From 7373727c35b7c1f6294808fa0c5627829632b849 Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Tue, 15 Feb 2022 01:53:20 +0000 Subject: [PATCH] CodeGen from PR 17849 in Azure/azure-rest-api-specs Merge 3b418fc68c3aca93e904a5e7b281d8af17c69de0 into d4daab778f123ce61fb27a2f1fcae93a19d80c8b --- .../arm-securityinsight/CHANGELOG.md | 127 + .../arm-securityinsight/_meta.json | 8 +- .../arm-securityinsight/api-extractor.json | 25 +- .../arm-securityinsight/package.json | 25 +- .../review/arm-securityinsight.api.md | 465 ++- .../arm-securityinsight/src/models/index.ts | 1737 +++++----- .../arm-securityinsight/src/models/mappers.ts | 2781 +++++++++++------ .../src/models/parameters.ts | 207 +- .../src/operations/automationRules.ts | 149 +- .../src/operations/dataConnectors.ts | 4 +- .../src/operations/entities.ts | 2 +- .../src/operations/entityQueries.ts | 4 +- .../src/operations/index.ts | 12 +- .../operationsInterfaces/automationRules.ts | 22 +- .../src/operationsInterfaces/index.ts | 12 +- .../src/securityInsights.ts | 62 +- .../arm-securityinsight/tsconfig.json | 16 +- 17 files changed, 3620 insertions(+), 2038 deletions(-) diff --git a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md index b31724782786..013fcb9cc1e7 100644 --- a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md +++ b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md @@ -1,5 +1,132 @@ # Release History +## 1.0.0-beta.2 (2022-02-15) + +**Features** + + - Added operation AutomationRules.manualTriggerPlaybook + - Added Interface AutomationRulesManualTriggerPlaybookOptionalParams + - Added Interface AzureDevOpsResourceInfo + - Added Interface BookmarkEntityMappings + - Added Interface Deployment + - Added Interface DeploymentInfo + - Added Interface EntityFieldMapping + - Added Interface FusionScenarioExclusionPattern + - Added Interface FusionSourceSettings + - Added Interface FusionSourceSubTypeSetting + - Added Interface FusionSubTypeSeverityFilter + - Added Interface FusionSubTypeSeverityFiltersItem + - Added Interface FusionTemplateSourceSetting + - Added Interface FusionTemplateSourceSubType + - Added Interface FusionTemplateSubTypeSeverityFilter + - Added Interface GitHubResourceInfo + - Added Interface ManualTriggerRequestBody + - Added Interface Office365ProjectConnectorDataTypes + - Added Interface OfficePowerBIConnectorDataTypes + - Added Interface RepositoryResourceInfo + - Added Interface Webhook + - Added Type Alias ActionType + - Added Type Alias AlertRuleTemplateWithMitreProperties + - Added Type Alias AutomationRulesDeleteResponse + - Added Type Alias AutomationRulesManualTriggerPlaybookResponse + - Added Type Alias ConditionType + - Added Type Alias DeploymentFetchStatus + - Added Type Alias DeploymentResult + - Added Type Alias DeploymentState + - Added Type Alias Enum12 + - Added Type Alias Office365ProjectCheckRequirements + - Added Type Alias Office365ProjectCheckRequirementsProperties + - Added Type Alias Office365ProjectConnectorDataTypesLogs + - Added Type Alias Office365ProjectDataConnector + - Added Type Alias Office365ProjectDataConnectorProperties + - Added Type Alias OfficePowerBICheckRequirements + - Added Type Alias OfficePowerBICheckRequirementsProperties + - Added Type Alias OfficePowerBIConnectorDataTypesLogs + - Added Type Alias OfficePowerBIDataConnector + - Added Type Alias OfficePowerBIDataConnectorProperties + - Added Type Alias PropertyConditionProperties + - Added Type Alias ThreatIntelligenceResourceKindUnion + - Added Type Alias Version + - Interface AutomationRulesCreateOrUpdateOptionalParams has a new optional parameter automationRuleToUpsert + - Interface IncidentAdditionalData has a new optional parameter providerIncidentUrl + - Interface IncidentAdditionalData has a new optional parameter techniques + - Interface QueryBasedAlertRuleProperties has a new optional parameter techniques + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias FusionAlertRuleTemplateProperties + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias MLBehaviorAnalyticsAlertRuleTemplateProperties + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias NrtAlertRuleTemplateProperties + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias ScheduledAlertRuleTemplateProperties + - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias ThreatIntelligenceAlertRuleTemplateProperties + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter severity + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter status + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter classification + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter classificationReason + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter classificationComment + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter owner + - Type Alias AutomationRuleModifyPropertiesAction has a new parameter labels + - Type Alias AutomationRuleRunPlaybookAction has a new parameter logicAppResourceId + - Type Alias AutomationRuleRunPlaybookAction has a new parameter tenantId + - Type Alias Bookmark has a new parameter entityMappings + - Type Alias Bookmark has a new parameter tactics + - Type Alias Bookmark has a new parameter techniques + - Type Alias FusionAlertRule has a new parameter sourceSettings + - Type Alias FusionAlertRule has a new parameter scenarioExclusionPatterns + - Type Alias FusionAlertRule has a new parameter techniques + - Type Alias FusionAlertRuleTemplate has a new parameter techniques + - Type Alias FusionAlertRuleTemplate has a new parameter sourceSettings + - Type Alias MLBehaviorAnalyticsAlertRule has a new parameter techniques + - Type Alias MLBehaviorAnalyticsAlertRuleTemplate has a new parameter techniques + - Type Alias NrtAlertRule has a new parameter techniques + - Type Alias NrtAlertRuleTemplate has a new parameter techniques + - Type Alias ScheduledAlertRule has a new parameter techniques + - Type Alias ScheduledAlertRuleTemplate has a new parameter techniques + - Type Alias SourceControl has a new parameter version + - Type Alias SourceControl has a new parameter repositoryResourceInfo + - Type Alias SourceControl has a new parameter lastDeploymentInfo + - Type Alias ThreatIntelligenceAlertRule has a new parameter techniques + - Type Alias ThreatIntelligenceAlertRuleTemplate has a new parameter techniques + - Added Enum KnownActionType + - Added Enum KnownConditionType + - Added Enum KnownDeploymentFetchStatus + - Added Enum KnownDeploymentResult + - Added Enum KnownDeploymentState + - Added Enum KnownEnum12 + - Added Enum KnownVersion + - Enum KnownAttackTactic has a new value ImpairProcessControl + - Enum KnownAttackTactic has a new value InhibitResponseFunction + - Enum KnownAttackTactic has a new value Reconnaissance + - Enum KnownAttackTactic has a new value ResourceDevelopment + - Enum KnownAutomationRulePropertyConditionSupportedProperty has a new value AlertProductNames + - Enum KnownAutomationRulePropertyConditionSupportedProperty has a new value IncidentLabel + - Enum KnownDataConnectorKind has a new value Office365Project + - Enum KnownDataConnectorKind has a new value OfficePowerBI + +**Breaking Changes** + + - Operation AutomationRules.createOrUpdate has a new signature + - Interface QueryBasedAlertRuleTemplateProperties no longer has parameter tactics + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias FusionAlertRuleTemplateProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias MLBehaviorAnalyticsAlertRuleTemplateProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias NrtAlertRuleTemplateProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias ScheduledAlertRuleTemplateProperties + - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias ThreatIntelligenceAlertRuleTemplateProperties + - Type Alias AutomationRuleModifyPropertiesAction no longer has parameter actionConfiguration + - Type Alias AutomationRuleRunPlaybookAction no longer has parameter actionConfiguration + - Type Alias FusionAlertRuleTemplateProperties no longer has parameter tactics + - Type Alias MLBehaviorAnalyticsAlertRuleTemplateProperties no longer has parameter tactics + - Type Alias ThreatIntelligenceAlertRuleTemplateProperties no longer has parameter tactics + - Type Alias FusionAlertRuleTemplateProperties has a new parameter sourceSettings + - Type Alias ThreatIntelligenceIndicatorModel has a new parameter kind + - Type Alias ThreatIntelligenceIndicatorModelForRequestBody has a new parameter kind + - Type Alias ThreatIntelligenceInformation has a new parameter kind + - Parameter displayName of Type Alias AutomationRule is now required + - Parameter order of Type Alias AutomationRule is now required + - Parameter triggeringLogic of Type Alias AutomationRule is now required + - Parameter actions of Type Alias AutomationRule is now required + - Removed Enum KnownAutomationRuleActionType + - Removed Enum KnownAutomationRuleConditionType + - Removed Enum KnownEnum8 + + ## 1.0.0-beta.1 (2022-01-19) The package of @azure/arm-securityinsight is using our next generation design principles. To learn more, please refer to our documentation [Quick Start](https://aka.ms/js-track2-quickstart). diff --git a/sdk/securityinsight/arm-securityinsight/_meta.json b/sdk/securityinsight/arm-securityinsight/_meta.json index 55f48480abfc..14dea7b5f4d3 100644 --- a/sdk/securityinsight/arm-securityinsight/_meta.json +++ b/sdk/securityinsight/arm-securityinsight/_meta.json @@ -1,7 +1,7 @@ { - "commit": "1b0a465061c68175898f8f5d27f0301f42ce994c", + "commit": "8f2231d9c0b138a1159207efc23dc9e7dc00b72b", "readme": "specification/securityinsights/resource-manager/readme.md", - "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=D:\\mydev\\azure-sdk-for-js ../azure-rest-api-specs/specification/iotspaces/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.16.20220114.1 --generate-sample=true", + "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=/home/vsts/work/1/s/azure-sdk-for-js ../azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.16.20220105.1", "repository_url": "https://github.com/Azure/azure-rest-api-specs.git", - "use": "@autorest/typescript@6.0.0-alpha.16.20220114.1" -} + "use": "@autorest/typescript@6.0.0-alpha.16.20220105.1" +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/api-extractor.json b/sdk/securityinsight/arm-securityinsight/api-extractor.json index c343bf73e921..ba4f20f727f2 100644 --- a/sdk/securityinsight/arm-securityinsight/api-extractor.json +++ b/sdk/securityinsight/arm-securityinsight/api-extractor.json @@ -1,18 +1,31 @@ { "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json", "mainEntryPointFilePath": "./dist-esm/src/index.d.ts", - "docModel": { "enabled": true }, - "apiReport": { "enabled": true, "reportFolder": "./review" }, + "docModel": { + "enabled": true + }, + "apiReport": { + "enabled": true, + "reportFolder": "./review" + }, "dtsRollup": { "enabled": true, "untrimmedFilePath": "", "publicTrimmedFilePath": "./types/arm-securityinsight.d.ts" }, "messages": { - "tsdocMessageReporting": { "default": { "logLevel": "none" } }, + "tsdocMessageReporting": { + "default": { + "logLevel": "none" + } + }, "extractorMessageReporting": { - "ae-missing-release-tag": { "logLevel": "none" }, - "ae-unresolved-link": { "logLevel": "none" } + "ae-missing-release-tag": { + "logLevel": "none" + }, + "ae-unresolved-link": { + "logLevel": "none" + } } } -} +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/package.json b/sdk/securityinsight/arm-securityinsight/package.json index 60b9c83bbb72..b2038651cd78 100644 --- a/sdk/securityinsight/arm-securityinsight/package.json +++ b/sdk/securityinsight/arm-securityinsight/package.json @@ -3,8 +3,10 @@ "sdk-type": "mgmt", "author": "Microsoft Corporation", "description": "A generated SDK for SecurityInsights.", - "version": "1.0.0-beta.1", - "engines": { "node": ">=12.0.0" }, + "version": "1.0.0-beta.2", + "engines": { + "node": ">=12.0.0" + }, "dependencies": { "@azure/core-paging": "^1.2.0", "@azure/core-client": "^1.0.0", @@ -12,7 +14,13 @@ "@azure/core-rest-pipeline": "^1.1.0", "tslib": "^2.2.0" }, - "keywords": ["node", "azure", "typescript", "browser", "isomorphic"], + "keywords": [ + "node", + "azure", + "typescript", + "browser", + "isomorphic" + ], "license": "MIT", "main": "./dist/index.js", "module": "./dist-esm/src/index.js", @@ -39,7 +47,9 @@ "type": "git", "url": "https://github.com/Azure/azure-sdk-for-js.git" }, - "bugs": { "url": "https://github.com/Azure/azure-sdk-for-js/issues" }, + "bugs": { + "url": "https://github.com/Azure/azure-sdk-for-js/issues" + }, "files": [ "dist/**/*.js", "dist/**/*.js.map", @@ -86,10 +96,5 @@ "docs": "echo skipped" }, "sideEffects": false, - "//metadata": { - "constantPaths": [ - { "path": "src/SecurityInsights.ts", "prefix": "packageDetails" } - ] - }, "autoPublish": true -} +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md index 0c10f5865d27..c70796f4bd15 100644 --- a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md +++ b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md @@ -153,6 +153,9 @@ export interface ActionsListByAlertRuleOptionalParams extends coreClient.Operati // @public export type ActionsListByAlertRuleResponse = ActionsList; +// @public +export type ActionType = string; + // @public export type ActivityCustomEntityQuery = CustomEntityQuery & { title?: string; @@ -347,6 +350,12 @@ export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList; // @public (undocumented) export type AlertRuleTemplateUnion = AlertRuleTemplate | MLBehaviorAnalyticsAlertRuleTemplate | FusionAlertRuleTemplate | ThreatIntelligenceAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate | NrtAlertRuleTemplate; +// @public +export type AlertRuleTemplateWithMitreProperties = AlertRuleTemplatePropertiesBase & { + tactics?: AttackTactic[]; + techniques?: string[]; +}; + // @public (undocumented) export type AlertRuleUnion = AlertRule | MLBehaviorAnalyticsAlertRule | FusionAlertRule | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule | NrtAlertRule; @@ -389,57 +398,47 @@ export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & { // @public export type AttackTactic = string; -// @public +// @public (undocumented) export type AutomationRule = ResourceWithEtag & { - displayName?: string; - order?: number; - triggeringLogic?: AutomationRuleTriggeringLogic; - actions?: AutomationRuleActionUnion[]; - readonly createdTimeUtc?: Date; + displayName: string; + order: number; + triggeringLogic: AutomationRuleTriggeringLogic; + actions: AutomationRuleActionUnion[]; readonly lastModifiedTimeUtc?: Date; - readonly createdBy?: ClientInfo; + readonly createdTimeUtc?: Date; readonly lastModifiedBy?: ClientInfo; + readonly createdBy?: ClientInfo; }; // @public export interface AutomationRuleAction { - actionType: "RunPlaybook" | "ModifyProperties"; + actionType: "ModifyProperties" | "RunPlaybook"; + // (undocumented) order: number; } -// @public -export type AutomationRuleActionType = string; - // @public (undocumented) -export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleRunPlaybookAction | AutomationRuleModifyPropertiesAction; +export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction; // @public export interface AutomationRuleCondition { conditionType: "Property"; } -// @public -export type AutomationRuleConditionType = string; - // @public (undocumented) -export type AutomationRuleConditionUnion = AutomationRuleCondition | AutomationRulePropertyValuesCondition; +export type AutomationRuleConditionUnion = AutomationRuleCondition | PropertyConditionProperties; // @public export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { actionType: "ModifyProperties"; - actionConfiguration: AutomationRuleModifyPropertiesActionConfiguration; -}; - -// @public -export interface AutomationRuleModifyPropertiesActionConfiguration { + severity?: IncidentSeverity; + status?: IncidentStatus; classification?: IncidentClassification; - classificationComment?: string; classificationReason?: IncidentClassificationReason; - labels?: IncidentLabel[]; + classificationComment?: string; owner?: IncidentOwnerInfo; - severity?: IncidentSeverity; - status?: IncidentStatus; -} + labels?: IncidentLabel[]; +}; // @public export type AutomationRulePropertyConditionSupportedOperator = string; @@ -447,41 +446,25 @@ export type AutomationRulePropertyConditionSupportedOperator = string; // @public export type AutomationRulePropertyConditionSupportedProperty = string; -// @public -export type AutomationRulePropertyValuesCondition = AutomationRuleCondition & { - conditionType: "Property"; - conditionProperties: AutomationRulePropertyValuesConditionProperties; -}; - -// @public -export interface AutomationRulePropertyValuesConditionProperties { - operator?: AutomationRulePropertyConditionSupportedOperator; - propertyName?: AutomationRulePropertyConditionSupportedProperty; - propertyValues?: string[]; -} - // @public export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { actionType: "RunPlaybook"; - actionConfiguration: AutomationRuleRunPlaybookActionConfiguration; -}; - -// @public -export interface AutomationRuleRunPlaybookActionConfiguration { logicAppResourceId?: string; tenantId?: string; -} +}; // @public export interface AutomationRules { - createOrUpdate(resourceGroupName: string, workspaceName: string, automationRuleId: string, automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams): Promise; + createOrUpdate(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams): Promise; get(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesGetOptionalParams): Promise; list(resourceGroupName: string, workspaceName: string, options?: AutomationRulesListOptionalParams): PagedAsyncIterableIterator; + manualTriggerPlaybook(resourceGroupName: string, workspaceName: string, incidentIdentifier: string, options?: AutomationRulesManualTriggerPlaybookOptionalParams): Promise; } // @public export interface AutomationRulesCreateOrUpdateOptionalParams extends coreClient.OperationOptions { + automationRuleToUpsert?: AutomationRule; } // @public @@ -491,6 +474,9 @@ export type AutomationRulesCreateOrUpdateResponse = AutomationRule; export interface AutomationRulesDeleteOptionalParams extends coreClient.OperationOptions { } +// @public +export type AutomationRulesDeleteResponse = Record; + // @public export interface AutomationRulesGetOptionalParams extends coreClient.OperationOptions { } @@ -498,10 +484,12 @@ export interface AutomationRulesGetOptionalParams extends coreClient.OperationOp // @public export type AutomationRulesGetResponse = AutomationRule; -// @public +// @public (undocumented) export interface AutomationRulesList { - readonly nextLink?: string; - value: AutomationRule[]; + // (undocumented) + nextLink?: string; + // (undocumented) + value?: AutomationRule[]; } // @public @@ -518,12 +506,23 @@ export interface AutomationRulesListOptionalParams extends coreClient.OperationO // @public export type AutomationRulesListResponse = AutomationRulesList; +// @public +export interface AutomationRulesManualTriggerPlaybookOptionalParams extends coreClient.OperationOptions { + // (undocumented) + requestBody?: ManualTriggerRequestBody; +} + +// @public +export type