: "String" + } + } + } + } +}; + +export const OperationsList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OperationsList", modelProperties: { nextLink: { serializedName: "nextLink", @@ -3385,7 +3479,7 @@ export const EntityQueryTemplateList: coreClient.CompositeMapper = { element: { type: { name: "Composite", - className: "EntityQueryTemplate" + className: "Operation" } } } @@ -3394,6 +3488,73 @@ export const EntityQueryTemplateList: coreClient.CompositeMapper = { } }; +export const Operation: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Operation", + modelProperties: { + display: { + serializedName: "display", + type: { + name: "Composite", + className: "OperationDisplay" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + origin: { + serializedName: "origin", + type: { + name: "String" + } + }, + isDataAction: { + serializedName: "isDataAction", + type: { + name: "Boolean" + } + } + } + } +}; + +export const OperationDisplay: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OperationDisplay", + modelProperties: { + description: { + serializedName: "description", + type: { + name: "String" + } + }, + operation: { + serializedName: "operation", + type: { + name: "String" + } + }, + provider: { + serializedName: "provider", + type: { + name: "String" + } + }, + resource: { + serializedName: "resource", + type: { + name: "String" + } + } + } + } +}; + export const AlertRuleTemplateDataSource: coreClient.CompositeMapper = { type: { name: "Composite", @@ -3496,17 +3657,6 @@ export const QueryBasedAlertRuleTemplateProperties: coreClient.CompositeMapper = name: "String" } }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, version: { serializedName: "version", type: { @@ -3624,47 +3774,33 @@ export const AlertDetailsOverride: coreClient.CompositeMapper = { } }; -export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { +export const FusionSourceSettings: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", + className: "FusionSourceSettings", modelProperties: { - displayNamesFilter: { - serializedName: "displayNamesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - displayNamesExcludeFilter: { - serializedName: "displayNamesExcludeFilter", + enabled: { + serializedName: "enabled", + required: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Boolean" } }, - productFilter: { - serializedName: "productFilter", + sourceName: { + serializedName: "sourceName", required: true, type: { name: "String" } }, - severitiesFilter: { - serializedName: "severitiesFilter", + sourceSubTypes: { + serializedName: "sourceSubTypes", type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "FusionSourceSubTypeSetting" } } } @@ -3673,37 +3809,78 @@ export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreCli } }; -export const QueryBasedAlertRuleProperties: coreClient.CompositeMapper = { +export const FusionSourceSubTypeSetting: coreClient.CompositeMapper = { type: { name: "Composite", - className: "QueryBasedAlertRuleProperties", + className: "FusionSourceSubTypeSetting", modelProperties: { - alertRuleTemplateName: { - serializedName: "alertRuleTemplateName", + enabled: { + serializedName: "enabled", + required: true, type: { - name: "String" + name: "Boolean" } }, - templateVersion: { - serializedName: "templateVersion", + sourceSubTypeName: { + serializedName: "sourceSubTypeName", + required: true, type: { name: "String" } }, - description: { - serializedName: "description", + sourceSubTypeDisplayName: { + serializedName: "sourceSubTypeDisplayName", + readOnly: true, type: { name: "String" } }, - query: { - serializedName: "query", + severityFilters: { + serializedName: "severityFilters", type: { - name: "String" + name: "Composite", + className: "FusionSubTypeSeverityFilter" + } + } + } + } +}; + +export const FusionSubTypeSeverityFilter: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionSubTypeSeverityFilter", + modelProperties: { + isSupported: { + serializedName: "isSupported", + readOnly: true, + type: { + name: "Boolean" } }, - displayName: { - serializedName: "displayName", + filters: { + serializedName: "filters", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionSubTypeSeverityFiltersItem" + } + } + } + } + } + } +}; + +export const FusionSubTypeSeverityFiltersItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionSubTypeSeverityFiltersItem", + modelProperties: { + severity: { + serializedName: "severity", required: true, type: { name: "String" @@ -3715,36 +3892,126 @@ export const QueryBasedAlertRuleProperties: coreClient.CompositeMapper = { type: { name: "Boolean" } - }, - lastModifiedUtc: { - serializedName: "lastModifiedUtc", - readOnly: true, + } + } + } +}; + +export const FusionScenarioExclusionPattern: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionScenarioExclusionPattern", + modelProperties: { + exclusionPattern: { + serializedName: "exclusionPattern", + required: true, type: { - name: "DateTime" + name: "String" } }, - suppressionDuration: { - serializedName: "suppressionDuration", + dateAddedInUTC: { + serializedName: "dateAddedInUTC", required: true, type: { - name: "TimeSpan" + name: "String" + } + } + } + } +}; + +export const FusionTemplateSourceSetting: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionTemplateSourceSetting", + modelProperties: { + sourceName: { + serializedName: "sourceName", + required: true, + type: { + name: "String" } }, - suppressionEnabled: { - serializedName: "suppressionEnabled", + sourceSubTypes: { + serializedName: "sourceSubTypes", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionTemplateSourceSubType" + } + } + } + } + } + } +}; + +export const FusionTemplateSourceSubType: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionTemplateSourceSubType", + modelProperties: { + sourceSubTypeName: { + serializedName: "sourceSubTypeName", required: true, type: { - name: "Boolean" + name: "String" } }, - severity: { - serializedName: "severity", + sourceSubTypeDisplayName: { + serializedName: "sourceSubTypeDisplayName", + readOnly: true, type: { name: "String" } }, - tactics: { - serializedName: "tactics", + severityFilter: { + serializedName: "severityFilter", + type: { + name: "Composite", + className: "FusionTemplateSubTypeSeverityFilter" + } + } + } + } +}; + +export const FusionTemplateSubTypeSeverityFilter: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionTemplateSubTypeSeverityFilter", + modelProperties: { + isSupported: { + serializedName: "isSupported", + required: true, + type: { + name: "Boolean" + } + }, + severityFilters: { + serializedName: "severityFilters", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", + modelProperties: { + displayNamesFilter: { + serializedName: "displayNamesFilter", type: { name: "Sequence", element: { @@ -3754,38 +4021,34 @@ export const QueryBasedAlertRuleProperties: coreClient.CompositeMapper = { } } }, - incidentConfiguration: { - serializedName: "incidentConfiguration", + displayNamesExcludeFilter: { + serializedName: "displayNamesExcludeFilter", type: { - name: "Composite", - className: "IncidentConfiguration" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - customDetails: { - serializedName: "customDetails", + productFilter: { + serializedName: "productFilter", + required: true, type: { - name: "Dictionary", - value: { type: { name: "String" } } + name: "String" } }, - entityMappings: { - serializedName: "entityMappings", + severitiesFilter: { + serializedName: "severitiesFilter", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "EntityMapping" + name: "String" } } } - }, - alertDetailsOverride: { - serializedName: "alertDetailsOverride", - type: { - name: "Composite", - className: "AlertDetailsOverride" - } } } } @@ -3889,6 +4152,12 @@ export const ScheduledAlertRuleCommonProperties: coreClient.CompositeMapper = { name: "Composite", className: "ScheduledAlertRuleCommonProperties", modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + }, queryFrequency: { serializedName: "queryFrequency", type: { @@ -3901,6 +4170,12 @@ export const ScheduledAlertRuleCommonProperties: coreClient.CompositeMapper = { name: "TimeSpan" } }, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, triggerOperator: { serializedName: "triggerOperator", type: { @@ -3920,6 +4195,32 @@ export const ScheduledAlertRuleCommonProperties: coreClient.CompositeMapper = { name: "Composite", className: "EventGroupingSettings" } + }, + customDetails: { + serializedName: "customDetails", + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + }, + entityMappings: { + serializedName: "entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityMapping" + } + } + } + }, + alertDetailsOverride: { + serializedName: "alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } } } } @@ -3940,213 +4241,87 @@ export const EventGroupingSettings: coreClient.CompositeMapper = { } }; -export const AutomationRuleRunPlaybookActionConfiguration: coreClient.CompositeMapper = { +export const EntityQueryItemProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AutomationRuleRunPlaybookActionConfiguration", + className: "EntityQueryItemProperties", modelProperties: { - logicAppResourceId: { - serializedName: "logicAppResourceId", + dataTypes: { + serializedName: "dataTypes", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQueryItemPropertiesDataTypesItem" + } + } } }, - tenantId: { - serializedName: "tenantId", + inputEntityType: { + serializedName: "inputEntityType", type: { name: "String" } + }, + requiredInputFieldsSets: { + serializedName: "requiredInputFieldsSets", + type: { + name: "Sequence", + element: { + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + }, + entitiesFilter: { + serializedName: "entitiesFilter", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } } } } }; -export const AutomationRuleModifyPropertiesActionConfiguration: coreClient.CompositeMapper = { +export const EntityQueryItemPropertiesDataTypesItem: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AutomationRuleModifyPropertiesActionConfiguration", + className: "EntityQueryItemPropertiesDataTypesItem", modelProperties: { - classification: { - serializedName: "classification", + dataType: { + serializedName: "dataType", type: { name: "String" } - }, - classificationComment: { - serializedName: "classificationComment", + } + } + } +}; + +export const InsightQueryItemPropertiesTableQuery: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "InsightQueryItemPropertiesTableQuery", + modelProperties: { + columnsDefinitions: { + serializedName: "columnsDefinitions", type: { - name: "String" - } - }, - classificationReason: { - serializedName: "classificationReason", - type: { - name: "String" - } - }, - labels: { - serializedName: "labels", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "IncidentLabel" - } - } - } - }, - owner: { - serializedName: "owner", - type: { - name: "Composite", - className: "IncidentOwnerInfo" - } - }, - severity: { - serializedName: "severity", - type: { - name: "String" - } - }, - status: { - serializedName: "status", - type: { - name: "String" - } - } - } - } -}; - -export const AutomationRulePropertyValuesConditionProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRulePropertyValuesConditionProperties", - modelProperties: { - propertyName: { - serializedName: "propertyName", - type: { - name: "String" - } - }, - operator: { - serializedName: "operator", - type: { - name: "String" - } - }, - propertyValues: { - serializedName: "propertyValues", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ActivityEntityQueriesPropertiesQueryDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActivityEntityQueriesPropertiesQueryDefinitions", - modelProperties: { - query: { - serializedName: "query", - type: { - name: "String" - } - } - } - } -}; - -export const EntityQueryItemProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryItemProperties", - modelProperties: { - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQueryItemPropertiesDataTypesItem" - } - } - } - }, - inputEntityType: { - serializedName: "inputEntityType", - type: { - name: "String" - } - }, - requiredInputFieldsSets: { - serializedName: "requiredInputFieldsSets", - type: { - name: "Sequence", - element: { - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - }, - entitiesFilter: { - serializedName: "entitiesFilter", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } -}; - -export const EntityQueryItemPropertiesDataTypesItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryItemPropertiesDataTypesItem", - modelProperties: { - dataType: { - serializedName: "dataType", - type: { - name: "String" - } - } - } - } -}; - -export const InsightQueryItemPropertiesTableQuery: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesTableQuery", - modelProperties: { - columnsDefinitions: { - serializedName: "columnsDefinitions", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem" - } - } + name: "Sequence", + element: { + type: { + name: "Composite", + className: + "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem" + } + } } }, queriesDefinitions: { @@ -4312,6 +4487,57 @@ export const InsightQueryItemPropertiesReferenceTimeRange: coreClient.CompositeM } }; +export const ActivityEntityQueriesPropertiesQueryDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActivityEntityQueriesPropertiesQueryDefinitions", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + } + } + } +}; + +export const ActivityEntityQueryTemplatePropertiesQueryDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + }, + summarizeBy: { + serializedName: "summarizeBy", + type: { + name: "String" + } + } + } + } +}; + +export const DataTypeDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataTypeDefinitions", + modelProperties: { + dataType: { + serializedName: "dataType", + type: { + name: "String" + } + } + } + } +}; + export const Sku: coreClient.CompositeMapper = { type: { name: "Composite", @@ -4484,6 +4710,38 @@ export const Dynamics365DataConnectorDataTypes: coreClient.CompositeMapper = { } }; +export const Office365ProjectConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypesLogs" + } + } + } + } +}; + +export const OfficePowerBIConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypesLogs" + } + } + } + } +}; + export const OfficeDataConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", @@ -5295,52 +5553,16 @@ export const CodelessConnectorPollingResponseProperties: coreClient.CompositeMap } }; -export const ActivityEntityQueryTemplatePropertiesQueryDefinitions: coreClient.CompositeMapper = { +export const ThreatIntelligence: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions", + className: "ThreatIntelligence", modelProperties: { - query: { - serializedName: "query", + confidence: { + serializedName: "confidence", + readOnly: true, type: { - name: "String" - } - }, - summarizeBy: { - serializedName: "summarizeBy", - type: { - name: "String" - } - } - } - } -}; - -export const DataTypeDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataTypeDefinitions", - modelProperties: { - dataType: { - serializedName: "dataType", - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligence: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligence", - modelProperties: { - confidence: { - serializedName: "confidence", - readOnly: true, - type: { - name: "Number" + name: "Number" } }, providerName: { @@ -5502,20 +5724,21 @@ export const Entity: coreClient.CompositeMapper = { } }; -export const OfficeConsent: coreClient.CompositeMapper = { +export const EntityQueryTemplate: coreClient.CompositeMapper = { + serializedName: "EntityQueryTemplate", type: { name: "Composite", - className: "OfficeConsent", + className: "EntityQueryTemplate", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { ...Resource.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - consentId: { - serializedName: "properties.consentId", + kind: { + serializedName: "kind", + required: true, type: { name: "String" } @@ -5524,21 +5747,20 @@ export const OfficeConsent: coreClient.CompositeMapper = { } }; -export const EntityQueryTemplate: coreClient.CompositeMapper = { - serializedName: "EntityQueryTemplate", +export const OfficeConsent: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityQueryTemplate", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, + className: "OfficeConsent", modelProperties: { ...Resource.type.modelProperties, - kind: { - serializedName: "kind", - required: true, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + consentId: { + serializedName: "properties.consentId", type: { name: "String" } @@ -5580,63 +5802,126 @@ export const ActionRequestProperties: coreClient.CompositeMapper = { } }; -export const AutomationRulePropertyValuesCondition: coreClient.CompositeMapper = { +export const PropertyConditionProperties: coreClient.CompositeMapper = { serializedName: "Property", type: { name: "Composite", - className: "AutomationRulePropertyValuesCondition", + className: "PropertyConditionProperties", uberParent: "AutomationRuleCondition", polymorphicDiscriminator: AutomationRuleCondition.type.polymorphicDiscriminator, modelProperties: { ...AutomationRuleCondition.type.modelProperties, - conditionProperties: { - serializedName: "conditionProperties", + propertyName: { + serializedName: "conditionProperties.propertyName", type: { - name: "Composite", - className: "AutomationRulePropertyValuesConditionProperties" + name: "String" + } + }, + operator: { + serializedName: "conditionProperties.operator", + type: { + name: "String" + } + }, + propertyValues: { + serializedName: "conditionProperties.propertyValues", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } } } } } }; -export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { - serializedName: "RunPlaybook", +export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { + serializedName: "ModifyProperties", type: { name: "Composite", - className: "AutomationRuleRunPlaybookAction", + className: "AutomationRuleModifyPropertiesAction", uberParent: "AutomationRuleAction", polymorphicDiscriminator: AutomationRuleAction.type.polymorphicDiscriminator, modelProperties: { ...AutomationRuleAction.type.modelProperties, - actionConfiguration: { - serializedName: "actionConfiguration", + severity: { + serializedName: "actionConfiguration.severity", + type: { + name: "String" + } + }, + status: { + serializedName: "actionConfiguration.status", + type: { + name: "String" + } + }, + classification: { + serializedName: "actionConfiguration.classification", + type: { + name: "String" + } + }, + classificationReason: { + serializedName: "actionConfiguration.classificationReason", + type: { + name: "String" + } + }, + classificationComment: { + serializedName: "actionConfiguration.classificationComment", + type: { + name: "String" + } + }, + owner: { + serializedName: "actionConfiguration.owner", type: { name: "Composite", - className: "AutomationRuleRunPlaybookActionConfiguration" + className: "IncidentOwnerInfo" + } + }, + labels: { + serializedName: "actionConfiguration.labels", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentLabel" + } + } } } } } }; -export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { - serializedName: "ModifyProperties", +export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { + serializedName: "RunPlaybook", type: { name: "Composite", - className: "AutomationRuleModifyPropertiesAction", + className: "AutomationRuleRunPlaybookAction", uberParent: "AutomationRuleAction", polymorphicDiscriminator: AutomationRuleAction.type.polymorphicDiscriminator, modelProperties: { ...AutomationRuleAction.type.modelProperties, - actionConfiguration: { - serializedName: "actionConfiguration", + logicAppResourceId: { + serializedName: "actionConfiguration.logicAppResourceId", type: { - name: "Composite", - className: "AutomationRuleModifyPropertiesActionConfiguration" + name: "String" + } + }, + tenantId: { + serializedName: "actionConfiguration.tenantId", + type: { + name: "Uuid" } } } @@ -7588,317 +7873,52 @@ export const UrlEntityProperties: coreClient.CompositeMapper = { } }; -export const AADCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureActiveDirectory", +export const ThreatIntelligenceIndicatorModelForRequestBody: coreClient.CompositeMapper = { + serializedName: "indicator", type: { name: "Composite", - className: "AADCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", + className: "ThreatIntelligenceIndicatorModelForRequestBody", + uberParent: "ThreatIntelligenceResourceKind", polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + ThreatIntelligenceResourceKind.type.polymorphicDiscriminator, modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + ...ThreatIntelligenceResourceKind.type.modelProperties, + etag: { + serializedName: "etag", type: { name: "String" } - } - } - } -}; - -export const AatpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureAdvancedThreatProtection", - type: { - name: "Composite", - className: "AatpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + }, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const ASCCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureSecurityCenter", - type: { - name: "Composite", - className: "ASCCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - subscriptionId: { - serializedName: "properties.subscriptionId", - type: { - name: "String" - } - } - } - } -}; - -export const AwsCloudTrailCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesCloudTrail", - type: { - name: "Composite", - className: "AwsCloudTrailCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties - } - } -}; - -export const AwsS3CheckRequirements: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesS3", - type: { - name: "Composite", - className: "AwsS3CheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties - } - } -}; - -export const Dynamics365CheckRequirements: coreClient.CompositeMapper = { - serializedName: "Dynamics365", - type: { - name: "Composite", - className: "Dynamics365CheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const McasCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftCloudAppSecurity", - type: { - name: "Composite", - className: "McasCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MdatpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftDefenderAdvancedThreatProtection", - type: { - name: "Composite", - className: "MdatpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MstiCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatIntelligence", - type: { - name: "Composite", - className: "MstiCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MtpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatProtection", - type: { - name: "Composite", - className: "MtpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeATPCheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficeATP", - type: { - name: "Composite", - className: "OfficeATPCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeIRMCheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficeIRM", - type: { - name: "Composite", - className: "OfficeIRMCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const TICheckRequirements: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "TICheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const TiTaxiiCheckRequirements: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligenceTaxii", - type: { - name: "Composite", - className: "TiTaxiiCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligenceIndicatorModelForRequestBody: coreClient.CompositeMapper = { - serializedName: "indicator", - type: { - name: "Composite", - className: "ThreatIntelligenceIndicatorModelForRequestBody", - modelProperties: { - ...ThreatIntelligenceResourceKind.type.modelProperties, - etag: { - serializedName: "etag", - type: { - name: "String" - } - }, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - threatIntelligenceTags: { - serializedName: "properties.threatIntelligenceTags", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - lastUpdatedTimeUtc: { - serializedName: "properties.lastUpdatedTimeUtc", + }, + threatIntelligenceTags: { + serializedName: "properties.threatIntelligenceTags", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + lastUpdatedTimeUtc: { + serializedName: "properties.lastUpdatedTimeUtc", type: { name: "String" } @@ -8114,8 +8134,10 @@ export const ThreatIntelligenceInformation: coreClient.CompositeMapper = { name: "Composite", className: "ThreatIntelligenceInformation", uberParent: "ThreatIntelligenceResourceKind", - polymorphicDiscriminator: - ThreatIntelligenceResourceKind.type.polymorphicDiscriminator, + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { ...ResourceWithEtag.type.modelProperties, ...ThreatIntelligenceResourceKind.type.modelProperties @@ -8123,75 +8145,320 @@ export const ThreatIntelligenceInformation: coreClient.CompositeMapper = { } }; -export const MLBehaviorAnalyticsAlertRuleTemplateProperties: coreClient.CompositeMapper = { +export const AADCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureActiveDirectory", type: { name: "Composite", - className: "MLBehaviorAnalyticsAlertRuleTemplateProperties", + className: "AADCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } - }, - tactics: { - serializedName: "tactics", + } + } + } +}; + +export const AatpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureAdvancedThreatProtection", + type: { + name: "Composite", + className: "AatpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } } } } }; -export const FusionAlertRuleTemplateProperties: coreClient.CompositeMapper = { +export const ASCCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureSecurityCenter", type: { name: "Composite", - className: "FusionAlertRuleTemplateProperties", + className: "ASCCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, + ...DataConnectorsCheckRequirements.type.modelProperties, + subscriptionId: { + serializedName: "properties.subscriptionId", type: { name: "String" } - }, - tactics: { - serializedName: "tactics", + } + } + } +}; + +export const AwsCloudTrailCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesCloudTrail", + type: { + name: "Composite", + className: "AwsCloudTrailCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties + } + } +}; + +export const AwsS3CheckRequirements: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesS3", + type: { + name: "Composite", + className: "AwsS3CheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties + } + } +}; + +export const Dynamics365CheckRequirements: coreClient.CompositeMapper = { + serializedName: "Dynamics365", + type: { + name: "Composite", + className: "Dynamics365CheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } } } } }; -export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.CompositeMapper = { +export const McasCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftCloudAppSecurity", type: { name: "Composite", - className: "ThreatIntelligenceAlertRuleTemplateProperties", + className: "McasCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } - }, + } + } + } +}; + +export const MdatpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftDefenderAdvancedThreatProtection", + type: { + name: "Composite", + className: "MdatpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MstiCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftThreatIntelligence", + type: { + name: "Composite", + className: "MstiCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MtpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftThreatProtection", + type: { + name: "Composite", + className: "MtpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficeATPCheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficeATP", + type: { + name: "Composite", + className: "OfficeATPCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficeIRMCheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficeIRM", + type: { + name: "Composite", + className: "OfficeIRMCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const Office365ProjectCheckRequirements: coreClient.CompositeMapper = { + serializedName: "Office365Project", + type: { + name: "Composite", + className: "Office365ProjectCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficePowerBICheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficePowerBI", + type: { + name: "Composite", + className: "OfficePowerBICheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const TICheckRequirements: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligence", + type: { + name: "Composite", + className: "TICheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const TiTaxiiCheckRequirements: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligenceTaxii", + type: { + name: "Composite", + className: "TiTaxiiCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const AlertRuleTemplateWithMitreProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AlertRuleTemplateWithMitreProperties", + modelProperties: { + ...AlertRuleTemplatePropertiesBase.type.modelProperties, tactics: { serializedName: "tactics", type: { @@ -8202,6 +8469,17 @@ export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.Composite } } } + }, + techniques: { + serializedName: "techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -8213,20 +8491,45 @@ export const MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties: coreC className: "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", modelProperties: { ...AlertRuleTemplatePropertiesBase.type.modelProperties, - ...MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.type - .modelProperties - } - } -}; - -export const ScheduledAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ScheduledAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - ...QueryBasedAlertRuleTemplateProperties.type.modelProperties, - ...ScheduledAlertRuleCommonProperties.type.modelProperties + displayNamesFilter: { + serializedName: "displayNamesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + displayNamesExcludeFilter: { + serializedName: "displayNamesExcludeFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + productFilter: { + serializedName: "productFilter", + type: { + name: "String" + } + }, + severitiesFilter: { + serializedName: "severitiesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } } } }; @@ -8236,7 +8539,7 @@ export const NrtAlertRuleTemplateProperties: coreClient.CompositeMapper = { name: "Composite", className: "NrtAlertRuleTemplateProperties", modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, ...QueryBasedAlertRuleTemplateProperties.type.modelProperties } } @@ -8265,50 +8568,120 @@ export const MicrosoftSecurityIncidentCreationAlertRuleProperties: coreClient.Co serializedName: "displayName", required: true, type: { - name: "String" + name: "String" + } + }, + enabled: { + serializedName: "enabled", + required: true, + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + } + } + } +}; + +export const ScheduledAlertRuleProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ScheduledAlertRuleProperties", + modelProperties: { + ...ScheduledAlertRuleCommonProperties.type.modelProperties, + alertRuleTemplateName: { + serializedName: "alertRuleTemplateName", + type: { + name: "String" + } + }, + templateVersion: { + serializedName: "templateVersion", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + displayName: { + serializedName: "displayName", + required: true, + type: { + name: "String" + } + }, + enabled: { + serializedName: "enabled", + required: true, + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + suppressionDuration: { + serializedName: "suppressionDuration", + required: true, + type: { + name: "TimeSpan" } }, - enabled: { - serializedName: "enabled", + suppressionEnabled: { + serializedName: "suppressionEnabled", required: true, type: { name: "Boolean" } }, - lastModifiedUtc: { - serializedName: "lastModifiedUtc", - readOnly: true, + tactics: { + serializedName: "tactics", type: { - name: "DateTime" + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + incidentConfiguration: { + serializedName: "incidentConfiguration", + type: { + name: "Composite", + className: "IncidentConfiguration" } } } } }; -export const ScheduledAlertRuleProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ScheduledAlertRuleProperties", - modelProperties: { - ...ScheduledAlertRuleCommonProperties.type.modelProperties, - ...QueryBasedAlertRuleProperties.type.modelProperties - } - } -}; - -export const NrtAlertRuleProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "NrtAlertRuleProperties", - modelProperties: { - ...QueryBasedAlertRuleProperties.type.modelProperties - } - } -}; - export const InsightQueryItemProperties: coreClient.CompositeMapper = { - serializedName: "Insight", type: { name: "Composite", className: "InsightQueryItemProperties", @@ -8461,6 +8834,26 @@ export const OfficeIRMCheckRequirementsProperties: coreClient.CompositeMapper = } }; +export const Office365ProjectCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const OfficePowerBICheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBICheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + export const TICheckRequirementsProperties: coreClient.CompositeMapper = { type: { name: "Composite", @@ -8582,6 +8975,40 @@ export const OfficeATPDataConnectorProperties: coreClient.CompositeMapper = { } }; +export const Office365ProjectDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes" + } + } + } + } +}; + +export const OfficePowerBIDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes" + } + } + } + } +}; + export const OfficeIRMDataConnectorProperties: coreClient.CompositeMapper = { type: { name: "Composite", @@ -8820,6 +9247,26 @@ export const Dynamics365DataConnectorDataTypesDynamics365CdsActivities: coreClie } }; +export const Office365ProjectConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const OfficePowerBIConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + export const OfficeDataConnectorDataTypesExchange: coreClient.CompositeMapper = { type: { name: "Composite", @@ -9025,12 +9472,14 @@ export const AutomationRule: coreClient.CompositeMapper = { ...ResourceWithEtag.type.modelProperties, displayName: { serializedName: "properties.displayName", + required: true, type: { name: "String" } }, order: { serializedName: "properties.order", + required: true, type: { name: "Number" } @@ -9044,6 +9493,7 @@ export const AutomationRule: coreClient.CompositeMapper = { }, actions: { serializedName: "properties.actions", + required: true, type: { name: "Sequence", element: { @@ -9054,29 +9504,29 @@ export const AutomationRule: coreClient.CompositeMapper = { } } }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", readOnly: true, type: { name: "DateTime" } }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", readOnly: true, type: { name: "DateTime" } }, - createdBy: { - serializedName: "properties.createdBy", + lastModifiedBy: { + serializedName: "properties.lastModifiedBy", type: { name: "Composite", className: "ClientInfo" } }, - lastModifiedBy: { - serializedName: "properties.lastModifiedBy", + createdBy: { + serializedName: "properties.createdBy", type: { name: "Composite", className: "ClientInfo" @@ -9177,6 +9627,40 @@ export const Bookmark: coreClient.CompositeMapper = { name: "Composite", className: "IncidentInfo" } + }, + entityMappings: { + serializedName: "properties.entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "BookmarkEntityMappings" + } + } + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -9538,6 +10022,68 @@ export const MetadataModel: coreClient.CompositeMapper = { type: { name: "Date" } + }, + customVersion: { + serializedName: "properties.customVersion", + type: { + name: "String" + } + }, + contentSchemaVersion: { + serializedName: "properties.contentSchemaVersion", + type: { + name: "String" + } + }, + icon: { + serializedName: "properties.icon", + type: { + name: "String" + } + }, + threatAnalysisTactics: { + serializedName: "properties.threatAnalysisTactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + threatAnalysisTechniques: { + serializedName: "properties.threatAnalysisTechniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + previewImages: { + serializedName: "properties.previewImages", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + previewImagesDark: { + serializedName: "properties.previewImagesDark", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -9594,22 +10140,74 @@ export const MetadataPatch: coreClient.CompositeMapper = { className: "MetadataSupport" } }, - dependencies: { - serializedName: "properties.dependencies", + dependencies: { + serializedName: "properties.dependencies", + type: { + name: "Composite", + className: "MetadataDependencies" + } + }, + categories: { + serializedName: "properties.categories", + type: { + name: "Composite", + className: "MetadataCategories" + } + }, + providers: { + serializedName: "properties.providers", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + firstPublishDate: { + serializedName: "properties.firstPublishDate", + type: { + name: "Date" + } + }, + lastPublishDate: { + serializedName: "properties.lastPublishDate", + type: { + name: "Date" + } + }, + customVersion: { + serializedName: "properties.customVersion", + type: { + name: "String" + } + }, + contentSchemaVersion: { + serializedName: "properties.contentSchemaVersion", + type: { + name: "String" + } + }, + icon: { + serializedName: "properties.icon", type: { - name: "Composite", - className: "MetadataDependencies" + name: "String" } }, - categories: { - serializedName: "properties.categories", + threatAnalysisTactics: { + serializedName: "properties.threatAnalysisTactics", type: { - name: "Composite", - className: "MetadataCategories" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - providers: { - serializedName: "properties.providers", + threatAnalysisTechniques: { + serializedName: "properties.threatAnalysisTechniques", type: { name: "Sequence", element: { @@ -9619,16 +10217,26 @@ export const MetadataPatch: coreClient.CompositeMapper = { } } }, - firstPublishDate: { - serializedName: "properties.firstPublishDate", + previewImages: { + serializedName: "properties.previewImages", type: { - name: "Date" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - lastPublishDate: { - serializedName: "properties.lastPublishDate", + previewImagesDark: { + serializedName: "properties.previewImagesDark", type: { - name: "Date" + name: "Sequence", + element: { + type: { + name: "String" + } + } } } } @@ -9686,6 +10294,12 @@ export const SourceControl: coreClient.CompositeMapper = { name: "String" } }, + version: { + serializedName: "properties.version", + type: { + name: "String" + } + }, displayName: { serializedName: "properties.displayName", type: { @@ -9721,6 +10335,20 @@ export const SourceControl: coreClient.CompositeMapper = { name: "Composite", className: "Repository" } + }, + repositoryResourceInfo: { + serializedName: "properties.repositoryResourceInfo", + type: { + name: "Composite", + className: "RepositoryResourceInfo" + } + }, + lastDeploymentInfo: { + serializedName: "properties.lastDeploymentInfo", + type: { + name: "Composite", + className: "DeploymentInfo" + } } } } @@ -9756,6 +10384,12 @@ export const Watchlist: coreClient.CompositeMapper = { name: "String" } }, + sourceType: { + serializedName: "properties.sourceType", + type: { + name: "String" + } + }, created: { serializedName: "properties.created", type: { @@ -9858,12 +10492,6 @@ export const Watchlist: coreClient.CompositeMapper = { type: { name: "String" } - }, - watchlistItemsCount: { - serializedName: "properties.watchlistItemsCount", - type: { - name: "Number" - } } } } @@ -10025,14 +10653,19 @@ export const MLBehaviorAnalyticsAlertRuleTemplate: coreClient.CompositeMapper = name: "String" } }, - severity: { - serializedName: "properties.severity", + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - tactics: { - serializedName: "properties.tactics", + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { @@ -10041,6 +10674,12 @@ export const MLBehaviorAnalyticsAlertRuleTemplate: coreClient.CompositeMapper = } } } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } } } } @@ -10061,15 +10700,15 @@ export const FusionAlertRuleTemplate: coreClient.CompositeMapper = { name: "Number" } }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", + createdDateUTC: { + serializedName: "properties.createdDateUTC", readOnly: true, type: { name: "DateTime" } }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", readOnly: true, type: { name: "DateTime" @@ -10121,6 +10760,29 @@ export const FusionAlertRuleTemplate: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + sourceSettings: { + serializedName: "properties.sourceSettings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionTemplateSourceSetting" + } + } + } } } } @@ -10185,14 +10847,19 @@ export const ThreatIntelligenceAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, - severity: { - serializedName: "properties.severity", + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - tactics: { - serializedName: "properties.tactics", + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { @@ -10201,6 +10868,12 @@ export const ThreatIntelligenceAlertRuleTemplate: coreClient.CompositeMapper = { } } } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } } } } @@ -10323,15 +10996,15 @@ export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { name: "Number" } }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", + createdDateUTC: { + serializedName: "properties.createdDateUTC", readOnly: true, type: { name: "DateTime" } }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", readOnly: true, type: { name: "DateTime" @@ -10373,12 +11046,37 @@ export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, + queryFrequency: { + serializedName: "properties.queryFrequency", + type: { + name: "TimeSpan" + } + }, + queryPeriod: { + serializedName: "properties.queryPeriod", + type: { + name: "TimeSpan" + } + }, severity: { serializedName: "properties.severity", type: { name: "String" } }, + triggerOperator: { + serializedName: "properties.triggerOperator", + type: { + name: "Enum", + allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] + } + }, + triggerThreshold: { + serializedName: "properties.triggerThreshold", + type: { + name: "Number" + } + }, tactics: { serializedName: "properties.tactics", type: { @@ -10390,12 +11088,30 @@ export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { } } }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, version: { serializedName: "properties.version", type: { name: "String" } }, + eventGroupingSettings: { + serializedName: "properties.eventGroupingSettings", + type: { + name: "Composite", + className: "EventGroupingSettings" + } + }, customDetails: { serializedName: "properties.customDetails", type: { @@ -10421,38 +11137,6 @@ export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { name: "Composite", className: "AlertDetailsOverride" } - }, - queryFrequency: { - serializedName: "properties.queryFrequency", - type: { - name: "TimeSpan" - } - }, - queryPeriod: { - serializedName: "properties.queryPeriod", - type: { - name: "TimeSpan" - } - }, - triggerOperator: { - serializedName: "properties.triggerOperator", - type: { - name: "Enum", - allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] - } - }, - triggerThreshold: { - serializedName: "properties.triggerThreshold", - type: { - name: "Number" - } - }, - eventGroupingSettings: { - serializedName: "properties.eventGroupingSettings", - type: { - name: "Composite", - className: "EventGroupingSettings" - } } } } @@ -10517,20 +11201,19 @@ export const NrtAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - severity: { - serializedName: "properties.severity", + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - tactics: { - serializedName: "properties.tactics", + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { @@ -10540,6 +11223,18 @@ export const NrtAlertRuleTemplate: coreClient.CompositeMapper = { } } }, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, version: { serializedName: "properties.version", type: { @@ -12799,19 +13494,53 @@ export const ThreatIntelligenceIndicatorModel: coreClient.CompositeMapper = { type: { name: "String" } - }, - modified: { - serializedName: "properties.modified", + }, + modified: { + serializedName: "properties.modified", + type: { + name: "String" + } + }, + extensions: { + serializedName: "properties.extensions", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } +}; + +export const MLBehaviorAnalyticsAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MLBehaviorAnalyticsAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, + severity: { + serializedName: "severity", + required: true, type: { name: "String" } - }, - extensions: { - serializedName: "properties.extensions", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } } } } @@ -12887,6 +13616,18 @@ export const MLBehaviorAnalyticsAlertRule: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "properties.techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -12927,6 +13668,30 @@ export const FusionAlertRule: coreClient.CompositeMapper = { name: "Boolean" } }, + sourceSettings: { + serializedName: "properties.sourceSettings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionSourceSettings" + } + } + } + }, + scenarioExclusionPatterns: { + serializedName: "properties.scenarioExclusionPatterns", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionScenarioExclusionPattern" + } + } + } + }, lastModifiedUtc: { serializedName: "properties.lastModifiedUtc", readOnly: true, @@ -12952,6 +13717,18 @@ export const FusionAlertRule: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "properties.techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -13017,6 +13794,18 @@ export const ThreatIntelligenceAlertRule: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "properties.techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -13114,6 +13903,12 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { ...AlertRule.type.modelProperties, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, queryFrequency: { serializedName: "properties.queryFrequency", type: { @@ -13126,6 +13921,12 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { name: "TimeSpan" } }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, triggerOperator: { serializedName: "properties.triggerOperator", type: { @@ -13146,6 +13947,32 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { className: "EventGroupingSettings" } }, + customDetails: { + serializedName: "properties.customDetails", + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + }, + entityMappings: { + serializedName: "properties.entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityMapping" + } + } + } + }, + alertDetailsOverride: { + serializedName: "properties.alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } + }, alertRuleTemplateName: { serializedName: "properties.alertRuleTemplateName", type: { @@ -13164,12 +13991,6 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { name: "String" } }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, displayName: { serializedName: "properties.displayName", type: { @@ -13201,12 +14022,6 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { name: "Boolean" } }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, tactics: { serializedName: "properties.tactics", type: { @@ -13218,37 +14033,22 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { } } }, - incidentConfiguration: { - serializedName: "properties.incidentConfiguration", - type: { - name: "Composite", - className: "IncidentConfiguration" - } - }, - customDetails: { - serializedName: "properties.customDetails", - type: { - name: "Dictionary", - value: { type: { name: "String" } } - } - }, - entityMappings: { - serializedName: "properties.entityMappings", + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "EntityMapping" + name: "String" } } } }, - alertDetailsOverride: { - serializedName: "properties.alertDetailsOverride", + incidentConfiguration: { + serializedName: "properties.incidentConfiguration", type: { name: "Composite", - className: "AlertDetailsOverride" + className: "IncidentConfiguration" } } } @@ -13288,6 +14088,28 @@ export const NrtAlertRule: coreClient.CompositeMapper = { name: "String" } }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, displayName: { serializedName: "properties.displayName", type: { @@ -13325,17 +14147,6 @@ export const NrtAlertRule: coreClient.CompositeMapper = { name: "String" } }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, incidentConfiguration: { serializedName: "properties.incidentConfiguration", type: { @@ -13988,6 +14799,58 @@ export const OfficeATPDataConnector: coreClient.CompositeMapper = { } }; +export const Office365ProjectDataConnector: coreClient.CompositeMapper = { + serializedName: "Office365Project", + type: { + name: "Composite", + className: "Office365ProjectDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes" + } + } + } + } +}; + +export const OfficePowerBIDataConnector: coreClient.CompositeMapper = { + serializedName: "OfficePowerBI", + type: { + name: "Composite", + className: "OfficePowerBIDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes" + } + } + } + } +}; + export const OfficeIRMDataConnector: coreClient.CompositeMapper = { serializedName: "OfficeIRM", type: { @@ -14222,22 +15085,55 @@ export const CodelessApiPollingDataConnector: coreClient.CompositeMapper = { } }; +export const WatchlistsDeleteHeaders: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "WatchlistsDeleteHeaders", + modelProperties: { + azureAsyncOperation: { + serializedName: "azure-asyncoperation", + type: { + name: "String" + } + } + } + } +}; + +export const WatchlistsCreateOrUpdateHeaders: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "WatchlistsCreateOrUpdateHeaders", + modelProperties: { + azureAsyncOperation: { + serializedName: "azure-asyncoperation", + type: { + name: "String" + } + } + } + } +}; + export let discriminators = { AutomationRuleCondition: AutomationRuleCondition, AutomationRuleAction: AutomationRuleAction, EntityTimelineItem: EntityTimelineItem, EntityQueryItem: EntityQueryItem, + ThreatIntelligenceResourceKind: ThreatIntelligenceResourceKind, DataConnectorsCheckRequirements: DataConnectorsCheckRequirements, "Resource.AlertRuleTemplate": AlertRuleTemplate, "Resource.Entity": Entity, "Resource.EntityQueryTemplate": EntityQueryTemplate, - "AutomationRuleCondition.Property": AutomationRulePropertyValuesCondition, - "AutomationRuleAction.RunPlaybook": AutomationRuleRunPlaybookAction, + "AutomationRuleCondition.Property": PropertyConditionProperties, "AutomationRuleAction.ModifyProperties": AutomationRuleModifyPropertiesAction, + "AutomationRuleAction.RunPlaybook": AutomationRuleRunPlaybookAction, "EntityTimelineItem.Activity": ActivityTimelineItem, "EntityTimelineItem.Bookmark": BookmarkTimelineItem, "EntityTimelineItem.SecurityAlert": SecurityAlertTimelineItem, "EntityQueryItem.Insight": InsightQueryItem, + "ThreatIntelligenceResourceKind.indicator": ThreatIntelligenceIndicatorModel, + "ThreatIntelligenceResourceKind.ThreatIntelligenceInformation": ThreatIntelligenceInformation, "DataConnectorsCheckRequirements.AzureActiveDirectory": AADCheckRequirements, "DataConnectorsCheckRequirements.AzureAdvancedThreatProtection": AatpCheckRequirements, "DataConnectorsCheckRequirements.AzureSecurityCenter": ASCCheckRequirements, @@ -14250,9 +15146,10 @@ export let discriminators = { "DataConnectorsCheckRequirements.MicrosoftThreatProtection": MtpCheckRequirements, "DataConnectorsCheckRequirements.OfficeATP": OfficeATPCheckRequirements, "DataConnectorsCheckRequirements.OfficeIRM": OfficeIRMCheckRequirements, + "DataConnectorsCheckRequirements.Office365Project": Office365ProjectCheckRequirements, + "DataConnectorsCheckRequirements.OfficePowerBI": OfficePowerBICheckRequirements, "DataConnectorsCheckRequirements.ThreatIntelligence": TICheckRequirements, "DataConnectorsCheckRequirements.ThreatIntelligenceTaxii": TiTaxiiCheckRequirements, - "ThreatIntelligenceResourceKind.ThreatIntelligenceInformation": ThreatIntelligenceInformation, "Resource.AlertRule": AlertRule, "Resource.EntityQuery": EntityQuery, "Resource.CustomEntityQuery": CustomEntityQuery, @@ -14286,7 +15183,6 @@ export let discriminators = { "Resource.SubmissionMail": SubmissionMailEntity, "Resource.Url": UrlEntity, "Resource.Activity": ActivityCustomEntityQuery, - "ThreatIntelligenceResourceKind.indicator": ThreatIntelligenceIndicatorModel, "Resource.Expansion": ExpansionEntityQuery, "Resource.Anomalies": Anomalies, "Resource.EyesOn": EyesOn, @@ -14302,6 +15198,8 @@ export let discriminators = { "Resource.MicrosoftCloudAppSecurity": McasDataConnector, "Resource.Dynamics365": Dynamics365DataConnector, "Resource.OfficeATP": OfficeATPDataConnector, + "Resource.Office365Project": Office365ProjectDataConnector, + "Resource.OfficePowerBI": OfficePowerBIDataConnector, "Resource.OfficeIRM": OfficeIRMDataConnector, "Resource.MicrosoftDefenderAdvancedThreatProtection": MdatpDataConnector, "Resource.Office365": OfficeDataConnector, diff --git a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts index f9957be1f9cd..aa1fd9407428 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts @@ -15,13 +15,14 @@ import { AlertRule as AlertRuleMapper, ActionRequest as ActionRequestMapper, AutomationRule as AutomationRuleMapper, + ManualTriggerRequestBody as