AutomationRulesManualTriggerPlaybookResponse = Record; + // @public export interface AutomationRuleTriggeringLogic { conditions?: AutomationRuleConditionUnion[]; expirationTimeUtc?: Date; isEnabled: boolean; + // (undocumented) triggersOn: TriggersOn; + // (undocumented) triggersWhen: TriggersWhen; } @@ -573,6 +572,12 @@ export interface AwsS3DataConnectorDataTypes { // @public export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; +// @public +export interface AzureDevOpsResourceInfo { + pipelineId?: string; + serviceConnectionId?: string; +} + // @public export type AzureResourceEntity = Entity & { readonly additionalData?: { @@ -604,8 +609,17 @@ export type Bookmark = ResourceWithEtag & { queryStartTime?: Date; queryEndTime?: Date; incidentInfo?: IncidentInfo; + entityMappings?: BookmarkEntityMappings[]; + tactics?: AttackTactic[]; + techniques?: string[]; }; +// @public +export interface BookmarkEntityMappings { + entityType?: string; + fieldMappings?: EntityFieldMapping[]; +} + // @public export type BookmarkExpandOperationResponse = BookmarkExpandResponse; @@ -886,6 +900,9 @@ export type CodelessUiDataConnector = DataConnector & { connectorUiConfig?: CodelessUiConnectorConfigProperties; }; +// @public +export type ConditionType = string; + // @public export type ConfidenceLevel = string; @@ -1004,7 +1021,7 @@ export interface DataConnectors { // @public export interface DataConnectorsCheckRequirements { - kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "ThreatIntelligence" | "ThreatIntelligenceTaxii"; + kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "Office365Project" | "OfficePowerBI" | "ThreatIntelligence" | "ThreatIntelligenceTaxii"; } // @public @@ -1020,7 +1037,7 @@ export interface DataConnectorsCheckRequirementsPostOptionalParams extends coreC export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; // @public (undocumented) -export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; +export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | Office365ProjectCheckRequirements | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; // @public export interface DataConnectorsConnectOptionalParams extends coreClient.OperationOptions { @@ -1068,7 +1085,7 @@ export interface DataConnectorTenantId { } // @public (undocumented) -export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; +export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | Office365ProjectDataConnector | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; // @public export interface DataConnectorWithAlertsProperties { @@ -1089,6 +1106,31 @@ export type DeliveryAction = "Unknown" | "DeliveredAsSpam" | "Delivered" | "Bloc // @public export type DeliveryLocation = "Unknown" | "Inbox" | "JunkFolder" | "DeletedFolder" | "Quarantine" | "External" | "Failed" | "Dropped" | "Forwarded"; +// @public +export interface Deployment { + deploymentId?: string; + deploymentLogsUrl?: string; + deploymentResult?: DeploymentResult; + deploymentState?: DeploymentState; + deploymentTime?: Date; +} + +// @public +export type DeploymentFetchStatus = string; + +// @public +export interface DeploymentInfo { + deployment?: Deployment; + deploymentFetchStatus?: DeploymentFetchStatus; + message?: string; +} + +// @public +export type DeploymentResult = string; + +// @public +export type DeploymentState = string; + // @public export type DnsEntity = Entity & { readonly additionalData?: { @@ -1358,6 +1400,12 @@ export interface EntityExpandResponseValue { entities?: EntityUnion[]; } +// @public +export interface EntityFieldMapping { + identifier?: string; + value?: string; +} + // @public export interface EntityGetInsightsParameters { addDefaultExtendedTimeRange?: boolean; @@ -1435,7 +1483,7 @@ export type EntityQueriesGetResponse = EntityQueryUnion; // @public export interface EntityQueriesListNextOptionalParams extends coreClient.OperationOptions { - kind?: Enum8; + kind?: Enum12; } // @public @@ -1443,7 +1491,7 @@ export type EntityQueriesListNextResponse = EntityQueryList; // @public export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { - kind?: Enum8; + kind?: Enum12; } // @public @@ -1578,27 +1626,7 @@ export type EntityType = string; export type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity; // @public -export type Enum8 = string; - -// @public -export interface ErrorAdditionalInfo { - readonly info?: Record; - readonly type?: string; -} - -// @public -export interface ErrorDetail { - readonly additionalInfo?: ErrorAdditionalInfo[]; - readonly code?: string; - readonly details?: ErrorDetail[]; - readonly message?: string; - readonly target?: string; -} - -// @public -export interface ErrorResponse { - error?: ErrorDetail; -} +export type Enum12 = string; // @public export type EventGroupingAggregationKind = string; @@ -1687,9 +1715,12 @@ export type FusionAlertRule = AlertRule & { readonly description?: string; readonly displayName?: string; enabled?: boolean; + sourceSettings?: FusionSourceSettings[]; + scenarioExclusionPatterns?: FusionScenarioExclusionPattern[]; readonly lastModifiedUtc?: Date; readonly severity?: AlertSeverity; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; }; // @public @@ -1701,16 +1732,70 @@ export type FusionAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; - severity?: AlertSeverity; tactics?: AttackTactic[]; + techniques?: string[]; + severity?: AlertSeverity; + sourceSettings?: FusionTemplateSourceSetting[]; }; // @public -export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { +export type FusionAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { severity: AlertSeverity; - tactics?: AttackTactic[]; + sourceSettings: FusionTemplateSourceSetting[]; }; +// @public +export interface FusionScenarioExclusionPattern { + dateAddedInUTC: string; + exclusionPattern: string; +} + +// @public +export interface FusionSourceSettings { + enabled: boolean; + sourceName: string; + sourceSubTypes?: FusionSourceSubTypeSetting[]; +} + +// @public +export interface FusionSourceSubTypeSetting { + enabled: boolean; + severityFilters: FusionSubTypeSeverityFilter; + readonly sourceSubTypeDisplayName?: string; + sourceSubTypeName: string; +} + +// @public +export interface FusionSubTypeSeverityFilter { + filters?: FusionSubTypeSeverityFiltersItem[]; + readonly isSupported?: boolean; +} + +// @public +export interface FusionSubTypeSeverityFiltersItem { + enabled: boolean; + severity: AlertSeverity; +} + +// @public +export interface FusionTemplateSourceSetting { + sourceName: string; + sourceSubTypes?: FusionTemplateSourceSubType[]; +} + +// @public +export interface FusionTemplateSourceSubType { + severityFilter: FusionTemplateSubTypeSeverityFilter; + readonly sourceSubTypeDisplayName?: string; + sourceSubTypeName: string; +} + +// @public +export interface FusionTemplateSubTypeSeverityFilter { + isSupported: boolean; + severityFilters?: AlertSeverity[]; +} + // @public export interface GeoLocation { readonly asn?: number; @@ -1740,6 +1825,11 @@ export interface GetQueriesResponse { value?: EntityQueryItemUnion[]; } +// @public +export interface GitHubResourceInfo { + appInstallationId?: string; +} + // @public export interface GraphQueries { baseQuery?: string; @@ -1852,7 +1942,9 @@ export interface IncidentAdditionalData { readonly alertsCount?: number; readonly bookmarksCount?: number; readonly commentsCount?: number; + readonly providerIncidentUrl?: string; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; } // @public @@ -2283,6 +2375,12 @@ export type KillChainIntent = string; // @public export type Kind = string; +// @public +export enum KnownActionType { + ModifyProperties = "ModifyProperties", + RunPlaybook = "RunPlaybook" +} + // @public export enum KnownAlertDetail { DisplayName = "DisplayName", @@ -2349,6 +2447,10 @@ export enum KnownAttackTactic { // (undocumented) Impact = "Impact", // (undocumented) + ImpairProcessControl = "ImpairProcessControl", + // (undocumented) + InhibitResponseFunction = "InhibitResponseFunction", + // (undocumented) InitialAccess = "InitialAccess", // (undocumented) LateralMovement = "LateralMovement", @@ -2357,18 +2459,11 @@ export enum KnownAttackTactic { // (undocumented) PreAttack = "PreAttack", // (undocumented) - PrivilegeEscalation = "PrivilegeEscalation" -} - -// @public -export enum KnownAutomationRuleActionType { - ModifyProperties = "ModifyProperties", - RunPlaybook = "RunPlaybook" -} - -// @public -export enum KnownAutomationRuleConditionType { - Property = "Property" + PrivilegeEscalation = "PrivilegeEscalation", + // (undocumented) + Reconnaissance = "Reconnaissance", + // (undocumented) + ResourceDevelopment = "ResourceDevelopment" } // @public @@ -2393,6 +2488,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { AccountPuid = "AccountPUID", AccountSid = "AccountSid", AccountUPNSuffix = "AccountUPNSuffix", + AlertProductNames = "AlertProductNames", AzureResourceResourceId = "AzureResourceResourceId", AzureResourceSubscriptionId = "AzureResourceSubscriptionId", CloudApplicationAppId = "CloudApplicationAppId", @@ -2407,6 +2503,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { HostNTDomain = "HostNTDomain", HostOSVersion = "HostOSVersion", IncidentDescription = "IncidentDescription", + IncidentLabel = "IncidentLabel", IncidentProviderName = "IncidentProviderName", IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", IncidentSeverity = "IncidentSeverity", @@ -2439,6 +2536,11 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { Url = "Url" } +// @public +export enum KnownConditionType { + Property = "Property" +} + // @public export enum KnownConfidenceLevel { High = "High", @@ -2533,10 +2635,14 @@ export enum KnownDataConnectorKind { // (undocumented) Office365 = "Office365", // (undocumented) + Office365Project = "Office365Project", + // (undocumented) OfficeATP = "OfficeATP", // (undocumented) OfficeIRM = "OfficeIRM", // (undocumented) + OfficePowerBI = "OfficePowerBI", + // (undocumented) ThreatIntelligence = "ThreatIntelligence", // (undocumented) ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii" @@ -2560,6 +2666,38 @@ export enum KnownDataTypeState { Enabled = "Enabled" } +// @public +export enum KnownDeploymentFetchStatus { + // (undocumented) + NotFound = "NotFound", + // (undocumented) + Success = "Success", + // (undocumented) + Unauthorized = "Unauthorized" +} + +// @public +export enum KnownDeploymentResult { + // (undocumented) + Canceled = "Canceled", + // (undocumented) + Failed = "Failed", + // (undocumented) + Success = "Success" +} + +// @public +export enum KnownDeploymentState { + // (undocumented) + Canceling = "Canceling", + // (undocumented) + Completed = "Completed", + // (undocumented) + InProgress = "In_Progress", + // (undocumented) + Queued = "Queued" +} + // @public export enum KnownEntityItemQueryKind { Insight = "Insight" @@ -2661,7 +2799,7 @@ export enum KnownEntityType { } // @public -export enum KnownEnum8 { +export enum KnownEnum12 { // (undocumented) Activity = "Activity", // (undocumented) @@ -2995,6 +3133,14 @@ export enum KnownUebaDataSources { SigninLogs = "SigninLogs" } +// @public +export enum KnownVersion { + // (undocumented) + V1 = "V1", + // (undocumented) + V2 = "V2" +} + // @public export interface LastDataReceivedDataType { lastDataReceivedQuery?: string; @@ -3145,6 +3291,14 @@ export type MalwareEntityProperties = EntityCommonProperties & { readonly processEntityIds?: string[]; }; +// @public (undocumented) +export interface ManualTriggerRequestBody { + // (undocumented) + logicAppsResourceId?: string; + // (undocumented) + tenantId?: string; +} + // @public export type MatchingMethod = string; @@ -3383,6 +3537,7 @@ export type MLBehaviorAnalyticsAlertRule = AlertRule & { readonly lastModifiedUtc?: Date; readonly severity?: AlertSeverity; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; }; // @public @@ -3394,14 +3549,14 @@ export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; - severity?: AlertSeverity; tactics?: AttackTactic[]; + techniques?: string[]; + severity?: AlertSeverity; }; // @public -export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { +export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { severity: AlertSeverity; - tactics?: AttackTactic[]; }; // @public @@ -3474,13 +3629,14 @@ export type NrtAlertRule = AlertRule & { templateVersion?: string; description?: string; query?: string; + tactics?: AttackTactic[]; + techniques?: string[]; displayName?: string; enabled?: boolean; readonly lastModifiedUtc?: Date; suppressionDuration?: string; suppressionEnabled?: boolean; severity?: AlertSeverity; - tactics?: AttackTactic[]; incidentConfiguration?: IncidentConfiguration; customDetails?: { [propertyName: string]: string; @@ -3501,9 +3657,10 @@ export type NrtAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; + tactics?: AttackTactic[]; + techniques?: string[]; query?: string; severity?: AlertSeverity; - tactics?: AttackTactic[]; version?: string; customDetails?: { [propertyName: string]: string; @@ -3513,7 +3670,35 @@ export type NrtAlertRuleTemplate = AlertRuleTemplate & { }; // @public -export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & {}; +export type NrtAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & {}; + +// @public +export type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & { + kind: "Office365Project"; + tenantId?: string; +}; + +// @public +export type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export interface Office365ProjectConnectorDataTypes { + logs: Office365ProjectConnectorDataTypesLogs; +} + +// @public +export type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +// @public +export type Office365ProjectDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: Office365ProjectConnectorDataTypes; +}; + +// @public +export type Office365ProjectDataConnectorProperties = DataConnectorTenantId & { + dataTypes: Office365ProjectConnectorDataTypes; +}; // @public export type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & { @@ -3622,6 +3807,34 @@ export type OfficeIRMDataConnector = DataConnector & { // @public export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; +// @public +export type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & { + kind: "OfficePowerBI"; + tenantId?: string; +}; + +// @public +export type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {}; + +// @public +export interface OfficePowerBIConnectorDataTypes { + logs: OfficePowerBIConnectorDataTypesLogs; +} + +// @public +export type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +// @public +export type OfficePowerBIDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: OfficePowerBIConnectorDataTypes; +}; + +// @public +export type OfficePowerBIDataConnectorProperties = DataConnectorTenantId & { + dataTypes: OfficePowerBIConnectorDataTypes; +}; + // @public export interface Operation { display?: OperationDisplay; @@ -3757,6 +3970,14 @@ export interface ProductSettingsUpdateOptionalParams extends coreClient.Operatio // @public export type ProductSettingsUpdateResponse = SettingsUnion; +// @public +export type PropertyConditionProperties = AutomationRuleCondition & { + conditionType: "Property"; + propertyName?: AutomationRulePropertyConditionSupportedProperty; + operator?: AutomationRulePropertyConditionSupportedOperator; + propertyValues?: string[]; +}; + // @public export type ProviderName = string; @@ -3778,6 +3999,7 @@ export interface QueryBasedAlertRuleProperties { suppressionDuration: string; suppressionEnabled: boolean; tactics?: AttackTactic[]; + techniques?: string[]; templateVersion?: string; } @@ -3790,7 +4012,6 @@ export interface QueryBasedAlertRuleTemplateProperties { entityMappings?: EntityMapping[]; query?: string; severity?: AlertSeverity; - tactics?: AttackTactic[]; version?: string; } @@ -3872,6 +4093,13 @@ export interface Repository { url?: string; } +// @public +export interface RepositoryResourceInfo { + azureDevOpsResourceInfo?: AzureDevOpsResourceInfo; + gitHubResourceInfo?: GitHubResourceInfo; + webhook?: Webhook; +} + // @public export type RepoType = string; @@ -3922,13 +4150,14 @@ export type ScheduledAlertRule = AlertRule & { templateVersion?: string; description?: string; query?: string; + tactics?: AttackTactic[]; + techniques?: string[]; displayName?: string; enabled?: boolean; readonly lastModifiedUtc?: Date; suppressionDuration?: string; suppressionEnabled?: boolean; severity?: AlertSeverity; - tactics?: AttackTactic[]; incidentConfiguration?: IncidentConfiguration; customDetails?: { [propertyName: string]: string; @@ -3958,9 +4187,10 @@ export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; + tactics?: AttackTactic[]; + techniques?: string[]; query?: string; severity?: AlertSeverity; - tactics?: AttackTactic[]; version?: string; customDetails?: { [propertyName: string]: string; @@ -3975,7 +4205,7 @@ export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { }; // @public -export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & ScheduledAlertRuleCommonProperties & {}; +export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & ScheduledAlertRuleCommonProperties & {}; // @public export type SecurityAlert = Entity & { @@ -4237,11 +4467,14 @@ export type Source = string; // @public export type SourceControl = ResourceWithEtag & { idPropertiesId?: string; + version?: Version; displayName?: string; description?: string; repoType?: RepoType; contentTypes?: ContentType[]; repository?: Repository; + repositoryResourceInfo?: RepositoryResourceInfo; + lastDeploymentInfo?: DeploymentInfo; }; // @public @@ -4396,6 +4629,7 @@ export type ThreatIntelligenceAlertRule = AlertRule & { readonly lastModifiedUtc?: Date; readonly severity?: AlertSeverity; readonly tactics?: AttackTactic[]; + readonly techniques?: string[]; }; // @public @@ -4407,14 +4641,14 @@ export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & { displayName?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; status?: TemplateStatus; - severity?: AlertSeverity; tactics?: AttackTactic[]; + techniques?: string[]; + severity?: AlertSeverity; }; // @public -export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { +export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { severity: AlertSeverity; - tactics?: AttackTactic[]; }; // @public @@ -4511,6 +4745,7 @@ export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceM // @public export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { + kind: "indicator"; readonly additionalData?: { [propertyName: string]: Record; }; @@ -4549,6 +4784,7 @@ export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { // @public export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { + kind: "indicator"; etag?: string; readonly additionalData?: { [propertyName: string]: Record; @@ -4669,7 +4905,9 @@ export interface ThreatIntelligenceIndicatorsListOptionalParams extends coreClie export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList; // @public -export type ThreatIntelligenceInformation = ResourceWithEtag & ThreatIntelligenceResourceKind & {}; +export type ThreatIntelligenceInformation = ResourceWithEtag & ThreatIntelligenceResourceKind & { + kind: "ThreatIntelligenceInformation" | "indicator"; +}; // @public export interface ThreatIntelligenceInformationList { @@ -4724,12 +4962,15 @@ export interface ThreatIntelligenceParsedPatternTypeValue { // @public export interface ThreatIntelligenceResourceKind { - kind: ThreatIntelligenceResourceKindEnum; + kind: "indicator" | "ThreatIntelligenceInformation" | "indicator"; } // @public export type ThreatIntelligenceResourceKindEnum = string; +// @public (undocumented) +export type ThreatIntelligenceResourceKindUnion = ThreatIntelligenceResourceKind | ThreatIntelligenceIndicatorModelForRequestBody | ThreatIntelligenceInformationUnion; + // @public export interface ThreatIntelligenceSortingCriteria { itemKey?: string; @@ -4871,6 +5112,9 @@ export interface UserInfo { objectId?: string; } +// @public +export type Version = string; + // @public export type Watchlist = ResourceWithEtag & { watchlistId?: string; @@ -5002,6 +5246,13 @@ export interface WatchlistsListOptionalParams extends coreClient.OperationOption // @public export type WatchlistsListResponse = WatchlistList; +// @public +export interface Webhook { + webhookId?: string; + webhookSecretUpdateTime?: string; + webhookUrl?: string; +} + // (No @packageDocumentation comment for this package) ``` diff --git a/sdk/securityinsight/arm-securityinsight/src/models/index.ts b/sdk/securityinsight/arm-securityinsight/src/models/index.ts index 592c467dbfea..136629c54240 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/index.ts @@ -10,17 +10,21 @@ import * as coreClient from "@azure/core-client"; export type AutomationRuleConditionUnion = | AutomationRuleCondition - | AutomationRulePropertyValuesCondition; + | PropertyConditionProperties; export type AutomationRuleActionUnion = | AutomationRuleAction - | AutomationRuleRunPlaybookAction - | AutomationRuleModifyPropertiesAction; + | AutomationRuleModifyPropertiesAction + | AutomationRuleRunPlaybookAction; export type EntityTimelineItemUnion = | EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | SecurityAlertTimelineItem; export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem; +export type ThreatIntelligenceResourceKindUnion = + | ThreatIntelligenceResourceKind + | ThreatIntelligenceIndicatorModelForRequestBody + | ThreatIntelligenceInformationUnion; export type DataConnectorsCheckRequirementsUnion = | DataConnectorsCheckRequirements | AADCheckRequirements @@ -35,6 +39,8 @@ export type DataConnectorsCheckRequirementsUnion = | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements + | Office365ProjectCheckRequirements + | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements; export type AlertRuleTemplateUnion = @@ -107,6 +113,8 @@ export type DataConnectorUnion = | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector + | Office365ProjectDataConnector + | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector @@ -214,26 +222,13 @@ export interface AlertRuleTemplatesList { value: AlertRuleTemplateUnion[]; } -/** List all the automation rules. */ -export interface AutomationRulesList { - /** - * URL to fetch the next set of automation rules. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of automation rules. */ - value: AutomationRule[]; -} - /** Describes automation rule triggering logic */ export interface AutomationRuleTriggeringLogic { - /** Determines whether the automation rule is enabled or disabled. */ + /** Determines whether the automation rule is enabled or disabled */ isEnabled: boolean; /** Determines when the automation rule should automatically expire and be disabled. */ expirationTimeUtc?: Date; - /** The type of object the automation rule triggers on */ triggersOn: TriggersOn; - /** The type of event the automation rule triggers on */ triggersWhen: TriggersWhen; /** The conditions to evaluate to determine if the automation rule should be triggered on a given object */ conditions?: AutomationRuleConditionUnion[]; @@ -248,8 +243,7 @@ export interface AutomationRuleCondition { /** Describes an automation rule action */ export interface AutomationRuleAction { /** Polymorphic discriminator, which specifies the different types this object can be */ - actionType: "RunPlaybook" | "ModifyProperties"; - /** The order of execution of the automation rule action */ + actionType: "ModifyProperties" | "RunPlaybook"; order: number; } @@ -265,10 +259,20 @@ export interface ClientInfo { userPrincipalName?: string; } +export interface AutomationRulesList { + value?: AutomationRule[]; + nextLink?: string; +} + +export interface ManualTriggerRequestBody { + tenantId?: string; + logicAppsResourceId?: string; +} + /** List all the bookmarks. */ export interface BookmarkList { /** - * URL to fetch the next set of cases. + * URL to fetch the next set of bookmarks. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; @@ -304,6 +308,22 @@ export interface IncidentInfo { relationName?: string; } +/** Describes the entity mappings of a single entity */ +export interface BookmarkEntityMappings { + /** The entity type */ + entityType?: string; + /** Array of fields mapping for that entity type */ + fieldMappings?: EntityFieldMapping[]; +} + +/** Map identifiers of a single entity */ +export interface EntityFieldMapping { + /** Alert V3 identifier */ + identifier?: string; + /** The value of the identifier */ + value?: string; +} + /** List of relations. */ export interface RelationList { /** @@ -485,17 +505,6 @@ export interface EnrichmentDomainWhoisContact { email?: string; } -/** List of all the entity queries. */ -export interface EntityQueryList { - /** - * URL to fetch the next set of entity queries. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of entity queries. */ - value: EntityQueryUnion[]; -} - /** List of all the entities. */ export interface EntityList { /** @@ -689,6 +698,28 @@ export interface InsightsTableResultColumnsItem { name?: string; } +/** List of all the entity queries. */ +export interface EntityQueryList { + /** + * URL to fetch the next set of entity queries. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of entity queries. */ + value: EntityQueryUnion[]; +} + +/** List of all the entity query templates. */ +export interface EntityQueryTemplateList { + /** + * URL to fetch the next set of entity query templates. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of entity query templates. */ + value: EntityQueryTemplateUnion[]; +} + /** List all the incidents. */ export interface IncidentList { /** @@ -722,11 +753,21 @@ export interface IncidentAdditionalData { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly alertProductNames?: string[]; + /** + * The provider incident url to the incident in Microsoft 365 Defender portal + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly providerIncidentUrl?: string; /** * The tactics associated with incident * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques associated with incident's tactics' + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; } /** Represents an incident label */ @@ -932,6 +973,17 @@ export interface MetadataCategories { verticals?: string[]; } +/** List of all the office365 consents. */ +export interface OfficeConsentList { + /** + * URL to fetch the next set of office consents. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of the consents. */ + value: OfficeConsent[]; +} + /** List of the Sentinel onboarding states */ export interface SentinelOnboardingStatesList { /** Array of Sentinel onboarding states */ @@ -998,133 +1050,62 @@ export interface ContentPathMap { path?: string; } -/** List all the watchlists. */ -export interface WatchlistList { - /** - * URL to fetch the next set of watchlists. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of watchlist. */ - value: Watchlist[]; -} - -/** List all the watchlist items. */ -export interface WatchlistItemList { - /** - * URL to fetch the next set of watchlist item. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of watchlist items. */ - value: WatchlistItem[]; -} - -/** List all the data connectors. */ -export interface DataConnectorList { - /** - * URL to fetch the next set of data connectors. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of data connectors. */ - value: DataConnectorUnion[]; -} - -/** Represents Codeless API Polling data connector. */ -export interface DataConnectorConnectBody { - /** The authentication kind used to poll the data */ - kind?: ConnectAuthKind; - /** The API key of the audit server. */ - apiKey?: string; - /** The client secret of the OAuth 2.0 application. */ - clientSecret?: string; - /** The client id of the OAuth 2.0 application. */ - clientId?: string; - /** The authorization code used in OAuth 2.0 code flow to issue a token. */ - authorizationCode?: string; - /** The user name in the audit log server. */ - userName?: string; - /** The user password in the audit log server. */ - password?: string; - requestConfigUserInputValues?: Record[]; +/** Resources created in user's repository for the source-control. */ +export interface RepositoryResourceInfo { + /** The webhook object created for the source-control. */ + webhook?: Webhook; + /** Resources created in GitHub for this source-control. */ + gitHubResourceInfo?: GitHubResourceInfo; + /** Resources created in Azure DevOps for this source-control. */ + azureDevOpsResourceInfo?: AzureDevOpsResourceInfo; } -/** Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). */ -export interface ErrorResponse { - /** The error object. */ - error?: ErrorDetail; +/** Detail about the webhook object. */ +export interface Webhook { + /** Unique identifier for the webhook. */ + webhookId?: string; + /** URL that gets invoked by the webhook. */ + webhookUrl?: string; + /** Time when the webhook secret was updated. */ + webhookSecretUpdateTime?: string; } -/** The error detail. */ -export interface ErrorDetail { - /** - * The error code. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly code?: string; - /** - * The error message. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly message?: string; - /** - * The error target. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly target?: string; - /** - * The error details. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly details?: ErrorDetail[]; - /** - * The error additional info. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalInfo?: ErrorAdditionalInfo[]; +/** Resources created in GitHub repository. */ +export interface GitHubResourceInfo { + /** GitHub application installation id. */ + appInstallationId?: string; } -/** The resource management error additional info. */ -export interface ErrorAdditionalInfo { - /** - * The additional info type. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly type?: string; - /** - * The additional info. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly info?: Record; +/** Resources created in Azure DevOps repository. */ +export interface AzureDevOpsResourceInfo { + /** Id of the pipeline created for the source-control. */ + pipelineId?: string; + /** Id of the service-connection created for the source-control. */ + serviceConnectionId?: string; } -/** Data connector requirements properties. */ -export interface DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: - | "AzureActiveDirectory" - | "AzureAdvancedThreatProtection" - | "AzureSecurityCenter" - | "AmazonWebServicesCloudTrail" - | "AmazonWebServicesS3" - | "Dynamics365" - | "MicrosoftCloudAppSecurity" - | "MicrosoftDefenderAdvancedThreatProtection" - | "MicrosoftThreatIntelligence" - | "MicrosoftThreatProtection" - | "OfficeATP" - | "OfficeIRM" - | "ThreatIntelligence" - | "ThreatIntelligenceTaxii"; +/** Information regarding a deployment. */ +export interface DeploymentInfo { + /** Status while fetching the last deployment. */ + deploymentFetchStatus?: DeploymentFetchStatus; + /** Deployment information. */ + deployment?: Deployment; + /** Additional details about the deployment that can be shown to the user. */ + message?: string; } -/** Data connector requirements status. */ -export interface DataConnectorRequirementsState { - /** Authorization state for this connector */ - authorizationState?: DataConnectorAuthorizationState; - /** License state for this connector */ - licenseState?: DataConnectorLicenseState; +/** Description about a deployment. */ +export interface Deployment { + /** Deployment identifier. */ + deploymentId?: string; + /** Current status of the deployment. */ + deploymentState?: DeploymentState; + /** The outcome of the deployment. */ + deploymentResult?: DeploymentResult; + /** The time when the deployment finished. */ + deploymentTime?: Date; + /** Url to access repository action logs. */ + deploymentLogsUrl?: string; } /** Describes threat kill chain phase entity */ @@ -1177,8 +1158,8 @@ export interface ThreatIntelligenceGranularMarkingModel { /** Describes an entity with kind. */ export interface ThreatIntelligenceResourceKind { - /** The kind of the entity. */ - kind: ThreatIntelligenceResourceKindEnum; + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "indicator" | "ThreatIntelligenceInformation" | "indicator"; } /** List of all the threat intelligence information objects. */ @@ -1268,6 +1249,88 @@ export interface ThreatIntelligenceAppendTags { threatIntelligenceTags?: string[]; } +/** List all the watchlists. */ +export interface WatchlistList { + /** + * URL to fetch the next set of watchlists. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of watchlist. */ + value: Watchlist[]; +} + +/** List all the watchlist items. */ +export interface WatchlistItemList { + /** + * URL to fetch the next set of watchlist item. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of watchlist items. */ + value: WatchlistItem[]; +} + +/** List all the data connectors. */ +export interface DataConnectorList { + /** + * URL to fetch the next set of data connectors. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly nextLink?: string; + /** Array of data connectors. */ + value: DataConnectorUnion[]; +} + +/** Represents Codeless API Polling data connector. */ +export interface DataConnectorConnectBody { + /** The authentication kind used to poll the data */ + kind?: ConnectAuthKind; + /** The API key of the audit server. */ + apiKey?: string; + /** The client secret of the OAuth 2.0 application. */ + clientSecret?: string; + /** The client id of the OAuth 2.0 application. */ + clientId?: string; + /** The authorization code used in OAuth 2.0 code flow to issue a token. */ + authorizationCode?: string; + /** The user name in the audit log server. */ + userName?: string; + /** The user password in the audit log server. */ + password?: string; + requestConfigUserInputValues?: Record[]; +} + +/** Data connector requirements properties. */ +export interface DataConnectorsCheckRequirements { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: + | "AzureActiveDirectory" + | "AzureAdvancedThreatProtection" + | "AzureSecurityCenter" + | "AmazonWebServicesCloudTrail" + | "AmazonWebServicesS3" + | "Dynamics365" + | "MicrosoftCloudAppSecurity" + | "MicrosoftDefenderAdvancedThreatProtection" + | "MicrosoftThreatIntelligence" + | "MicrosoftThreatProtection" + | "OfficeATP" + | "OfficeIRM" + | "Office365Project" + | "OfficePowerBI" + | "ThreatIntelligence" + | "ThreatIntelligenceTaxii"; +} + +/** Data connector requirements status. */ +export interface DataConnectorRequirementsState { + /** Authorization state for this connector */ + authorizationState?: DataConnectorAuthorizationState; + /** License state for this connector */ + licenseState?: DataConnectorLicenseState; +} + /** Lists the operations available in the SecurityInsights RP. */ export interface OperationsList { /** @@ -1303,28 +1366,6 @@ export interface OperationDisplay { resource?: string; } -/** List of all the office365 consents. */ -export interface OfficeConsentList { - /** - * URL to fetch the next set of office consents. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of the consents. */ - value: OfficeConsent[]; -} - -/** List of all the entity query templates. */ -export interface EntityQueryTemplateList { - /** - * URL to fetch the next set of entity query templates. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of entity query templates. */ - value: EntityQueryTemplateUnion[]; -} - /** alert rule template data sources */ export interface AlertRuleTemplateDataSource { /** The connector id that provides the following data types */ @@ -1363,8 +1404,6 @@ export interface QueryBasedAlertRuleTemplateProperties { query?: string; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ version?: string; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -1403,6 +1442,87 @@ export interface AlertDetailsOverride { alertSeverityColumnName?: string; } +/** Represents a supported source signal configuration in Fusion detection. */ +export interface FusionSourceSettings { + /** Determines whether this source signal is enabled or disabled in Fusion detection. */ + enabled: boolean; + /** Name of the Fusion source signal. Refer to Fusion alert rule template for supported values. */ + sourceName: string; + /** Configuration for all source subtypes under this source signal consumed in fusion detection. */ + sourceSubTypes?: FusionSourceSubTypeSetting[]; +} + +/** Represents a supported source subtype configuration under a source signal in Fusion detection. */ +export interface FusionSourceSubTypeSetting { + /** Determines whether this source subtype under source signal is enabled or disabled in Fusion detection. */ + enabled: boolean; + /** The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values. */ + sourceSubTypeName: string; + /** + * The display name of source subtype under a source signal consumed in Fusion detection. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sourceSubTypeDisplayName?: string; + /** Severity configuration for a source subtype consumed in fusion detection. */ + severityFilters: FusionSubTypeSeverityFilter; +} + +/** Represents severity configuration for a source subtype consumed in Fusion detection. */ +export interface FusionSubTypeSeverityFilter { + /** + * Determines whether this source subtype supports severity configuration or not. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly isSupported?: boolean; + /** Individual Severity configuration settings for a given source subtype consumed in Fusion detection. */ + filters?: FusionSubTypeSeverityFiltersItem[]; +} + +/** Represents a Severity filter setting for a given source subtype consumed in Fusion detection. */ +export interface FusionSubTypeSeverityFiltersItem { + /** The Severity for a given source subtype consumed in Fusion detection. */ + severity: AlertSeverity; + /** Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection. */ + enabled: boolean; +} + +/** Represents a Fusion scenario exclusion patterns in Fusion detection. */ +export interface FusionScenarioExclusionPattern { + /** Scenario exclusion pattern. */ + exclusionPattern: string; + /** DateTime when scenario exclusion pattern is added in UTC. */ + dateAddedInUTC: string; +} + +/** Represents a source signal consumed in Fusion detection. */ +export interface FusionTemplateSourceSetting { + /** The name of a source signal consumed in Fusion detection. */ + sourceName: string; + /** All supported source subtypes under this source signal consumed in fusion detection. */ + sourceSubTypes?: FusionTemplateSourceSubType[]; +} + +/** Represents a source subtype under a source signal consumed in Fusion detection. */ +export interface FusionTemplateSourceSubType { + /** The name of source subtype under a source signal consumed in Fusion detection. */ + sourceSubTypeName: string; + /** + * The display name of source subtype under a source signal consumed in Fusion detection. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly sourceSubTypeDisplayName?: string; + /** Severity configuration available for a source subtype consumed in fusion detection. */ + severityFilter: FusionTemplateSubTypeSeverityFilter; +} + +/** Represents severity configurations available for a source subtype consumed in Fusion detection. */ +export interface FusionTemplateSubTypeSeverityFilter { + /** Determines whether severity configuration is supported for this source subtype consumed in Fusion detection. */ + isSupported: boolean; + /** List of all supported severities for this source subtype consumed in Fusion detection. */ + severityFilters?: AlertSeverity[]; +} + /** MicrosoftSecurityIncidentCreation rule common property bag. */ export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { /** the alerts' displayNames on which the cases will be generated */ @@ -1425,6 +1545,10 @@ export interface QueryBasedAlertRuleProperties { description?: string; /** The query that creates alerts for this rule. */ query?: string; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The display name for alerts created by this alert rule. */ displayName: string; /** Determines whether this alert rule is enabled or disabled. */ @@ -1440,8 +1564,6 @@ export interface QueryBasedAlertRuleProperties { suppressionEnabled: boolean; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The settings of the incidents that created from alerts triggered by this analytics rule */ incidentConfiguration?: IncidentConfiguration; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -1498,48 +1620,6 @@ export interface EventGroupingSettings { aggregationKind?: EventGroupingAggregationKind; } -/** The configuration of the run playbook automation rule action */ -export interface AutomationRuleRunPlaybookActionConfiguration { - /** The resource id of the playbook resource */ - logicAppResourceId?: string; - /** The tenant id of the playbook resource */ - tenantId?: string; -} - -/** The configuration of the modify properties automation rule action */ -export interface AutomationRuleModifyPropertiesActionConfiguration { - /** The reason the incident was closed */ - classification?: IncidentClassification; - /** Describes the reason the incident was closed */ - classificationComment?: string; - /** The classification reason the incident was closed with */ - classificationReason?: IncidentClassificationReason; - /** List of labels to add to the incident */ - labels?: IncidentLabel[]; - /** Describes a user that the incident is assigned to */ - owner?: IncidentOwnerInfo; - /** The severity of the incident */ - severity?: IncidentSeverity; - /** The status of the incident */ - status?: IncidentStatus; -} - -/** The configuration of the automation rule condition */ -export interface AutomationRulePropertyValuesConditionProperties { - /** The property to evaluate */ - propertyName?: AutomationRulePropertyConditionSupportedProperty; - /** The operator to use for evaluation the condition */ - operator?: AutomationRulePropertyConditionSupportedOperator; - /** The values to use for evaluating the condition */ - propertyValues?: string[]; -} - -/** The Activity query definitions */ -export interface ActivityEntityQueriesPropertiesQueryDefinitions { - /** The Activity query to run on a given entity */ - query?: string; -} - /** An properties abstract Query item for entity */ export interface EntityQueryItemProperties { /** Data types for template */ @@ -1614,6 +1694,26 @@ export interface InsightQueryItemPropertiesReferenceTimeRange { beforeRange?: string; } +/** The Activity query definitions */ +export interface ActivityEntityQueriesPropertiesQueryDefinitions { + /** The Activity query to run on a given entity */ + query?: string; +} + +/** The Activity query definitions */ +export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { + /** The Activity query to run on a given entity */ + query?: string; + /** The dimensions we want to summarize the timeline results on, this is comma separated list */ + summarizeBy?: string; +} + +/** The data type definition */ +export interface DataTypeDefinitions { + /** The data type name */ + dataType?: string; +} + /** The pricing tier of the solution */ export interface Sku { /** The kind of the tier */ @@ -1678,6 +1778,18 @@ export interface Dynamics365DataConnectorDataTypes { dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities; } +/** The available data types for Office Microsoft Project data connector. */ +export interface Office365ProjectConnectorDataTypes { + /** Logs data type. */ + logs: Office365ProjectConnectorDataTypesLogs; +} + +/** The available data types for Office Microsoft PowerBI data connector. */ +export interface OfficePowerBIConnectorDataTypes { + /** Logs data type. */ + logs: OfficePowerBIConnectorDataTypesLogs; +} + /** The available data types for office data connector. */ export interface OfficeDataConnectorDataTypes { /** Exchange data type connection. */ @@ -1936,20 +2048,6 @@ export interface CodelessConnectorPollingResponseProperties { isGzipCompressed?: boolean; } -/** The Activity query definitions */ -export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { - /** The Activity query to run on a given entity */ - query?: string; - /** The dimensions we want to summarize the timeline results on, this is comma separated list */ - summarizeBy?: string; -} - -/** The data type definition */ -export interface DataTypeDefinitions { - /** The data type name */ - dataType?: string; -} - /** ThreatIntelligence property bag. */ export interface ThreatIntelligence { /** @@ -2041,6 +2139,12 @@ export type Entity = Resource & { kind: EntityKind; }; +/** Specific entity query template. */ +export type EntityQueryTemplate = Resource & { + /** the entity query template kind */ + kind: EntityQueryTemplateKind; +}; + /** Consent for Office365 tenant that already made. */ export type OfficeConsent = Resource & { /** The tenantId of the Office365 with the consent. */ @@ -2049,12 +2153,6 @@ export type OfficeConsent = Resource & { consentId?: string; }; -/** Specific entity query template. */ -export type EntityQueryTemplate = Resource & { - /** the entity query template kind */ - kind: EntityQueryTemplateKind; -}; - /** Action property bag. */ export type ActionResponseProperties = ActionPropertiesBase & { /** The name of the logic app's workflow. */ @@ -2068,27 +2166,43 @@ export type ActionRequestProperties = ActionPropertiesBase & { }; /** Describes an automation rule condition that evaluates a property's value */ -export type AutomationRulePropertyValuesCondition = AutomationRuleCondition & { +export type PropertyConditionProperties = AutomationRuleCondition & { /** Polymorphic discriminator, which specifies the different types this object can be */ conditionType: "Property"; - /** The configuration of the automation rule condition */ - conditionProperties: AutomationRulePropertyValuesConditionProperties; -}; - -/** Describes an automation rule action to run a playbook */ -export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { - /** Polymorphic discriminator, which specifies the different types this object can be */ - actionType: "RunPlaybook"; - /** The configuration of the run playbook automation rule action */ - actionConfiguration: AutomationRuleRunPlaybookActionConfiguration; + /** The property to evaluate in an automation rule property condition */ + propertyName?: AutomationRulePropertyConditionSupportedProperty; + operator?: AutomationRulePropertyConditionSupportedOperator; + propertyValues?: string[]; }; /** Describes an automation rule action to modify an object's properties */ export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { /** Polymorphic discriminator, which specifies the different types this object can be */ actionType: "ModifyProperties"; - /** The configuration of the modify properties automation rule action */ - actionConfiguration: AutomationRuleModifyPropertiesActionConfiguration; + /** The severity of the incident */ + severity?: IncidentSeverity; + /** The status of the incident */ + status?: IncidentStatus; + /** The reason the incident was closed */ + classification?: IncidentClassification; + /** The classification reason the incident was closed with */ + classificationReason?: IncidentClassificationReason; + /** Describes the reason the incident was closed */ + classificationComment?: string; + /** Information on the user an incident is assigned to */ + owner?: IncidentOwnerInfo; + /** List of labels to add to the incident */ + labels?: IncidentLabel[]; +}; + +/** Describes an automation rule action to run a playbook */ +export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + actionType: "RunPlaybook"; + /** The resource id of the playbook resource */ + logicAppResourceId?: string; + /** The tenant id of the playbook resource */ + tenantId?: string; }; /** Represents Activity timeline item. */ @@ -3088,6 +3202,87 @@ export type UrlEntityProperties = EntityCommonProperties & { readonly url?: string; }; +/** Threat intelligence indicator entity used in request body. */ +export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "indicator"; + /** Etag of the azure resource */ + etag?: string; + /** + * A bag of custom fields that should be part of the entity and will be presented to the user. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly additionalData?: { [propertyName: string]: Record }; + /** + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly friendlyName?: string; + /** List of tags */ + threatIntelligenceTags?: string[]; + /** Last updated time in UTC */ + lastUpdatedTimeUtc?: string; + /** Source of a threat intelligence entity */ + source?: string; + /** Display name of a threat intelligence entity */ + displayName?: string; + /** Description of a threat intelligence entity */ + description?: string; + /** Indicator types of threat intelligence entities */ + indicatorTypes?: string[]; + /** Pattern of a threat intelligence entity */ + pattern?: string; + /** Pattern type of a threat intelligence entity */ + patternType?: string; + /** Pattern version of a threat intelligence entity */ + patternVersion?: string; + /** Kill chain phases */ + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + /** Parsed patterns */ + parsedPattern?: ThreatIntelligenceParsedPattern[]; + /** External ID of threat intelligence entity */ + externalId?: string; + /** Created by reference of threat intelligence entity */ + createdByRef?: string; + /** Is threat intelligence entity defanged */ + defanged?: boolean; + /** External last updated time in UTC */ + externalLastUpdatedTimeUtc?: string; + /** External References */ + externalReferences?: ThreatIntelligenceExternalReference[]; + /** Granular Markings */ + granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; + /** Labels of threat intelligence entity */ + labels?: string[]; + /** Is threat intelligence entity revoked */ + revoked?: boolean; + /** Confidence of threat intelligence entity */ + confidence?: number; + /** Threat intelligence entity object marking references */ + objectMarkingRefs?: string[]; + /** Language of threat intelligence entity */ + language?: string; + /** Threat types */ + threatTypes?: string[]; + /** Valid from */ + validFrom?: string; + /** Valid until */ + validUntil?: string; + /** Created by */ + created?: string; + /** Modified by */ + modified?: string; + /** Extensions map */ + extensions?: { [propertyName: string]: any }; +}; + +/** Threat intelligence information object. */ +export type ThreatIntelligenceInformation = ResourceWithEtag & + ThreatIntelligenceResourceKind & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "ThreatIntelligenceInformation" | "indicator"; + }; + /** Represents AAD (Azure Active Directory) requirements check request. */ export type AADCheckRequirements = DataConnectorsCheckRequirements & { /** Polymorphic discriminator, which specifies the different types this object can be */ @@ -3180,6 +3375,22 @@ export type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & { tenantId?: string; }; +/** Represents Office365 Project requirements check request. */ +export type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "Office365Project"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + +/** Represents Office PowerBI requirements check request. */ +export type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "OfficePowerBI"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +}; + /** Threat Intelligence Platforms data connector check requirements */ export type TICheckRequirements = DataConnectorsCheckRequirements & { /** Polymorphic discriminator, which specifies the different types this object can be */ @@ -3196,104 +3407,12 @@ export type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & { tenantId?: string; }; -/** Threat intelligence indicator entity used in request body. */ -export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & { - /** Etag of the azure resource */ - etag?: string; - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** List of tags */ - threatIntelligenceTags?: string[]; - /** Last updated time in UTC */ - lastUpdatedTimeUtc?: string; - /** Source of a threat intelligence entity */ - source?: string; - /** Display name of a threat intelligence entity */ - displayName?: string; - /** Description of a threat intelligence entity */ - description?: string; - /** Indicator types of threat intelligence entities */ - indicatorTypes?: string[]; - /** Pattern of a threat intelligence entity */ - pattern?: string; - /** Pattern type of a threat intelligence entity */ - patternType?: string; - /** Pattern version of a threat intelligence entity */ - patternVersion?: string; - /** Kill chain phases */ - killChainPhases?: ThreatIntelligenceKillChainPhase[]; - /** Parsed patterns */ - parsedPattern?: ThreatIntelligenceParsedPattern[]; - /** External ID of threat intelligence entity */ - externalId?: string; - /** Created by reference of threat intelligence entity */ - createdByRef?: string; - /** Is threat intelligence entity defanged */ - defanged?: boolean; - /** External last updated time in UTC */ - externalLastUpdatedTimeUtc?: string; - /** External References */ - externalReferences?: ThreatIntelligenceExternalReference[]; - /** Granular Markings */ - granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - /** Labels of threat intelligence entity */ - labels?: string[]; - /** Is threat intelligence entity revoked */ - revoked?: boolean; - /** Confidence of threat intelligence entity */ - confidence?: number; - /** Threat intelligence entity object marking references */ - objectMarkingRefs?: string[]; - /** Language of threat intelligence entity */ - language?: string; - /** Threat types */ - threatTypes?: string[]; - /** Valid from */ - validFrom?: string; - /** Valid until */ - validUntil?: string; - /** Created by */ - created?: string; - /** Modified by */ - modified?: string; - /** Extensions map */ - extensions?: { [propertyName: string]: any }; -}; - -/** Threat intelligence information object. */ -export type ThreatIntelligenceInformation = ResourceWithEtag & - ThreatIntelligenceResourceKind & {}; - -/** MLBehaviorAnalytics alert rule template properties. */ -export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template. */ - tactics?: AttackTactic[]; -}; - -/** Fusion alert rule template properties */ -export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; -}; - -/** Threat Intelligence alert rule template properties */ -export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; - /** The tactics of the alert rule template */ +/** Alert rule template with MITRE property bag. */ +export type AlertRuleTemplateWithMitreProperties = AlertRuleTemplatePropertiesBase & { + /** The tactics of the alert rule */ tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; }; /** MicrosoftSecurityIncidentCreation rule template properties */ @@ -3301,12 +3420,12 @@ export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = Alert MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {}; /** Scheduled alert rule template properties */ -export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & +export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & ScheduledAlertRuleCommonProperties & {}; /** NRT alert rule template properties */ -export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & +export type NrtAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & {}; /** MicrosoftSecurityIncidentCreation rule property bag. */ @@ -3380,6 +3499,12 @@ export type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {}; /** OfficeIRM (Microsoft Insider Risk Management) requirements check properties. */ export type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {}; +/** Office365 Project requirements check properties. */ +export type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {}; + +/** Office PowerBI requirements check properties. */ +export type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {}; + /** Threat Intelligence Platforms data connector required properties. */ export type TICheckRequirementsProperties = DataConnectorTenantId & {}; @@ -3422,6 +3547,18 @@ export type Dynamics365DataConnectorProperties = DataConnectorTenantId & { export type OfficeATPDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; +/** Office Microsoft Project data connector properties. */ +export type Office365ProjectDataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: Office365ProjectConnectorDataTypes; +}; + +/** Office Microsoft PowerBI data connector properties. */ +export type OfficePowerBIDataConnectorProperties = DataConnectorTenantId & { + /** The available data types for the connector. */ + dataTypes: OfficePowerBIConnectorDataTypes; +}; + /** OfficeIRM (Microsoft Insider Risk Management) data connector properties. */ export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {}; @@ -3502,6 +3639,12 @@ export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; /** Common Data Service data type connection. */ export type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {}; +/** Logs data type. */ +export type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + +/** Logs data type. */ +export type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; + /** Exchange data type connection. */ export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; @@ -3556,36 +3699,35 @@ export type ActionRequest = ResourceWithEtag & { triggerUri?: string; }; -/** Represents an automation rule. */ export type AutomationRule = ResourceWithEtag & { - /** The display name of the automation