ManualTriggerRequestBodyMapper, Bookmark as BookmarkMapper, Relation as RelationMapper, BookmarkExpandParameters as BookmarkExpandParametersMapper, - CustomEntityQuery as CustomEntityQueryMapper, EntityExpandParameters as EntityExpandParametersMapper, EntityGetInsightsParameters as EntityGetInsightsParametersMapper, EntityTimelineParameters as EntityTimelineParametersMapper, + CustomEntityQuery as CustomEntityQueryMapper, Incident as IncidentMapper, TeamProperties as TeamPropertiesMapper, IncidentComment as IncidentCommentMapper, @@ -30,14 +31,14 @@ import { SentinelOnboardingState as SentinelOnboardingStateMapper, Settings as SettingsMapper, SourceControl as SourceControlMapper, + ThreatIntelligenceIndicatorModelForRequestBody as ThreatIntelligenceIndicatorModelForRequestBodyMapper, + ThreatIntelligenceFilteringCriteria as ThreatIntelligenceFilteringCriteriaMapper, + ThreatIntelligenceAppendTags as ThreatIntelligenceAppendTagsMapper, Watchlist as WatchlistMapper, WatchlistItem as WatchlistItemMapper, DataConnector as DataConnectorMapper, DataConnectorConnectBody as DataConnectorConnectBodyMapper, - DataConnectorsCheckRequirements as DataConnectorsCheckRequirementsMapper, - ThreatIntelligenceIndicatorModelForRequestBody as ThreatIntelligenceIndicatorModelForRequestBodyMapper, - ThreatIntelligenceFilteringCriteria as ThreatIntelligenceFilteringCriteriaMapper, - ThreatIntelligenceAppendTags as ThreatIntelligenceAppendTagsMapper + DataConnectorsCheckRequirements as DataConnectorsCheckRequirementsMapper } from "../models/mappers"; export const accept: OperationParameter = { @@ -67,7 +68,7 @@ export const $host: OperationURLParameter = { export const apiVersion: OperationQueryParameter = { parameterPath: "apiVersion", mapper: { - defaultValue: "2021-09-01-preview", + defaultValue: "2022-01-01-preview", isConstant: true, serializedName: "api-version", type: { @@ -198,11 +199,27 @@ export const automationRuleId: OperationURLParameter = { } }; -export const automationRule: OperationParameter = { - parameterPath: "automationRule", +export const automationRuleToUpsert: OperationParameter = { + parameterPath: ["options", "automationRuleToUpsert"], mapper: AutomationRuleMapper }; +export const requestBody: OperationParameter = { + parameterPath: ["options", "requestBody"], + mapper: ManualTriggerRequestBodyMapper +}; + +export const incidentIdentifier: OperationURLParameter = { + parameterPath: "incidentIdentifier", + mapper: { + serializedName: "incidentIdentifier", + required: true, + type: { + name: "String" + } + } +}; + export const bookmarkId: OperationURLParameter = { parameterPath: "bookmarkId", mapper: { @@ -302,7 +319,44 @@ export const domain: OperationQueryParameter = { } }; +export const entityId: OperationURLParameter = { + parameterPath: "entityId", + mapper: { + serializedName: "entityId", + required: true, + type: { + name: "String" + } + } +}; + +export const parameters1: OperationParameter = { + parameterPath: "parameters", + mapper: EntityExpandParametersMapper +}; + export const kind: OperationQueryParameter = { + parameterPath: "kind", + mapper: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } +}; + +export const parameters2: OperationParameter = { + parameterPath: "parameters", + mapper: EntityGetInsightsParametersMapper +}; + +export const parameters3: OperationParameter = { + parameterPath: "parameters", + mapper: EntityTimelineParametersMapper +}; + +export const kind1: OperationQueryParameter = { parameterPath: ["options", "kind"], mapper: { serializedName: "kind", @@ -328,26 +382,22 @@ export const entityQuery: OperationParameter = { mapper: CustomEntityQueryMapper }; -export const entityId: OperationURLParameter = { - parameterPath: "entityId", +export const kind2: OperationQueryParameter = { + parameterPath: ["options", "kind"], mapper: { - serializedName: "entityId", - required: true, + defaultValue: "Activity", + isConstant: true, + serializedName: "kind", type: { name: "String" } } }; -export const parameters1: OperationParameter = { - parameterPath: "parameters", - mapper: EntityExpandParametersMapper -}; - -export const kind1: OperationQueryParameter = { - parameterPath: "kind", +export const entityQueryTemplateId: OperationURLParameter = { + parameterPath: "entityQueryTemplateId", mapper: { - serializedName: "kind", + serializedName: "entityQueryTemplateId", required: true, type: { name: "String" @@ -355,16 +405,6 @@ export const kind1: OperationQueryParameter = { } }; -export const parameters2: OperationParameter = { - parameterPath: "parameters", - mapper: EntityGetInsightsParametersMapper -}; - -export const parameters3: OperationParameter = { - parameterPath: "parameters", - mapper: EntityTimelineParametersMapper -}; - export const incidentId: OperationURLParameter = { parameterPath: "incidentId", mapper: { @@ -433,6 +473,17 @@ export const metadataPatch: OperationParameter = { mapper: MetadataPatchMapper }; +export const consentId: OperationURLParameter = { + parameterPath: "consentId", + mapper: { + serializedName: "consentId", + required: true, + type: { + name: "String" + } + } +}; + export const sentinelOnboardingStateName: OperationURLParameter = { parameterPath: "sentinelOnboardingStateName", mapper: { @@ -492,6 +543,37 @@ export const sourceControl: OperationParameter = { mapper: SourceControlMapper }; +export const threatIntelligenceProperties: OperationParameter = { + parameterPath: "threatIntelligenceProperties", + mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper +}; + +export const name: OperationURLParameter = { + parameterPath: "name", + mapper: { + serializedName: "name", + required: true, + type: { + name: "String" + } + } +}; + +export const threatIntelligenceFilteringCriteria: OperationParameter = { + parameterPath: "threatIntelligenceFilteringCriteria", + mapper: ThreatIntelligenceFilteringCriteriaMapper +}; + +export const threatIntelligenceAppendTags: OperationParameter = { + parameterPath: "threatIntelligenceAppendTags", + mapper: ThreatIntelligenceAppendTagsMapper +}; + +export const threatIntelligenceReplaceTags: OperationParameter = { + parameterPath: "threatIntelligenceReplaceTags", + mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper +}; + export const watchlistAlias: OperationURLParameter = { parameterPath: "watchlistAlias", mapper: { @@ -549,68 +631,3 @@ export const dataConnectorsCheckRequirements: OperationParameter = { parameterPath: "dataConnectorsCheckRequirements", mapper: DataConnectorsCheckRequirementsMapper }; - -export const threatIntelligenceProperties: OperationParameter = { - parameterPath: "threatIntelligenceProperties", - mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper -}; - -export const name: OperationURLParameter = { - parameterPath: "name", - mapper: { - serializedName: "name", - required: true, - type: { - name: "String" - } - } -}; - -export const threatIntelligenceFilteringCriteria: OperationParameter = { - parameterPath: "threatIntelligenceFilteringCriteria", - mapper: ThreatIntelligenceFilteringCriteriaMapper -}; - -export const threatIntelligenceAppendTags: OperationParameter = { - parameterPath: "threatIntelligenceAppendTags", - mapper: ThreatIntelligenceAppendTagsMapper -}; - -export const threatIntelligenceReplaceTags: OperationParameter = { - parameterPath: "threatIntelligenceReplaceTags", - mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper -}; - -export const consentId: OperationURLParameter = { - parameterPath: "consentId", - mapper: { - serializedName: "consentId", - required: true, - type: { - name: "String" - } - } -}; - -export const kind2: OperationQueryParameter = { - parameterPath: ["options", "kind"], - mapper: { - defaultValue: "Activity", - isConstant: true, - serializedName: "kind", - type: { - name: "String" - } - } -}; - -export const entityQueryTemplateId: OperationURLParameter = { - parameterPath: "entityQueryTemplateId", - mapper: { - serializedName: "entityQueryTemplateId", - required: true, - type: { - name: "String" - } - } -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts index 55f54bf28e69..8085591446ce 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts @@ -16,12 +16,15 @@ import { AutomationRule, AutomationRulesListNextOptionalParams, AutomationRulesListOptionalParams, - AutomationRulesListResponse, AutomationRulesGetOptionalParams, AutomationRulesGetResponse, AutomationRulesCreateOrUpdateOptionalParams, AutomationRulesCreateOrUpdateResponse, AutomationRulesDeleteOptionalParams, + AutomationRulesDeleteResponse, + AutomationRulesListResponse, + AutomationRulesManualTriggerPlaybookOptionalParams, + AutomationRulesManualTriggerPlaybookResponse, AutomationRulesListNextResponse } from "../models"; @@ -97,23 +100,6 @@ export class AutomationRulesImpl implements AutomationRules { } } - /** - * Gets all automation rules. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: AutomationRulesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - /** * Gets the automation rule. * @param resourceGroupName The name of the resource group. The name is case insensitive. @@ -138,24 +124,16 @@ export class AutomationRulesImpl implements AutomationRules { * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID - * @param automationRule The automation rule * @param options The options parameters. */ createOrUpdate( resourceGroupName: string, workspaceName: string, automationRuleId: string, - automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams ): Promise { return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - automationRuleId, - automationRule, - options - }, + { resourceGroupName, workspaceName, automationRuleId, options }, createOrUpdateOperationSpec ); } @@ -172,13 +150,49 @@ export class AutomationRulesImpl implements AutomationRules { workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams - ): Promise { + ): Promise { return this.client.sendOperationRequest( { resourceGroupName, workspaceName, automationRuleId, options }, deleteOperationSpec ); } + /** + * Gets all automation rules. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: AutomationRulesListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Triggers playbook on a specific incident + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentIdentifier + * @param options The options parameters. + */ + manualTriggerPlaybook( + resourceGroupName: string, + workspaceName: string, + incidentIdentifier: string, + options?: AutomationRulesManualTriggerPlaybookOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentIdentifier, options }, + manualTriggerPlaybookOperationSpec + ); + } + /** * ListNext * @param resourceGroupName The name of the resource group. The name is case insensitive. @@ -201,13 +215,13 @@ export class AutomationRulesImpl implements AutomationRules { // Operation Specifications const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); -const listOperationSpec: coreClient.OperationSpec = { +const getOperationSpec: coreClient.OperationSpec = { path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", httpMethod: "GET", responses: { 200: { - bodyMapper: Mappers.AutomationRulesList + bodyMapper: Mappers.AutomationRule }, default: { bodyMapper: Mappers.CloudError @@ -218,23 +232,28 @@ const listOperationSpec: coreClient.OperationSpec = { Parameters.