rule */ - displayName?: string; + /** The display name of the automation rule */ + displayName: string; /** The order of execution of the automation rule */ - order?: number; - /** The triggering logic of the automation rule */ - triggeringLogic?: AutomationRuleTriggeringLogic; + order: number; + /** Describes automation rule triggering logic */ + triggeringLogic: AutomationRuleTriggeringLogic; /** The actions to execute when the automation rule is triggered */ - actions?: AutomationRuleActionUnion[]; - /** - * The time the automation rule was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdTimeUtc?: Date; + actions: AutomationRuleActionUnion[]; /** * The last time the automation rule was updated * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedTimeUtc?: Date; /** - * Describes the client that created the automation rule + * The time the automation rule was created * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly createdBy?: ClientInfo; + readonly createdTimeUtc?: Date; /** - * Describes the client that last updated the automation rule + * Information on the client (user or application) that made some action * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedBy?: ClientInfo; + /** + * Information on the client (user or application) that made some action + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdBy?: ClientInfo; }; /** Represents a bookmark in Azure Security Insights. */ @@ -3616,6 +3758,12 @@ export type Bookmark = ResourceWithEtag & { queryEndTime?: Date; /** Describes an incident that relates to bookmark */ incidentInfo?: IncidentInfo; + /** Describes the entity mappings of the bookmark */ + entityMappings?: BookmarkEntityMappings[]; + /** A list of relevant mitre attacks */ + tactics?: AttackTactic[]; + /** A list of relevant mitre techniques */ + techniques?: string[]; }; /** Represents a relation between two resources */ @@ -3806,6 +3954,8 @@ export type Settings = ResourceWithEtag & { export type SourceControl = ResourceWithEtag & { /** The id (a Guid) of the source control */ idPropertiesId?: string; + /** The version number associated with the source control */ + version?: Version; /** The display name of the source control */ displayName?: string; /** A description of the source control */ @@ -3816,6 +3966,10 @@ export type SourceControl = ResourceWithEtag & { contentTypes?: ContentType[]; /** Repository metadata. */ repository?: Repository; + /** Information regarding the resources created in user's repository. */ + repositoryResourceInfo?: RepositoryResourceInfo; + /** Information regarding the latest deployment for the source control. */ + lastDeploymentInfo?: DeploymentInfo; }; /** Represents a Watchlist in Azure Security Insights. */ @@ -3916,10 +4070,12 @@ export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule template. */ - tactics?: AttackTactic[]; }; /** Represents Fusion alert rule template. */ @@ -3944,10 +4100,14 @@ export type FusionAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; + /** All supported source signal configurations consumed in fusion detection. */ + sourceSettings?: FusionTemplateSourceSetting[]; }; /** Represents Threat Intelligence alert rule template. */ @@ -3972,10 +4132,12 @@ export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule template */ - tactics?: AttackTactic[]; }; /** Represents MicrosoftSecurityIncidentCreation rule template. */ @@ -4032,12 +4194,14 @@ export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The query that creates alerts for this rule. */ query?: string; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ version?: string; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -4080,12 +4244,14 @@ export type NrtAlertRuleTemplate = AlertRuleTemplate & { requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The query that creates alerts for this rule. */ query?: string; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ version?: string; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -5191,6 +5357,8 @@ export type ActivityEntityQueryTemplate = EntityQueryTemplate & { /** Threat intelligence indicator entity. */ export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "indicator"; /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5259,6 +5427,26 @@ export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { extensions?: { [propertyName: string]: any }; }; +/** MLBehaviorAnalytics alert rule template properties. */ +export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { + /** The severity for alerts created by this alert rule. */ + severity: AlertSeverity; +}; + +/** Fusion alert rule template properties */ +export type FusionAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { + /** The severity for alerts created by this alert rule. */ + severity: AlertSeverity; + /** All supported source signal configurations consumed in fusion detection. */ + sourceSettings: FusionTemplateSourceSetting[]; +}; + +/** Threat Intelligence alert rule template properties */ +export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & { + /** The severity for alerts created by this alert rule. */ + severity: AlertSeverity; +}; + export type PermissionsCustomsItem = Customs & {}; /** Represents MLBehaviorAnalytics alert rule. */ @@ -5292,6 +5480,11 @@ export type MLBehaviorAnalyticsAlertRule = AlertRule & { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; }; /** Represents Fusion alert rule. */ @@ -5310,6 +5503,10 @@ export type FusionAlertRule = AlertRule & { readonly displayName?: string; /** Determines whether this alert rule is enabled or disabled. */ enabled?: boolean; + /** Configuration for all supported source signals in fusion detection. */ + sourceSettings?: FusionSourceSettings[]; + /** Configuration to exclude scenarios in fusion detection. */ + scenarioExclusionPatterns?: FusionScenarioExclusionPattern[]; /** * The last time that this alert has been modified. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5325,6 +5522,11 @@ export type FusionAlertRule = AlertRule & { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; }; /** Represents Threat Intelligence alert rule. */ @@ -5358,6 +5560,11 @@ export type ThreatIntelligenceAlertRule = AlertRule & { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; + /** + * The techniques of the alert rule + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly techniques?: string[]; }; /** Represents MicrosoftSecurityIncidentCreation rule. */ @@ -5405,6 +5612,10 @@ export type ScheduledAlertRule = AlertRule & { description?: string; /** The query that creates alerts for this rule. */ query?: string; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The display name for alerts created by this alert rule. */ displayName?: string; /** Determines whether this alert rule is enabled or disabled. */ @@ -5420,8 +5631,6 @@ export type ScheduledAlertRule = AlertRule & { suppressionEnabled?: boolean; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The settings of the incidents that created from alerts triggered by this analytics rule */ incidentConfiguration?: IncidentConfiguration; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -5442,6 +5651,10 @@ export type NrtAlertRule = AlertRule & { description?: string; /** The query that creates alerts for this rule. */ query?: string; + /** The tactics of the alert rule */ + tactics?: AttackTactic[]; + /** The techniques of the alert rule */ + techniques?: string[]; /** The display name for alerts created by this alert rule. */ displayName?: string; /** Determines whether this alert rule is enabled or disabled. */ @@ -5457,8 +5670,6 @@ export type NrtAlertRule = AlertRule & { suppressionEnabled?: boolean; /** The severity for alerts created by this alert rule. */ severity?: AlertSeverity; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; /** The settings of the incidents that created from alerts triggered by this analytics rule */ incidentConfiguration?: IncidentConfiguration; /** Dictionary of string key-value pairs of columns to be attached to the alert */ @@ -5666,6 +5877,22 @@ export type OfficeATPDataConnector = DataConnector & { dataTypes?: AlertsDataTypeOfDataConnector; }; +/** Represents Office Microsoft Project data connector. */ +export type Office365ProjectDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: Office365ProjectConnectorDataTypes; +}; + +/** Represents Office Microsoft PowerBI data connector. */ +export type OfficePowerBIDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: OfficePowerBIConnectorDataTypes; +}; + /** Represents OfficeIRM (Microsoft Insider Risk Management) data connector. */ export type OfficeIRMDataConnector = DataConnector & { /** The tenant id to connect to, and get the data from. */ @@ -5812,23 +6039,23 @@ export enum KnownTriggersWhen { */ export type TriggersWhen = string; -/** Known values of {@link AutomationRuleConditionType} that the service accepts. */ -export enum KnownAutomationRuleConditionType { +/** Known values of {@link ConditionType} that the service accepts. */ +export enum KnownConditionType { /** Evaluate an object property value */ Property = "Property" } /** - * Defines values for AutomationRuleConditionType. \ - * {@link KnownAutomationRuleConditionType} can be used interchangeably with AutomationRuleConditionType, + * Defines values for ConditionType. \ + * {@link KnownConditionType} can be used interchangeably with ConditionType, * this enum contains the known values that the service supports. * ### Known values supported by the service * **Property**: Evaluate an object property value */ -export type AutomationRuleConditionType = string; +export type ConditionType = string; -/** Known values of {@link AutomationRuleActionType} that the service accepts. */ -export enum KnownAutomationRuleActionType { +/** Known values of {@link ActionType} that the service accepts. */ +export enum KnownActionType { /** Modify an object's properties */ ModifyProperties = "ModifyProperties", /** Run a playbook on an object */ @@ -5836,14 +6063,14 @@ export enum KnownAutomationRuleActionType { } /** - * Defines values for AutomationRuleActionType. \ - * {@link KnownAutomationRuleActionType} can be used interchangeably with AutomationRuleActionType, + * Defines values for ActionType. \ + * {@link KnownActionType} can be used interchangeably with ActionType, * this enum contains the known values that the service supports. * ### Known values supported by the service * **ModifyProperties**: Modify an object's properties \ * **RunPlaybook**: Run a playbook on an object */ -export type AutomationRuleActionType = string; +export type ActionType = string; /** Known values of {@link IncidentSeverity} that the service accepts. */ export enum KnownIncidentSeverity { @@ -5869,6 +6096,52 @@ export enum KnownIncidentSeverity { */ export type IncidentSeverity = string; +/** Known values of {@link AttackTactic} that the service accepts. */ +export enum KnownAttackTactic { + Reconnaissance = "Reconnaissance", + ResourceDevelopment = "ResourceDevelopment", + InitialAccess = "InitialAccess", + Execution = "Execution", + Persistence = "Persistence", + PrivilegeEscalation = "PrivilegeEscalation", + DefenseEvasion = "DefenseEvasion", + CredentialAccess = "CredentialAccess", + Discovery = "Discovery", + LateralMovement = "LateralMovement", + Collection = "Collection", + Exfiltration = "Exfiltration", + CommandAndControl = "CommandAndControl", + Impact = "Impact", + PreAttack = "PreAttack", + ImpairProcessControl = "ImpairProcessControl", + InhibitResponseFunction = "InhibitResponseFunction" +} + +/** + * Defines values for AttackTactic. \ + * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Reconnaissance** \ + * **ResourceDevelopment** \ + * **InitialAccess** \ + * **Execution** \ + * **Persistence** \ + * **PrivilegeEscalation** \ + * **DefenseEvasion** \ + * **CredentialAccess** \ + * **Discovery** \ + * **LateralMovement** \ + * **Collection** \ + * **Exfiltration** \ + * **CommandAndControl** \ + * **Impact** \ + * **PreAttack** \ + * **ImpairProcessControl** \ + * **InhibitResponseFunction** + */ +export type AttackTactic = string; + /** Known values of {@link EntityKind} that the service accepts. */ export enum KnownEntityKind { /** Entity represents account in the system. */ @@ -5944,21 +6217,41 @@ export enum KnownEntityKind { */ export type EntityKind = string; -/** Known values of {@link Enum8} that the service accepts. */ -export enum KnownEnum8 { - Expansion = "Expansion", - Activity = "Activity" +/** Known values of {@link EntityTimelineKind} that the service accepts. */ +export enum KnownEntityTimelineKind { + /** activity */ + Activity = "Activity", + /** bookmarks */ + Bookmark = "Bookmark", + /** security alerts */ + SecurityAlert = "SecurityAlert" } /** - * Defines values for Enum8. \ - * {@link KnownEnum8} can be used interchangeably with Enum8, + * Defines values for EntityTimelineKind. \ + * {@link KnownEntityTimelineKind} can be used interchangeably with EntityTimelineKind, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Expansion** \ - * **Activity** + * **Activity**: activity \ + * **Bookmark**: bookmarks \ + * **SecurityAlert**: security alerts + */ +export type EntityTimelineKind = string; + +/** Known values of {@link EntityItemQueryKind} that the service accepts. */ +export enum KnownEntityItemQueryKind { + /** insight */ + Insight = "Insight" +} + +/** + * Defines values for EntityItemQueryKind. \ + * {@link KnownEntityItemQueryKind} can be used interchangeably with EntityItemQueryKind, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Insight**: insight */ -export type Enum8 = string; +export type EntityItemQueryKind = string; /** Known values of {@link EntityQueryKind} that the service accepts. */ export enum KnownEntityQueryKind { @@ -5978,93 +6271,49 @@ export enum KnownEntityQueryKind { */ export type EntityQueryKind = string; -/** Known values of {@link CustomEntityQueryKind} that the service accepts. */ -export enum KnownCustomEntityQueryKind { +/** Known values of {@link Enum12} that the service accepts. */ +export enum KnownEnum12 { + Expansion = "Expansion", Activity = "Activity" } /** - * Defines values for CustomEntityQueryKind. \ - * {@link KnownCustomEntityQueryKind} can be used interchangeably with CustomEntityQueryKind, + * Defines values for Enum12. \ + * {@link KnownEnum12} can be used interchangeably with Enum12, * this enum contains the known values that the service supports. * ### Known values supported by the service + * **Expansion** \ * **Activity** */ -export type CustomEntityQueryKind = string; +export type Enum12 = string; -/** Known values of {@link EntityTimelineKind} that the service accepts. */ -export enum KnownEntityTimelineKind { - /** activity */ - Activity = "Activity", - /** bookmarks */ - Bookmark = "Bookmark", - /** security alerts */ - SecurityAlert = "SecurityAlert" -} - -/** - * Defines values for EntityTimelineKind. \ - * {@link KnownEntityTimelineKind} can be used interchangeably with EntityTimelineKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Activity**: activity \ - * **Bookmark**: bookmarks \ - * **SecurityAlert**: security alerts - */ -export type EntityTimelineKind = string; - -/** Known values of {@link EntityItemQueryKind} that the service accepts. */ -export enum KnownEntityItemQueryKind { - /** insight */ - Insight = "Insight" +/** Known values of {@link CustomEntityQueryKind} that the service accepts. */ +export enum KnownCustomEntityQueryKind { + Activity = "Activity" } /** - * Defines values for EntityItemQueryKind. \ - * {@link KnownEntityItemQueryKind} can be used interchangeably with EntityItemQueryKind, + * Defines values for CustomEntityQueryKind. \ + * {@link KnownCustomEntityQueryKind} can be used interchangeably with CustomEntityQueryKind, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Insight**: insight + * **Activity** */ -export type EntityItemQueryKind = string; +export type CustomEntityQueryKind = string; -/** Known values of {@link AttackTactic} that the service accepts. */ -export enum KnownAttackTactic { - InitialAccess = "InitialAccess", - Execution = "Execution", - Persistence = "Persistence", - PrivilegeEscalation = "PrivilegeEscalation", - DefenseEvasion = "DefenseEvasion", - CredentialAccess = "CredentialAccess", - Discovery = "Discovery", - LateralMovement = "LateralMovement", - Collection = "Collection", - Exfiltration = "Exfiltration", - CommandAndControl = "CommandAndControl", - Impact = "Impact", - PreAttack = "PreAttack" +/** Known values of {@link EntityQueryTemplateKind} that the service accepts. */ +export enum KnownEntityQueryTemplateKind { + Activity = "Activity" } /** - * Defines values for AttackTactic. \ - * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, + * Defines values for EntityQueryTemplateKind. \ + * {@link KnownEntityQueryTemplateKind} can be used interchangeably with EntityQueryTemplateKind, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **InitialAccess** \ - * **Execution** \ - * **Persistence** \ - * **PrivilegeEscalation** \ - * **DefenseEvasion** \ - * **CredentialAccess** \ - * **Discovery** \ - * **LateralMovement** \ - * **Collection** \ - * **Exfiltration** \ - * **CommandAndControl** \ - * **Impact** \ - * **PreAttack** + * **Activity** */ -export type AttackTactic = string; +export type EntityQueryTemplateKind = string; /** Known values of {@link IncidentClassification} that the service accepts. */ export enum KnownIncidentClassification { @@ -6454,6 +6703,22 @@ export enum KnownRepoType { */ export type RepoType = string; +/** Known values of {@link Version} that the service accepts. */ +export enum KnownVersion { + V1 = "V1", + V2 = "V2" +} + +/** + * Defines values for Version. \ + * {@link KnownVersion} can be used interchangeably with Version, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **V1** \ + * **V2** + */ +export type Version = string; + /** Known values of {@link ContentType} that the service accepts. */ export enum KnownContentType { AnalyticRule = "AnalyticRule", @@ -6470,6 +6735,95 @@ export enum KnownContentType { */ export type ContentType = string; +/** Known values of {@link DeploymentFetchStatus} that the service accepts. */ +export enum KnownDeploymentFetchStatus { + Success = "Success", + Unauthorized = "Unauthorized", + NotFound = "NotFound" +} + +/** + * Defines values for DeploymentFetchStatus. \ + * {@link KnownDeploymentFetchStatus} can be used interchangeably with DeploymentFetchStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Success** \ + * **Unauthorized** \ + * **NotFound** + */ +export type DeploymentFetchStatus = string; + +/** Known values of {@link DeploymentState} that the service accepts. */ +export enum KnownDeploymentState { + InProgress = "In_Progress", + Completed = "Completed", + Queued = "Queued", + Canceling = "Canceling" +} + +/** + * Defines values for DeploymentState. \ + * {@link KnownDeploymentState} can be used interchangeably with DeploymentState, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **In_Progress** \ + * **Completed** \ + * **Queued** \ + * **Canceling** + */ +export type DeploymentState = string; + +/** Known values of {@link DeploymentResult} that the service accepts. */ +export enum KnownDeploymentResult { + Success = "Success", + Canceled = "Canceled", + Failed = "Failed" +} + +/** + * Defines values for DeploymentResult. \ + * {@link KnownDeploymentResult} can be used interchangeably with DeploymentResult, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Success** \ + * **Canceled** \ + * **Failed** + */ +export type DeploymentResult = string; + +/** Known values of {@link ThreatIntelligenceResourceKindEnum} that the service accepts. */ +export enum KnownThreatIntelligenceResourceKindEnum { + /** Entity represents threat intelligence indicator in the system. */ + Indicator = "indicator" +} + +/** + * Defines values for ThreatIntelligenceResourceKindEnum. \ + * {@link KnownThreatIntelligenceResourceKindEnum} can be used interchangeably with ThreatIntelligenceResourceKindEnum, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **indicator**: Entity represents threat intelligence indicator in the system. + */ +export type ThreatIntelligenceResourceKindEnum = string; + +/** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */ +export enum KnownThreatIntelligenceSortingCriteriaEnum { + Unsorted = "unsorted", + Ascending = "ascending", + Descending = "descending" +} + +/** + * Defines values for ThreatIntelligenceSortingCriteriaEnum. \ + * {@link KnownThreatIntelligenceSortingCriteriaEnum} can be used interchangeably with ThreatIntelligenceSortingCriteriaEnum, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **unsorted** \ + * **ascending** \ + * **descending** + */ +export type ThreatIntelligenceSortingCriteriaEnum = string; + /** Known values of {@link Source} that the service accepts. */ export enum KnownSource { LocalFile = "Local file", @@ -6496,6 +6850,8 @@ export enum KnownDataConnectorKind { Office365 = "Office365", OfficeATP = "OfficeATP", OfficeIRM = "OfficeIRM", + Office365Project = "Office365Project", + OfficePowerBI = "OfficePowerBI", AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", AmazonWebServicesS3 = "AmazonWebServicesS3", AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", @@ -6520,6 +6876,8 @@ export enum KnownDataConnectorKind { * **Office365** \ * **OfficeATP** \ * **OfficeIRM** \ + * **Office365Project** \ + * **OfficePowerBI** \ * **AmazonWebServicesCloudTrail** \ * **AmazonWebServicesS3** \ * **AzureAdvancedThreatProtection** \ @@ -6584,53 +6942,6 @@ export enum KnownDataConnectorLicenseState { */ export type DataConnectorLicenseState = string; -/** Known values of {@link ThreatIntelligenceResourceKindEnum} that the service accepts. */ -export enum KnownThreatIntelligenceResourceKindEnum { - /** Entity represents threat intelligence indicator in the system. */ - Indicator = "indicator" -} - -/** - * Defines values for ThreatIntelligenceResourceKindEnum. \ - * {@link KnownThreatIntelligenceResourceKindEnum} can be used interchangeably with ThreatIntelligenceResourceKindEnum, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **indicator**: Entity represents threat intelligence indicator in the system. - */ -export type ThreatIntelligenceResourceKindEnum = string; - -/** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */ -export enum KnownThreatIntelligenceSortingCriteriaEnum { - Unsorted = "unsorted", - Ascending = "ascending", - Descending = "descending" -} - -/** - * Defines values for ThreatIntelligenceSortingCriteriaEnum. \ - * {@link KnownThreatIntelligenceSortingCriteriaEnum} can be used interchangeably with ThreatIntelligenceSortingCriteriaEnum, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **unsorted** \ - * **ascending** \ - * **descending** - */ -export type ThreatIntelligenceSortingCriteriaEnum = string; - -/** Known values of {@link EntityQueryTemplateKind} that the service accepts. */ -export enum KnownEntityQueryTemplateKind { - Activity = "Activity" -} - -/** - * Defines values for EntityQueryTemplateKind. \ - * {@link KnownEntityQueryTemplateKind} can be used interchangeably with EntityQueryTemplateKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Activity** - */ -export type EntityQueryTemplateKind = string; - /** Known values of {@link TemplateStatus} that the service accepts. */ export enum KnownTemplateStatus { /** Alert rule template installed. and can not use more then once */ @@ -6809,15 +7120,17 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { IncidentSeverity = "IncidentSeverity", /** The status of the incident */ IncidentStatus = "IncidentStatus", - /** The tactics of the incident */ - IncidentTactics = "IncidentTactics", /** The related Analytic rule ids of the incident */ IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", + /** The tactics of the incident */ + IncidentTactics = "IncidentTactics", + /** The labels of the incident */ + IncidentLabel = "IncidentLabel", /** The provider name of the incident */ IncidentProviderName = "IncidentProviderName", /** The account Azure Active Directory tenant id */ AccountAadTenantId = "AccountAadTenantId", - /** The account Azure Active Directory user id. */ + /** The account Azure Active Directory user id */ AccountAadUserId = "AccountAadUserId", /** The account name */ AccountName = "AccountName", @@ -6831,6 +7144,8 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { AccountObjectGuid = "AccountObjectGuid", /** The account user principal name suffix */ AccountUPNSuffix = "AccountUPNSuffix", + /** The name of the product of the alert */ + AlertProductNames = "AlertProductNames", /** The Azure resource id */ AzureResourceResourceId = "AzureResourceResourceId", /** The Azure resource subscription id */ @@ -6857,7 +7172,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { HostNTDomain = "HostNTDomain", /** The host operating system */ HostOSVersion = "HostOSVersion", - /** The IoT device id */ + /** "The IoT device id */ IoTDeviceId = "IoTDeviceId", /** The IoT device name */ IoTDeviceName = "IoTDeviceName", @@ -6916,17 +7231,19 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { * **IncidentDescription**: The description of the incident \ * **IncidentSeverity**: The severity of the incident \ * **IncidentStatus**: The status of the incident \ - * **IncidentTactics**: The tactics of the incident \ * **IncidentRelatedAnalyticRuleIds**: The related Analytic rule ids of the incident \ + * **IncidentTactics**: The tactics of the incident \ + * **IncidentLabel**: The labels of the incident \ * **IncidentProviderName**: The provider name of the incident \ * **AccountAadTenantId**: The account Azure Active Directory tenant id \ - * **AccountAadUserId**: The account Azure Active Directory user id. \ + * **AccountAadUserId**: The account Azure Active Directory user id \ * **AccountName**: The account name \ * **AccountNTDomain**: The account NetBIOS domain name \ * **AccountPUID**: The account Azure Active Directory Passport User ID \ * **AccountSid**: The account security identifier \ * **AccountObjectGuid**: The account unique identifier \ * **AccountUPNSuffix**: The account user principal name suffix \ + * **AlertProductNames**: The name of the product of the alert \ * **AzureResourceResourceId**: The Azure resource id \ * **AzureResourceSubscriptionId**: The Azure resource subscription id \ * **CloudApplicationAppId**: The cloud application identifier \ @@ -6940,7 +7257,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { * **HostNetBiosName**: The host NetBIOS name \ * **HostNTDomain**: The host NT domain \ * **HostOSVersion**: The host operating system \ - * **IoTDeviceId**: The IoT device id \ + * **IoTDeviceId**: "The IoT device id \ * **IoTDeviceName**: The IoT device name \ * **IoTDeviceType**: The IoT device type \ * **IoTDeviceVendor**: The IoT device vendor \ @@ -7482,13 +7799,6 @@ export interface AlertRuleTemplatesListNextOptionalParams /** Contains response data for the listNext operation. */ export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList; -/** Optional parameters. */ -export interface AutomationRulesListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type AutomationRulesListResponse = AutomationRulesList; - /** Optional parameters. */ export interface AutomationRulesGetOptionalParams extends coreClient.OperationOptions {} @@ -7498,7 +7808,10 @@ export type AutomationRulesGetResponse = AutomationRule; /** Optional parameters. */ export interface AutomationRulesCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} + extends coreClient.OperationOptions { + /** The automation rule */ + automationRuleToUpsert?: AutomationRule; +} /** Contains response data for the createOrUpdate operation. */ export type AutomationRulesCreateOrUpdateResponse = AutomationRule; @@ -7507,6 +7820,28 @@ export type AutomationRulesCreateOrUpdateResponse = AutomationRule; export interface AutomationRulesDeleteOptionalParams extends coreClient.OperationOptions {} +/** Contains response data for the delete operation. */ +export type AutomationRulesDeleteResponse = Record; + +/** Optional parameters. */ +export interface AutomationRulesListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type AutomationRulesListResponse = AutomationRulesList; + +/** Optional parameters. */ +export interface AutomationRulesManualTriggerPlaybookOptionalParams + extends coreClient.OperationOptions { + requestBody?: ManualTriggerRequestBody; +} + +/** Contains response data for the manualTriggerPlaybook operation. */ +export type AutomationRulesManualTriggerPlaybookResponse = Record< + string, + unknown +>; + /** Optional parameters. */ export interface AutomationRulesListNextOptionalParams extends coreClient.OperationOptions {} @@ -7617,44 +7952,6 @@ export interface DomainWhoisGetOptionalParams /** Contains response data for the get operation. */ export type DomainWhoisGetResponse = EnrichmentDomainWhois; -/** Optional parameters. */ -export interface EntityQueriesListOptionalParams - extends coreClient.OperationOptions { - /** The entity query kind we want to fetch */ - kind?: Enum8; -} - -/** Contains response data for the list operation. */ -export type EntityQueriesListResponse = EntityQueryList; - -/** Optional parameters. */ -export interface EntityQueriesGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type EntityQueriesGetResponse = EntityQueryUnion; - -/** Optional parameters. */ -export interface EntityQueriesCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; - -/** Optional parameters. */ -export interface EntityQueriesDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface EntityQueriesListNextOptionalParams - extends coreClient.OperationOptions { - /** The entity query kind we want to fetch */ - kind?: Enum8; -} - -/** Contains response data for the listNext operation. */ -export type EntityQueriesListNextResponse = EntityQueryList; - /** Optional parameters. */ export interface EntitiesListOptionalParams extends coreClient.OperationOptions {} @@ -7744,20 +8041,79 @@ export interface EntityRelationsGetRelationOptionalParams export type EntityRelationsGetRelationResponse = Relation; /** Optional parameters. */ -export interface IncidentsListOptionalParams +export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; + /** The entity query kind we want to fetch */ + kind?: Enum12; } /** Contains response data for the list operation. */ -export type IncidentsListResponse = IncidentList; +export type EntityQueriesListResponse = EntityQueryList; + +/** Optional parameters. */ +export interface EntityQueriesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type EntityQueriesGetResponse = EntityQueryUnion; + +/** Optional parameters. */ +export interface EntityQueriesCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; + +/** Optional parameters. */ +export interface EntityQueriesDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface EntityQueriesListNextOptionalParams + extends coreClient.OperationOptions { + /** The entity query kind we want to fetch */ + kind?: Enum12; +} + +/** Contains response data for the listNext operation. */ +export type EntityQueriesListNextResponse = EntityQueryList; + +/** Optional parameters. */ +export interface EntityQueryTemplatesListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; + +/** Optional parameters. */ +export interface EntityQueryTemplatesGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; + +/** Optional parameters. */ +export interface EntityQueryTemplatesListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; + +/** Optional parameters. */ +export interface IncidentsListOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} + +/** Contains response data for the list operation. */ +export type IncidentsListResponse = IncidentList; /** Optional parameters. */ export interface IncidentsGetOptionalParams @@ -7978,6 +8334,31 @@ export interface MetadataListNextOptionalParams /** Contains response data for the listNext operation. */ export type MetadataListNextResponse = MetadataList; +/** Optional parameters. */ +export interface OfficeConsentsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type OfficeConsentsListResponse = OfficeConsentList; + +/** Optional parameters. */ +export interface OfficeConsentsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type OfficeConsentsGetResponse = OfficeConsent; + +/** Optional parameters. */ +export interface OfficeConsentsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface OfficeConsentsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type OfficeConsentsListNextResponse = OfficeConsentList; + /** Optional parameters. */ export interface SentinelOnboardingStatesGetOptionalParams extends coreClient.OperationOptions {} @@ -8077,117 +8458,6 @@ export interface SourceControlsListNextOptionalParams /** Contains response data for the listNext operation. */ export type SourceControlsListNextResponse = SourceControlList; -/** Optional parameters. */ -export interface WatchlistsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type WatchlistsListResponse = WatchlistList; - -/** Optional parameters. */ -export interface WatchlistsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type WatchlistsGetResponse = Watchlist; - -/** Optional parameters. */ -export interface WatchlistsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface WatchlistsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type WatchlistsCreateOrUpdateResponse = Watchlist; - -/** Optional parameters. */ -export interface WatchlistsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type WatchlistsListNextResponse = WatchlistList; - -/** Optional parameters. */ -export interface WatchlistItemsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type WatchlistItemsListResponse = WatchlistItemList; - -/** Optional parameters. */ -export interface WatchlistItemsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type WatchlistItemsGetResponse = WatchlistItem; - -/** Optional parameters. */ -export interface WatchlistItemsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface WatchlistItemsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem; - -/** Optional parameters. */ -export interface WatchlistItemsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type WatchlistItemsListNextResponse = WatchlistItemList; - -/** Optional parameters. */ -export interface DataConnectorsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type DataConnectorsListResponse = DataConnectorList; - -/** Optional parameters. */ -export interface DataConnectorsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type DataConnectorsGetResponse = DataConnectorUnion; - -/** Optional parameters. */ -export interface DataConnectorsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; - -/** Optional parameters. */ -export interface DataConnectorsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsConnectOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsDisconnectOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type DataConnectorsListNextResponse = DataConnectorList; - -/** Optional parameters. */ -export interface DataConnectorsCheckRequirementsPostOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the post operation. */ -export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; - /** Optional parameters. */ export interface ThreatIntelligenceIndicatorCreateIndicatorOptionalParams extends coreClient.OperationOptions {} @@ -8278,64 +8548,129 @@ export interface ThreatIntelligenceIndicatorMetricsListOptionalParams export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList; /** Optional parameters. */ -export interface OperationsListOptionalParams +export interface WatchlistsListOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the list operation. */ -export type OperationsListResponse = OperationsList; +export type WatchlistsListResponse = WatchlistList; /** Optional parameters. */ -export interface OperationsListNextOptionalParams +export interface WatchlistsGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type WatchlistsGetResponse = Watchlist; + +/** Optional parameters. */ +export interface WatchlistsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface WatchlistsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type WatchlistsCreateOrUpdateResponse = Watchlist; + +/** Optional parameters. */ +export interface WatchlistsListNextOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the listNext operation. */ -export type OperationsListNextResponse = OperationsList; +export type WatchlistsListNextResponse = WatchlistList; /** Optional parameters. */ -export interface OfficeConsentsListOptionalParams +export interface WatchlistItemsListOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the list operation. */ -export type OfficeConsentsListResponse = OfficeConsentList; +export type WatchlistItemsListResponse = WatchlistItemList; /** Optional parameters. */ -export interface OfficeConsentsGetOptionalParams +export interface WatchlistItemsGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type OfficeConsentsGetResponse = OfficeConsent; +export type WatchlistItemsGetResponse = WatchlistItem; /** Optional parameters. */ -export interface OfficeConsentsDeleteOptionalParams +export interface WatchlistItemsDeleteOptionalParams extends coreClient.OperationOptions {} /** Optional parameters. */ -export interface OfficeConsentsListNextOptionalParams +export interface WatchlistItemsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem; + +/** Optional parameters. */ +export interface WatchlistItemsListNextOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the listNext operation. */ -export type OfficeConsentsListNextResponse = OfficeConsentList; +export type WatchlistItemsListNextResponse = WatchlistItemList; /** Optional parameters. */ -export interface EntityQueryTemplatesListOptionalParams +export interface DataConnectorsListOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the list operation. */ -export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; +export type DataConnectorsListResponse = DataConnectorList; /** Optional parameters. */ -export interface EntityQueryTemplatesGetOptionalParams +export interface DataConnectorsGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; +export type DataConnectorsGetResponse = DataConnectorUnion; /** Optional