$host, Parameters.subscriptionId, Parameters.resourceGroupName, - Parameters.workspaceName + Parameters.workspaceName, + Parameters.automationRuleId ], headerParameters: [Parameters.accept], serializer }; -const getOperationSpec: coreClient.OperationSpec = { +const createOrUpdateOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "GET", + httpMethod: "PUT", responses: { 200: { bodyMapper: Mappers.AutomationRule }, + 201: { + bodyMapper: Mappers.AutomationRule + }, default: { bodyMapper: Mappers.CloudError } }, + requestBody: Parameters.automationRuleToUpsert, queryParameters: [Parameters.apiVersion], urlParameters: [ Parameters.$host, @@ -243,25 +262,29 @@ const getOperationSpec: coreClient.OperationSpec = { Parameters.workspaceName, Parameters.automationRuleId ], - headerParameters: [Parameters.accept], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", serializer }; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { +const deleteOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "PUT", + httpMethod: "DELETE", responses: { 200: { - bodyMapper: Mappers.AutomationRule + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } }, - 201: { - bodyMapper: Mappers.AutomationRule + 204: { + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } }, default: { bodyMapper: Mappers.CloudError } }, - requestBody: Parameters.automationRule, queryParameters: [Parameters.apiVersion], urlParameters: [ Parameters.$host, @@ -270,17 +293,17 @@ const createOrUpdateOperationSpec: coreClient.OperationSpec = { Parameters.workspaceName, Parameters.automationRuleId ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", + headerParameters: [Parameters.accept], serializer }; -const deleteOperationSpec: coreClient.OperationSpec = { +const listOperationSpec: coreClient.OperationSpec = { path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "DELETE", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules", + httpMethod: "GET", responses: { - 200: {}, - 204: {}, + 200: { + bodyMapper: Mappers.AutomationRulesList + }, default: { bodyMapper: Mappers.CloudError } @@ -290,12 +313,38 @@ const deleteOperationSpec: coreClient.OperationSpec = { Parameters.$host, Parameters.subscriptionId, Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.automationRuleId + Parameters.workspaceName ], headerParameters: [Parameters.accept], serializer }; +const manualTriggerPlaybookOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook", + httpMethod: "POST", + responses: { + 204: { + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.requestBody, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentIdentifier + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; const listNextOperationSpec: coreClient.OperationSpec = { path: "{nextLink}", httpMethod: "GET", diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts index 82199b6e0cb2..ff60c1cc995f 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts @@ -352,7 +352,7 @@ const connectOperationSpec: coreClient.OperationSpec = { responses: { 200: {}, default: { - bodyMapper: Mappers.ErrorResponse + bodyMapper: Mappers.CloudError } }, requestBody: Parameters.connectBody, @@ -375,7 +375,7 @@ const disconnectOperationSpec: coreClient.OperationSpec = { responses: { 200: {}, default: { - bodyMapper: Mappers.ErrorResponse + bodyMapper: Mappers.CloudError } }, queryParameters: [Parameters.apiVersion], diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts index c29d5caa98b8..3f01a3174daa 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts @@ -306,7 +306,7 @@ const queriesOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion, Parameters.kind1], + queryParameters: [Parameters.apiVersion, Parameters.kind], urlParameters: [ Parameters.$host, Parameters.subscriptionId, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts index 85592e81dda7..21190c27d569 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts @@ -208,7 +208,7 @@ const listOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion, Parameters.kind], + queryParameters: [Parameters.apiVersion, Parameters.kind1], urlParameters: [ Parameters.$host, Parameters.subscriptionId, @@ -302,7 +302,7 @@ const listNextOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion, Parameters.kind], + queryParameters: [Parameters.apiVersion, Parameters.kind1], urlParameters: [ Parameters.$host, Parameters.subscriptionId, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts index 1cf716300f95..68f26bcfc90b 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts @@ -15,26 +15,26 @@ export * from "./bookmarkRelations"; export * from "./bookmarkOperations"; export * from "./iPGeodata"; export * from "./domainWhois"; -export * from "./entityQueries"; export * from "./entities"; export * from "./entitiesGetTimeline"; export * from "./entitiesRelations"; export * from "./entityRelations"; +export * from "./entityQueries"; +export * from "./entityQueryTemplates"; export * from "./incidents"; export * from "./incidentComments"; export * from "./incidentRelations"; export * from "./metadata"; +export * from "./officeConsents"; export * from "./sentinelOnboardingStates"; export * from "./productSettings"; export * from "./sourceControlOperations"; export * from "./sourceControls"; +export * from "./threatIntelligenceIndicator"; +export * from "./threatIntelligenceIndicators"; +export * from "./threatIntelligenceIndicatorMetrics"; export * from "./watchlists"; export * from "./watchlistItems"; export * from "./dataConnectors"; export * from "./dataConnectorsCheckRequirementsOperations"; -export * from "./threatIntelligenceIndicator"; -export * from "./threatIntelligenceIndicators"; -export * from "./threatIntelligenceIndicatorMetrics"; export * from "./operations"; -export * from "./officeConsents"; -export * from "./entityQueryTemplates"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts b/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts index 3493b054956a..265d8e1a7791 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts @@ -257,7 +257,7 @@ const listOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion], + queryParameters: [Parameters.apiVersion, Parameters.skipToken], urlParameters: [ Parameters.$host, Parameters.subscriptionId, @@ -355,7 +355,7 @@ const listNextOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion], + queryParameters: [Parameters.apiVersion, Parameters.skipToken], urlParameters: [ Parameters.$host, Parameters.subscriptionId, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts b/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts index bf8ea3e0b683..15e8f428fe27 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts @@ -20,6 +20,7 @@ import { WatchlistsGetOptionalParams, WatchlistsGetResponse, WatchlistsDeleteOptionalParams, + WatchlistsDeleteResponse, WatchlistsCreateOrUpdateOptionalParams, WatchlistsCreateOrUpdateResponse, WatchlistsListNextResponse @@ -145,7 +146,7 @@ export class WatchlistsImpl implements Watchlists { workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams - ): Promise { + ): Promise { return this.client.sendOperationRequest( { resourceGroupName, workspaceName, watchlistAlias, options }, deleteOperationSpec @@ -153,9 +154,12 @@ export class WatchlistsImpl implements Watchlists { } /** - * Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content - * type). To create a Watchlist and its items, we should call this endpoint with rawContent and - * contentType properties. + * Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content + * type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a + * valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content + * size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can + * go up to 500 MB. The status of processing such large file can be polled through the URL returned in + * Azure-AsyncOperation header. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param watchlistAlias Watchlist Alias @@ -209,7 +213,7 @@ const listOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion], + queryParameters: [Parameters.apiVersion, Parameters.skipToken], urlParameters: [ Parameters.$host, Parameters.subscriptionId, @@ -248,6 +252,10 @@ const deleteOperationSpec: coreClient.OperationSpec = { httpMethod: "DELETE", responses: { 200: {}, + 202: { + bodyMapper: Mappers.Watchlist, + headersMapper: Mappers.WatchlistsDeleteHeaders + }, 204: {}, default: { bodyMapper: Mappers.CloudError @@ -273,7 +281,8 @@ const createOrUpdateOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.Watchlist }, 201: { - bodyMapper: Mappers.Watchlist + bodyMapper: Mappers.Watchlist, + headersMapper: Mappers.WatchlistsCreateOrUpdateHeaders }, default: { bodyMapper: Mappers.CloudError @@ -303,7 +312,7 @@ const listNextOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion], + queryParameters: [Parameters.apiVersion, Parameters.skipToken], urlParameters: [ Parameters.$host, Parameters.subscriptionId, diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts index fc1210e5c84e..9b8aee0e56ff 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts @@ -14,7 +14,10 @@ import { AutomationRulesGetResponse, AutomationRulesCreateOrUpdateOptionalParams, AutomationRulesCreateOrUpdateResponse, - AutomationRulesDeleteOptionalParams + AutomationRulesDeleteOptionalParams, + AutomationRulesDeleteResponse, + AutomationRulesManualTriggerPlaybookOptionalParams, + AutomationRulesManualTriggerPlaybookResponse } from "../models"; /// @@ -49,14 +52,12 @@ export interface AutomationRules { * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID - * @param automationRule The automation rule * @param options The options parameters. */ createOrUpdate( resourceGroupName: string, workspaceName: string, automationRuleId: string, - automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams ): Promise; /** @@ -71,5 +72,18 @@ export interface AutomationRules { workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams - ): Promise; + ): Promise; + /** + * Triggers playbook on a specific incident + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentIdentifier + * @param options The options parameters. + */ + manualTriggerPlaybook( + resourceGroupName: string, + workspaceName: string, + incidentIdentifier: string, + options?: AutomationRulesManualTriggerPlaybookOptionalParams + ): Promise; } diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts index 1cf716300f95..68f26bcfc90b 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts @@ -15,26 +15,26 @@ export * from "./bookmarkRelations"; export * from "./bookmarkOperations"; export * from "./iPGeodata"; export * from "./domainWhois"; -export * from "./entityQueries"; export * from "./entities"; export * from "./entitiesGetTimeline"; export * from "./entitiesRelations"; export * from "./entityRelations"; +export * from "./entityQueries"; +export * from "./entityQueryTemplates"; export * from "./incidents"; export * from "./incidentComments"; export * from "./incidentRelations"; export * from "./metadata"; +export * from "./officeConsents"; export * from "./sentinelOnboardingStates"; export * from "./productSettings"; export * from "./sourceControlOperations"; export * from "./sourceControls"; +export * from "./threatIntelligenceIndicator"; +export * from "./threatIntelligenceIndicators"; +export * from "./threatIntelligenceIndicatorMetrics"; export * from "./watchlists"; export * from "./watchlistItems"; export * from "./dataConnectors"; export * from "./dataConnectorsCheckRequirementsOperations"; -export * from "./threatIntelligenceIndicator"; -export * from "./threatIntelligenceIndicators"; -export * from "./threatIntelligenceIndicatorMetrics"; export * from "./operations"; -export * from "./officeConsents"; -export * from "./entityQueryTemplates"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts index 0a7dbb3ef8a0..77f2dc227d5d 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts @@ -13,6 +13,7 @@ import { WatchlistsGetOptionalParams, WatchlistsGetResponse, WatchlistsDeleteOptionalParams, + WatchlistsDeleteResponse, WatchlistsCreateOrUpdateOptionalParams, WatchlistsCreateOrUpdateResponse } from "../models"; @@ -56,11 +57,14 @@ export interface Watchlists { workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams - ): Promise; + ): Promise; /** - * Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content - * type). To create a Watchlist and its items, we should call this endpoint with rawContent and - * contentType properties. + * Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content + * type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a + * valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content + * size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can + * go up to 500 MB. The status of processing such large file can be polled through the URL returned in + * Azure-AsyncOperation header. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param watchlistAlias Watchlist Alias diff --git a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts index 957dd1d33970..81ed6e14704d 100644 --- a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts +++ b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts @@ -18,29 +18,29 @@ import { BookmarkOperationsImpl, IPGeodataImpl, DomainWhoisImpl, - EntityQueriesImpl, EntitiesImpl, EntitiesGetTimelineImpl, EntitiesRelationsImpl, EntityRelationsImpl, + EntityQueriesImpl, + EntityQueryTemplatesImpl, IncidentsImpl, IncidentCommentsImpl, IncidentRelationsImpl, MetadataImpl, + OfficeConsentsImpl, SentinelOnboardingStatesImpl, ProductSettingsImpl, SourceControlOperationsImpl, SourceControlsImpl, + ThreatIntelligenceIndicatorImpl, + ThreatIntelligenceIndicatorsImpl, + ThreatIntelligenceIndicatorMetricsImpl, WatchlistsImpl, WatchlistItemsImpl, DataConnectorsImpl, DataConnectorsCheckRequirementsOperationsImpl, - ThreatIntelligenceIndicatorImpl, - ThreatIntelligenceIndicatorsImpl, - ThreatIntelligenceIndicatorMetricsImpl, - OperationsImpl, - OfficeConsentsImpl, - EntityQueryTemplatesImpl + OperationsImpl } from "./operations"; import { AlertRules, @@ -52,29 +52,29 @@ import { BookmarkOperations, IPGeodata, DomainWhois, - EntityQueries, Entities, EntitiesGetTimeline, EntitiesRelations, EntityRelations, + EntityQueries, + EntityQueryTemplates, Incidents, IncidentComments, IncidentRelations, Metadata, + OfficeConsents, SentinelOnboardingStates, ProductSettings, SourceControlOperations, SourceControls, + ThreatIntelligenceIndicator, + ThreatIntelligenceIndicators, + ThreatIntelligenceIndicatorMetrics, Watchlists, WatchlistItems, DataConnectors, DataConnectorsCheckRequirementsOperations, - ThreatIntelligenceIndicator, - ThreatIntelligenceIndicators, - ThreatIntelligenceIndicatorMetrics, - Operations, - OfficeConsents, - EntityQueryTemplates + Operations } from "./operationsInterfaces"; import { SecurityInsightsOptionalParams } from "./models"; @@ -110,7 +110,7 @@ export class SecurityInsights extends coreClient.ServiceClient { credential: credentials }; - const packageDetails = `azsdk-js-arm-securityinsight/1.0.0-beta.1`; + const packageDetails = `azsdk-js-arm-securityinsight/1.0.0-beta.2`; const userAgentPrefix = options.userAgentOptions && options.userAgentOptions.userAgentPrefix ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}` @@ -133,7 +133,7 @@ export class SecurityInsights extends coreClient.ServiceClient { // Assigning values to Constant parameters this.$host = options.$host || "https://management.azure.com"; - this.apiVersion = options.apiVersion || "2021-09-01-preview"; + this.apiVersion = options.apiVersion || "2022-01-01-preview"; this.alertRules = new AlertRulesImpl(this); this.actions = new ActionsImpl(this); this.alertRuleTemplates = new AlertRuleTemplatesImpl(this); @@ -143,25 +143,21 @@ export class SecurityInsights extends coreClient.ServiceClient { this.bookmarkOperations = new BookmarkOperationsImpl(this); this.iPGeodata = new IPGeodataImpl(this); this.domainWhois = new DomainWhoisImpl(this); - this.entityQueries = new EntityQueriesImpl(this); this.entities = new EntitiesImpl(this); this.entitiesGetTimeline = new EntitiesGetTimelineImpl(this); this.entitiesRelations = new EntitiesRelationsImpl(this); this.entityRelations = new EntityRelationsImpl(this); + this.entityQueries = new EntityQueriesImpl(this); + this.entityQueryTemplates = new EntityQueryTemplatesImpl(this); this.incidents = new IncidentsImpl(this); this.incidentComments = new IncidentCommentsImpl(this); this.incidentRelations = new IncidentRelationsImpl(this); this.metadata = new MetadataImpl(this); + this.officeConsents = new OfficeConsentsImpl(this); this.sentinelOnboardingStates = new SentinelOnboardingStatesImpl(this); this.productSettings = new ProductSettingsImpl(this); this.sourceControlOperations = new SourceControlOperationsImpl(this); this.sourceControls = new SourceControlsImpl(this); - this.watchlists = new WatchlistsImpl(this); - this.watchlistItems = new WatchlistItemsImpl(this); - this.dataConnectors = new DataConnectorsImpl(this); - this.dataConnectorsCheckRequirementsOperations = new DataConnectorsCheckRequirementsOperationsImpl( - this - ); this.threatIntelligenceIndicator = new ThreatIntelligenceIndicatorImpl( this ); @@ -171,9 +167,13 @@ export class SecurityInsights extends coreClient.ServiceClient { this.threatIntelligenceIndicatorMetrics = new ThreatIntelligenceIndicatorMetricsImpl( this ); + this.watchlists = new WatchlistsImpl(this); + this.watchlistItems = new WatchlistItemsImpl(this); + this.dataConnectors = new DataConnectorsImpl(this); + this.dataConnectorsCheckRequirementsOperations = new DataConnectorsCheckRequirementsOperationsImpl( + this + ); this.operations = new OperationsImpl(this); - this.officeConsents = new OfficeConsentsImpl(this); - this.entityQueryTemplates = new EntityQueryTemplatesImpl(this); } alertRules: AlertRules; @@ -185,27 +185,27 @@ export class SecurityInsights extends coreClient.ServiceClient { bookmarkOperations: BookmarkOperations; iPGeodata: IPGeodata; domainWhois: DomainWhois; - entityQueries: EntityQueries; entities: Entities; entitiesGetTimeline: EntitiesGetTimeline; entitiesRelations: EntitiesRelations; entityRelations: EntityRelations; + entityQueries: EntityQueries; + entityQueryTemplates: EntityQueryTemplates; incidents: Incidents; incidentComments: IncidentComments; incidentRelations: IncidentRelations; metadata: Metadata; + officeConsents: OfficeConsents; sentinelOnboardingStates: SentinelOnboardingStates; productSettings: ProductSettings; sourceControlOperations: SourceControlOperations; sourceControls: SourceControls; + threatIntelligenceIndicator: ThreatIntelligenceIndicator; + threatIntelligenceIndicators: ThreatIntelligenceIndicators; + threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; watchlists: Watchlists; watchlistItems: WatchlistItems; dataConnectors: DataConnectors; dataConnectorsCheckRequirementsOperations: DataConnectorsCheckRequirementsOperations; - threatIntelligenceIndicator: ThreatIntelligenceIndicator; - threatIntelligenceIndicators: ThreatIntelligenceIndicators; - threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; operations: Operations; - officeConsents: OfficeConsents; - entityQueryTemplates: EntityQueryTemplates; } diff --git a/sdk/securityinsight/arm-securityinsight/tsconfig.json b/sdk/securityinsight/arm-securityinsight/tsconfig.json index 6e3251194117..3e6ae96443f3 100644 --- a/sdk/securityinsight/arm-securityinsight/tsconfig.json +++ b/sdk/securityinsight/arm-securityinsight/tsconfig.json @@ -9,11 +9,19 @@ "esModuleInterop": true, "allowSyntheticDefaultImports": true, "forceConsistentCasingInFileNames": true, - "lib": ["es6", "dom"], + "lib": [ + "es6", + "dom" + ], "declaration": true, "outDir": "./dist-esm", "importHelpers": true }, - "include": ["./src/**/*.ts", "./test/**/*.ts"], - "exclude": ["node_modules"] -} + "include": [ + "./src/**/*.ts", + "./test/**/*.ts" + ], + "exclude": [ + "node_modules" + ] +} \ No newline at end of file diff --git a/sdk/securityinsight/ci.mgmt.yml b/sdk/securityinsight/ci.mgmt.yml index 447cd8fb1344..54c97e7c4804 100644 --- a/sdk/securityinsight/ci.mgmt.yml +++ b/sdk/securityinsight/ci.mgmt.yml @@ -1,5 +1,5 @@ # NOTE: Please refer to https://aka.ms/azsdk/engsys/ci-yaml before editing this file. - + trigger: branches: include: @@ -10,6 +10,7 @@ trigger: include: - sdk/securityinsight/ci.mgmt.yml - sdk/securityinsight/arm-securityinsight/ + - sdk/securityinsight/arm-securityinsight pr: branches: include: @@ -23,11 +24,11 @@ pr: include: - sdk/securityinsight/ci.mgmt.yml - sdk/securityinsight/arm-securityinsight/ - + - sdk/securityinsight/arm-securityinsight extends: template: /eng/pipelines/templates/stages/archetype-sdk-client.yml parameters: ServiceDirectory: securityinsight Artifacts: - name: azure-arm-securityinsight - safeName: azurearmsecurityinsight \ No newline at end of file + safeName: azurearmsecurityinsight