parameters. */ -export interface EntityQueryTemplatesListNextOptionalParams +export interface DataConnectorsCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; + +/** Optional parameters. */ +export interface DataConnectorsDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsConnectOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsDisconnectOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface DataConnectorsListNextOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the listNext operation. */ -export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; +export type DataConnectorsListNextResponse = DataConnectorList; + +/** Optional parameters. */ +export interface DataConnectorsCheckRequirementsPostOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the post operation. */ +export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; + +/** Optional parameters. */ +export interface OperationsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type OperationsListResponse = OperationsList; + +/** Optional parameters. */ +export interface OperationsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type OperationsListNextResponse = OperationsList; /** Optional parameters. */ export interface SecurityInsightsOptionalParams diff --git a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts index dee7eb969f7d..f818218a010f 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts @@ -232,35 +232,6 @@ export const AlertRuleTemplatesList: coreClient.CompositeMapper = { } }; -export const AutomationRulesList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRulesList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AutomationRule" - } - } - } - } - } - } -}; - export const AutomationRuleTriggeringLogic: coreClient.CompositeMapper = { type: { name: "Composite", @@ -391,6 +362,54 @@ export const ClientInfo: coreClient.CompositeMapper = { } }; +export const AutomationRulesList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AutomationRulesList", + modelProperties: { + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AutomationRule" + } + } + } + }, + nextLink: { + serializedName: "nextLink", + type: { + name: "String" + } + } + } + } +}; + +export const ManualTriggerRequestBody: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ManualTriggerRequestBody", + modelProperties: { + tenantId: { + serializedName: "tenantId", + type: { + name: "Uuid" + } + }, + logicAppsResourceId: { + serializedName: "logicAppsResourceId", + type: { + name: "String" + } + } + } + } +}; + export const BookmarkList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -483,6 +502,54 @@ export const IncidentInfo: coreClient.CompositeMapper = { } }; +export const BookmarkEntityMappings: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "BookmarkEntityMappings", + modelProperties: { + entityType: { + serializedName: "entityType", + type: { + name: "String" + } + }, + fieldMappings: { + serializedName: "fieldMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityFieldMapping" + } + } + } + } + } + } +}; + +export const EntityFieldMapping: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityFieldMapping", + modelProperties: { + identifier: { + serializedName: "identifier", + type: { + name: "String" + } + }, + value: { + serializedName: "value", + type: { + name: "String" + } + } + } + } +}; + export const RelationList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -1031,35 +1098,6 @@ export const EnrichmentDomainWhoisContact: coreClient.CompositeMapper = { } }; -export const EntityQueryList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQuery" - } - } - } - } - } - } -}; - export const EntityList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -1685,6 +1723,64 @@ export const InsightsTableResultColumnsItem: coreClient.CompositeMapper = { } }; +export const EntityQueryList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQuery" + } + } + } + } + } + } +}; + +export const EntityQueryTemplateList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityQueryTemplateList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQueryTemplate" + } + } + } + } + } + } +}; + export const IncidentList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -1752,6 +1848,13 @@ export const IncidentAdditionalData: coreClient.CompositeMapper = { } } }, + providerIncidentUrl: { + serializedName: "providerIncidentUrl", + readOnly: true, + type: { + name: "String" + } + }, tactics: { serializedName: "tactics", readOnly: true, @@ -1763,6 +1866,18 @@ export const IncidentAdditionalData: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -2297,6 +2412,35 @@ export const MetadataCategories: coreClient.CompositeMapper = { } }; +export const OfficeConsentList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeConsentList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "OfficeConsent" + } + } + } + } + } + } +}; + export const SentinelOnboardingStatesList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -2497,286 +2641,158 @@ export const ContentPathMap: coreClient.CompositeMapper = { } }; -export const WatchlistList: coreClient.CompositeMapper = { +export const RepositoryResourceInfo: coreClient.CompositeMapper = { type: { name: "Composite", - className: "WatchlistList", + className: "RepositoryResourceInfo", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + webhook: { + serializedName: "webhook", type: { - name: "String" + name: "Composite", + className: "Webhook" } }, - value: { - serializedName: "value", - required: true, + gitHubResourceInfo: { + serializedName: "gitHubResourceInfo", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Watchlist" - } - } + name: "Composite", + className: "GitHubResourceInfo" + } + }, + azureDevOpsResourceInfo: { + serializedName: "azureDevOpsResourceInfo", + type: { + name: "Composite", + className: "AzureDevOpsResourceInfo" } } } } }; -export const WatchlistItemList: coreClient.CompositeMapper = { +export const Webhook: coreClient.CompositeMapper = { type: { name: "Composite", - className: "WatchlistItemList", + className: "Webhook", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + webhookId: { + serializedName: "webhookId", type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + webhookUrl: { + serializedName: "webhookUrl", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "WatchlistItem" - } - } + name: "String" + } + }, + webhookSecretUpdateTime: { + serializedName: "webhookSecretUpdateTime", + type: { + name: "String" } } } } }; -export const DataConnectorList: coreClient.CompositeMapper = { +export const GitHubResourceInfo: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorList", + className: "GitHubResourceInfo", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + appInstallationId: { + serializedName: "appInstallationId", type: { name: "String" } - }, - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "DataConnector" - } - } - } } } } }; -export const DataConnectorConnectBody: coreClient.CompositeMapper = { +export const AzureDevOpsResourceInfo: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorConnectBody", + className: "AzureDevOpsResourceInfo", modelProperties: { - kind: { - serializedName: "kind", - type: { - name: "String" - } - }, - apiKey: { - serializedName: "apiKey", - type: { - name: "String" - } - }, - clientSecret: { - serializedName: "clientSecret", - type: { - name: "String" - } - }, - clientId: { - serializedName: "clientId", - type: { - name: "String" - } - }, - authorizationCode: { - serializedName: "authorizationCode", - type: { - name: "String" - } - }, - userName: { - serializedName: "userName", + pipelineId: { + serializedName: "pipelineId", type: { name: "String" } }, - password: { - serializedName: "password", + serviceConnectionId: { + serializedName: "serviceConnectionId", type: { name: "String" } - }, - requestConfigUserInputValues: { - serializedName: "requestConfigUserInputValues", - type: { - name: "Sequence", - element: { - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } - } - } -}; - -export const ErrorResponse: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ErrorResponse", - modelProperties: { - error: { - serializedName: "error", - type: { - name: "Composite", - className: "ErrorDetail" - } } } } }; -export const ErrorDetail: coreClient.CompositeMapper = { +export const DeploymentInfo: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ErrorDetail", + className: "DeploymentInfo", modelProperties: { - code: { - serializedName: "code", - readOnly: true, + deploymentFetchStatus: { + serializedName: "deploymentFetchStatus", type: { name: "String" } }, - message: { - serializedName: "message", - readOnly: true, + deployment: { + serializedName: "deployment", type: { - name: "String" + name: "Composite", + className: "Deployment" } }, - target: { - serializedName: "target", - readOnly: true, + message: { + serializedName: "message", type: { name: "String" } - }, - details: { - serializedName: "details", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ErrorDetail" - } - } - } - }, - additionalInfo: { - serializedName: "additionalInfo", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ErrorAdditionalInfo" - } - } - } } } } }; -export const ErrorAdditionalInfo: coreClient.CompositeMapper = { +export const Deployment: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ErrorAdditionalInfo", + className: "Deployment", modelProperties: { - type: { - serializedName: "type", - readOnly: true, + deploymentId: { + serializedName: "deploymentId", type: { name: "String" } }, - info: { - serializedName: "info", - readOnly: true, + deploymentState: { + serializedName: "deploymentState", type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "String" } - } - } - } -}; - -export const DataConnectorsCheckRequirements: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataConnectorsCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - kind: { - serializedName: "kind", - required: true, + }, + deploymentResult: { + serializedName: "deploymentResult", type: { name: "String" } - } - } - } -}; - -export const DataConnectorRequirementsState: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataConnectorRequirementsState", - modelProperties: { - authorizationState: { - serializedName: "authorizationState", + }, + deploymentTime: { + serializedName: "deploymentTime", type: { - name: "String" + name: "DateTime" } }, - licenseState: { - serializedName: "licenseState", + deploymentLogsUrl: { + serializedName: "deploymentLogsUrl", type: { name: "String" } @@ -2930,6 +2946,11 @@ export const ThreatIntelligenceResourceKind: coreClient.CompositeMapper = { type: { name: "Composite", className: "ThreatIntelligenceResourceKind", + uberParent: "ThreatIntelligenceResourceKind", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { kind: { serializedName: "kind", @@ -3240,10 +3261,10 @@ export const ThreatIntelligenceAppendTags: coreClient.CompositeMapper = { } }; -export const OperationsList: coreClient.CompositeMapper = { +export const WatchlistList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "OperationsList", + className: "WatchlistList", modelProperties: { nextLink: { serializedName: "nextLink", @@ -3260,7 +3281,7 @@ export const OperationsList: coreClient.CompositeMapper = { element: { type: { name: "Composite", - className: "Operation" + className: "Watchlist" } } } @@ -3269,106 +3290,173 @@ export const OperationsList: coreClient.CompositeMapper = { } }; -export const Operation: coreClient.CompositeMapper = { +export const WatchlistItemList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "Operation", + className: "WatchlistItemList", modelProperties: { - display: { - serializedName: "display", - type: { - name: "Composite", - className: "OperationDisplay" - } - }, - name: { - serializedName: "name", - type: { - name: "String" - } - }, - origin: { - serializedName: "origin", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } }, - isDataAction: { - serializedName: "isDataAction", + value: { + serializedName: "value", + required: true, type: { - name: "Boolean" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "WatchlistItem" + } + } } } } } }; -export const OperationDisplay: coreClient.CompositeMapper = { +export const DataConnectorList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "OperationDisplay", + className: "DataConnectorList", modelProperties: { - description: { - serializedName: "description", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } }, - operation: { - serializedName: "operation", + value: { + serializedName: "value", + required: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "DataConnector" + } + } + } + } + } + } +}; + +export const DataConnectorConnectBody: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataConnectorConnectBody", + modelProperties: { + kind: { + serializedName: "kind", + type: { + name: "String" } }, - provider: { - serializedName: "provider", + apiKey: { + serializedName: "apiKey", type: { name: "String" } }, - resource: { - serializedName: "resource", + clientSecret: { + serializedName: "clientSecret", + type: { + name: "String" + } + }, + clientId: { + serializedName: "clientId", + type: { + name: "String" + } + }, + authorizationCode: { + serializedName: "authorizationCode", + type: { + name: "String" + } + }, + userName: { + serializedName: "userName", + type: { + name: "String" + } + }, + password: { + serializedName: "password", type: { name: "String" } + }, + requestConfigUserInputValues: { + serializedName: "requestConfigUserInputValues", + type: { + name: "Sequence", + element: { + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } } } } }; -export const OfficeConsentList: coreClient.CompositeMapper = { +export const DataConnectorsCheckRequirements: coreClient.CompositeMapper = { type: { name: "Composite", - className: "OfficeConsentList", + className: "DataConnectorsCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const DataConnectorRequirementsState: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataConnectorRequirementsState", + modelProperties: { + authorizationState: { + serializedName: "authorizationState", type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + licenseState: { + serializedName: "licenseState", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "OfficeConsent" - } - } + name: "String" } } } } }; -export const EntityQueryTemplateList: coreClient.CompositeMapper = { +export const OperationsList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityQueryTemplateList", + className: "OperationsList", modelProperties: { nextLink: { serializedName: "nextLink", @@ -3385,7 +3473,7 @@ export const EntityQueryTemplateList: coreClient.CompositeMapper = { element: { type: { name: "Composite", - className: "EntityQueryTemplate" + className: "Operation" } } } @@ -3394,6 +3482,73 @@ export const EntityQueryTemplateList: coreClient.CompositeMapper = { } }; +export const Operation: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Operation", + modelProperties: { + display: { + serializedName: "display", + type: { + name: "Composite", + className: "OperationDisplay" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + origin: { + serializedName: "origin", + type: { + name: "String" + } + }, + isDataAction: { + serializedName: "isDataAction", + type: { + name: "Boolean" + } + } + } + } +}; + +export const OperationDisplay: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OperationDisplay", + modelProperties: { + description: { + serializedName: "description", + type: { + name: "String" + } + }, + operation: { + serializedName: "operation", + type: { + name: "String" + } + }, + provider: { + serializedName: "provider", + type: { + name: "String" + } + }, + resource: { + serializedName: "resource", + type: { + name: "String" + } + } + } + } +}; + export const AlertRuleTemplateDataSource: coreClient.CompositeMapper = { type: { name: "Composite", @@ -3496,17 +3651,6 @@ export const QueryBasedAlertRuleTemplateProperties: coreClient.CompositeMapper = name: "String" } }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, version: { serializedName: "version", type: { @@ -3624,47 +3768,33 @@ export const AlertDetailsOverride: coreClient.CompositeMapper = { } }; -export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { +export const FusionSourceSettings: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", + className: "FusionSourceSettings", modelProperties: { - displayNamesFilter: { - serializedName: "displayNamesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - displayNamesExcludeFilter: { - serializedName: "displayNamesExcludeFilter", + enabled: { + serializedName: "enabled", + required: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Boolean" } }, - productFilter: { - serializedName: "productFilter", + sourceName: { + serializedName: "sourceName", required: true, type: { name: "String" } }, - severitiesFilter: { - serializedName: "severitiesFilter", + sourceSubTypes: { + serializedName: "sourceSubTypes", type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "FusionSourceSubTypeSetting" } } } @@ -3673,72 +3803,276 @@ export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreCli } }; -export const QueryBasedAlertRuleProperties: coreClient.CompositeMapper = { +export const FusionSourceSubTypeSetting: coreClient.CompositeMapper = { type: { name: "Composite", - className: "QueryBasedAlertRuleProperties", + className: "FusionSourceSubTypeSetting", modelProperties: { - alertRuleTemplateName: { - serializedName: "alertRuleTemplateName", + enabled: { + serializedName: "enabled", + required: true, type: { - name: "String" + name: "Boolean" } }, - templateVersion: { - serializedName: "templateVersion", + sourceSubTypeName: { + serializedName: "sourceSubTypeName", + required: true, type: { name: "String" } }, - description: { - serializedName: "description", + sourceSubTypeDisplayName: { + serializedName: "sourceSubTypeDisplayName", + readOnly: true, type: { name: "String" } }, - query: { - serializedName: "query", + severityFilters: { + serializedName: "severityFilters", type: { - name: "String" + name: "Composite", + className: "FusionSubTypeSeverityFilter" } - }, - displayName: { - serializedName: "displayName", - required: true, + } + } + } +}; + +export const FusionSubTypeSeverityFilter: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionSubTypeSeverityFilter", + modelProperties: { + isSupported: { + serializedName: "isSupported", + readOnly: true, type: { - name: "String" + name: "Boolean" } }, - enabled: { - serializedName: "enabled", - required: true, + filters: { + serializedName: "filters", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionSubTypeSeverityFiltersItem" + } + } + } + } + } + } +}; + +export const FusionSubTypeSeverityFiltersItem: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionSubTypeSeverityFiltersItem", + modelProperties: { + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + }, + enabled: { + serializedName: "enabled", + required: true, type: { name: "Boolean" } + } + } + } +}; + +export const FusionScenarioExclusionPattern: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionScenarioExclusionPattern", + modelProperties: { + exclusionPattern: { + serializedName: "exclusionPattern", + required: true, + type: { + name: "String" + } }, - lastModifiedUtc: { - serializedName: "lastModifiedUtc", - readOnly: true, + dateAddedInUTC: { + serializedName: "dateAddedInUTC", + required: true, type: { - name: "DateTime" + name: "String" + } + } + } + } +}; + +export const FusionTemplateSourceSetting: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionTemplateSourceSetting", + modelProperties: { + sourceName: { + serializedName: "sourceName", + required: true, + type: { + name: "String" } }, - suppressionDuration: { - serializedName: "suppressionDuration", + sourceSubTypes: { + serializedName: "sourceSubTypes", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionTemplateSourceSubType" + } + } + } + } + } + } +}; + +export const FusionTemplateSourceSubType: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionTemplateSourceSubType", + modelProperties: { + sourceSubTypeName: { + serializedName: "sourceSubTypeName", required: true, type: { - name: "TimeSpan" + name: "String" } }, - suppressionEnabled: { - serializedName: "suppressionEnabled", + sourceSubTypeDisplayName: { + serializedName: "sourceSubTypeDisplayName", + readOnly: true, + type: { + name: "String" + } + }, + severityFilter: { + serializedName: "severityFilter", + type: { + name: "Composite", + className: "FusionTemplateSubTypeSeverityFilter" + } + } + } + } +}; + +export const FusionTemplateSubTypeSeverityFilter: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionTemplateSubTypeSeverityFilter", + modelProperties: { + isSupported: { + serializedName: "isSupported", required: true, type: { name: "Boolean" } }, - severity: { - serializedName: "severity", + severityFilters: { + serializedName: "severityFilters", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", + modelProperties: { + displayNamesFilter: { + serializedName: "displayNamesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + displayNamesExcludeFilter: { + serializedName: "displayNamesExcludeFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + productFilter: { + serializedName: "productFilter", + required: true, + type: { + name: "String" + } + }, + severitiesFilter: { + serializedName: "severitiesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const QueryBasedAlertRuleProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "QueryBasedAlertRuleProperties", + modelProperties: { + alertRuleTemplateName: { + serializedName: "alertRuleTemplateName", + type: { + name: "String" + } + }, + templateVersion: { + serializedName: "templateVersion", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + query: { + serializedName: "query", type: { name: "String" } @@ -3754,6 +4088,58 @@ export const QueryBasedAlertRuleProperties: coreClient.CompositeMapper = { } } }, + techniques: { + serializedName: "techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + displayName: { + serializedName: "displayName", + required: true, + type: { + name: "String" + } + }, + enabled: { + serializedName: "enabled", + required: true, + type: { + name: "Boolean" + } + }, + lastModifiedUtc: { + serializedName: "lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + suppressionDuration: { + serializedName: "suppressionDuration", + required: true, + type: { + name: "TimeSpan" + } + }, + suppressionEnabled: { + serializedName: "suppressionEnabled", + required: true, + type: { + name: "Boolean" + } + }, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, incidentConfiguration: { serializedName: "incidentConfiguration", type: { @@ -3940,151 +4326,25 @@ export const EventGroupingSettings: coreClient.CompositeMapper = { } }; -export const AutomationRuleRunPlaybookActionConfiguration: coreClient.CompositeMapper = { +export const EntityQueryItemProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AutomationRuleRunPlaybookActionConfiguration", + className: "EntityQueryItemProperties", modelProperties: { - logicAppResourceId: { - serializedName: "logicAppResourceId", + dataTypes: { + serializedName: "dataTypes", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "EntityQueryItemPropertiesDataTypesItem" + } + } } }, - tenantId: { - serializedName: "tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const AutomationRuleModifyPropertiesActionConfiguration: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRuleModifyPropertiesActionConfiguration", - modelProperties: { - classification: { - serializedName: "classification", - type: { - name: "String" - } - }, - classificationComment: { - serializedName: "classificationComment", - type: { - name: "String" - } - }, - classificationReason: { - serializedName: "classificationReason", - type: { - name: "String" - } - }, - labels: { - serializedName: "labels", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "IncidentLabel" - } - } - } - }, - owner: { - serializedName: "owner", - type: { - name: "Composite", - className: "IncidentOwnerInfo" - } - }, - severity: { - serializedName: "severity", - type: { - name: "String" - } - }, - status: { - serializedName: "status", - type: { - name: "String" - } - } - } - } -}; - -export const AutomationRulePropertyValuesConditionProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRulePropertyValuesConditionProperties", - modelProperties: { - propertyName: { - serializedName: "propertyName", - type: { - name: "String" - } - }, - operator: { - serializedName: "operator", - type: { - name: "String" - } - }, - propertyValues: { - serializedName: "propertyValues", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ActivityEntityQueriesPropertiesQueryDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActivityEntityQueriesPropertiesQueryDefinitions", - modelProperties: { - query: { - serializedName: "query", - type: { - name: "String" - } - } - } - } -}; - -export const EntityQueryItemProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryItemProperties", - modelProperties: { - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQueryItemPropertiesDataTypesItem" - } - } - } - }, - inputEntityType: { - serializedName: "inputEntityType", + inputEntityType: { + serializedName: "inputEntityType", type: { name: "String" } @@ -4312,6 +4572,57 @@ export const InsightQueryItemPropertiesReferenceTimeRange: coreClient.CompositeM } }; +export const ActivityEntityQueriesPropertiesQueryDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActivityEntityQueriesPropertiesQueryDefinitions", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + } + } + } +}; + +export const ActivityEntityQueryTemplatePropertiesQueryDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions", + modelProperties: { + query: { + serializedName: "query", + type: { + name: "String" + } + }, + summarizeBy: { + serializedName: "summarizeBy", + type: { + name: "String" + } + } + } + } +}; + +export const DataTypeDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataTypeDefinitions", + modelProperties: { + dataType: { + serializedName: "dataType", + type: { + name: "String" + } + } + } + } +}; + export const Sku: coreClient.CompositeMapper = { type: { name: "Composite", @@ -4484,6 +4795,38 @@ export const Dynamics365DataConnectorDataTypes: coreClient.CompositeMapper = { } }; +export const Office365ProjectConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypesLogs" + } + } + } + } +}; + +export const OfficePowerBIConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypesLogs" + } + } + } + } +}; + export const OfficeDataConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", @@ -5295,42 +5638,6 @@ export const CodelessConnectorPollingResponseProperties: coreClient.CompositeMap } }; -export const ActivityEntityQueryTemplatePropertiesQueryDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions", - modelProperties: { - query: { - serializedName: "query", - type: { - name: "String" - } - }, - summarizeBy: { - serializedName: "summarizeBy", - type: { - name: "String" - } - } - } - } -}; - -export const DataTypeDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataTypeDefinitions", - modelProperties: { - dataType: { - serializedName: "dataType", - type: { - name: "String" - } - } - } - } -}; - export const ThreatIntelligence: coreClient.CompositeMapper = { type: { name: "Composite", @@ -5502,28 +5809,6 @@ export const Entity: coreClient.CompositeMapper = { } }; -export const OfficeConsent: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeConsent", - modelProperties: { - ...Resource.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - consentId: { - serializedName: "properties.consentId", - type: { - name: "String" - } - } - } - } -}; - export const EntityQueryTemplate: coreClient.CompositeMapper = { serializedName: "EntityQueryTemplate", type: { @@ -5547,7 +5832,29 @@ export const EntityQueryTemplate: coreClient.CompositeMapper = { } }; -export const ActionResponseProperties: coreClient.CompositeMapper = { +export const OfficeConsent: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeConsent", + modelProperties: { + ...Resource.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + consentId: { + serializedName: "properties.consentId", + type: { + name: "String" + } + } + } + } +}; + +export const ActionResponseProperties: coreClient.CompositeMapper = { type: { name: "Composite", className: "ActionResponseProperties", @@ -5580,63 +5887,126 @@ export const ActionRequestProperties: coreClient.CompositeMapper = { } }; -export const AutomationRulePropertyValuesCondition: coreClient.CompositeMapper = { +export const PropertyConditionProperties: coreClient.CompositeMapper = { serializedName: "Property", type: { name: "Composite", - className: "AutomationRulePropertyValuesCondition", + className: "PropertyConditionProperties", uberParent: "AutomationRuleCondition", polymorphicDiscriminator: AutomationRuleCondition.type.polymorphicDiscriminator, modelProperties: { ...AutomationRuleCondition.type.modelProperties, - conditionProperties: { - serializedName: "conditionProperties", + propertyName: { + serializedName: "conditionProperties.propertyName", type: { - name: "Composite", - className: "AutomationRulePropertyValuesConditionProperties" + name: "String" + } + }, + operator: { + serializedName: "conditionProperties.operator", + type: { + name: "String" + } + }, + propertyValues: { + serializedName: "conditionProperties.propertyValues", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } } } } } }; -export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { - serializedName: "RunPlaybook", +export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { + serializedName: "ModifyProperties", type: { name: "Composite", - className: "AutomationRuleRunPlaybookAction", + className: "AutomationRuleModifyPropertiesAction", uberParent: "AutomationRuleAction", polymorphicDiscriminator: AutomationRuleAction.type.polymorphicDiscriminator, modelProperties: { ...AutomationRuleAction.type.modelProperties, - actionConfiguration: { - serializedName: "actionConfiguration", + severity: { + serializedName: "actionConfiguration.severity", + type: { + name: "String" + } + }, + status: { + serializedName: "actionConfiguration.status", + type: { + name: "String" + } + }, + classification: { + serializedName: "actionConfiguration.classification", + type: { + name: "String" + } + }, + classificationReason: { + serializedName: "actionConfiguration.classificationReason", + type: { + name: "String" + } + }, + classificationComment: { + serializedName: "actionConfiguration.classificationComment", + type: { + name: "String" + } + }, + owner: { + serializedName: "actionConfiguration.owner", type: { name: "Composite", - className: "AutomationRuleRunPlaybookActionConfiguration" + className: "IncidentOwnerInfo" + } + }, + labels: { + serializedName: "actionConfiguration.labels", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentLabel" + } + } } } } } }; -export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { - serializedName: "ModifyProperties", +export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { + serializedName: "RunPlaybook", type: { name: "Composite", - className: "AutomationRuleModifyPropertiesAction", + className: "AutomationRuleRunPlaybookAction", uberParent: "AutomationRuleAction", polymorphicDiscriminator: AutomationRuleAction.type.polymorphicDiscriminator, modelProperties: { ...AutomationRuleAction.type.modelProperties, - actionConfiguration: { - serializedName: "actionConfiguration", + logicAppResourceId: { + serializedName: "actionConfiguration.logicAppResourceId", type: { - name: "Composite", - className: "AutomationRuleModifyPropertiesActionConfiguration" + name: "String" + } + }, + tenantId: { + serializedName: "actionConfiguration.tenantId", + type: { + name: "Uuid" } } } @@ -7588,323 +7958,58 @@ export const UrlEntityProperties: coreClient.CompositeMapper = { } }; -export const AADCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureActiveDirectory", +export const ThreatIntelligenceIndicatorModelForRequestBody: coreClient.CompositeMapper = { + serializedName: "indicator", type: { name: "Composite", - className: "AADCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", + className: "ThreatIntelligenceIndicatorModelForRequestBody", + uberParent: "ThreatIntelligenceResourceKind", polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + ThreatIntelligenceResourceKind.type.polymorphicDiscriminator, modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + ...ThreatIntelligenceResourceKind.type.modelProperties, + etag: { + serializedName: "etag", type: { name: "String" } - } - } - } -}; - -export const AatpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureAdvancedThreatProtection", - type: { - name: "Composite", - className: "AatpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + }, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } } - } - } - } -}; - -export const ASCCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureSecurityCenter", - type: { - name: "Composite", - className: "ASCCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - subscriptionId: { - serializedName: "properties.subscriptionId", + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const AwsCloudTrailCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesCloudTrail", - type: { - name: "Composite", - className: "AwsCloudTrailCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties - } - } -}; - -export const AwsS3CheckRequirements: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesS3", - type: { - name: "Composite", - className: "AwsS3CheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties - } - } -}; - -export const Dynamics365CheckRequirements: coreClient.CompositeMapper = { - serializedName: "Dynamics365", - type: { - name: "Composite", - className: "Dynamics365CheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + }, + threatIntelligenceTags: { + serializedName: "properties.threatIntelligenceTags", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } - } - } - } -}; - -export const McasCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftCloudAppSecurity", - type: { - name: "Composite", - className: "McasCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + }, + lastUpdatedTimeUtc: { + serializedName: "properties.lastUpdatedTimeUtc", type: { name: "String" } - } - } - } -}; - -export const MdatpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftDefenderAdvancedThreatProtection", - type: { - name: "Composite", - className: "MdatpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MstiCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatIntelligence", - type: { - name: "Composite", - className: "MstiCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MtpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatProtection", - type: { - name: "Composite", - className: "MtpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeATPCheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficeATP", - type: { - name: "Composite", - className: "OfficeATPCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeIRMCheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficeIRM", - type: { - name: "Composite", - className: "OfficeIRMCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const TICheckRequirements: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "TICheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const TiTaxiiCheckRequirements: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligenceTaxii", - type: { - name: "Composite", - className: "TiTaxiiCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligenceIndicatorModelForRequestBody: coreClient.CompositeMapper = { - serializedName: "indicator", - type: { - name: "Composite", - className: "ThreatIntelligenceIndicatorModelForRequestBody", - modelProperties: { - ...ThreatIntelligenceResourceKind.type.modelProperties, - etag: { - serializedName: "etag", - type: { - name: "String" - } - }, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - threatIntelligenceTags: { - serializedName: "properties.threatIntelligenceTags", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - lastUpdatedTimeUtc: { - serializedName: "properties.lastUpdatedTimeUtc", - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", + }, + source: { + serializedName: "properties.source", type: { name: "String" } @@ -8114,8 +8219,10 @@ export const ThreatIntelligenceInformation: coreClient.CompositeMapper = { name: "Composite", className: "ThreatIntelligenceInformation", uberParent: "ThreatIntelligenceResourceKind", - polymorphicDiscriminator: - ThreatIntelligenceResourceKind.type.polymorphicDiscriminator, + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { ...ResourceWithEtag.type.modelProperties, ...ThreatIntelligenceResourceKind.type.modelProperties @@ -8123,47 +8230,320 @@ export const ThreatIntelligenceInformation: coreClient.CompositeMapper = { } }; -export const MLBehaviorAnalyticsAlertRuleTemplateProperties: coreClient.CompositeMapper = { +export const AADCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureActiveDirectory", type: { name: "Composite", - className: "MLBehaviorAnalyticsAlertRuleTemplateProperties", + className: "AADCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const AatpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureAdvancedThreatProtection", + type: { + name: "Composite", + className: "AatpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const ASCCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AzureSecurityCenter", + type: { + name: "Composite", + className: "ASCCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + subscriptionId: { + serializedName: "properties.subscriptionId", + type: { + name: "String" + } + } + } + } +}; + +export const AwsCloudTrailCheckRequirements: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesCloudTrail", + type: { + name: "Composite", + className: "AwsCloudTrailCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties + } + } +}; + +export const AwsS3CheckRequirements: coreClient.CompositeMapper = { + serializedName: "AmazonWebServicesS3", + type: { + name: "Composite", + className: "AwsS3CheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties + } + } +}; + +export const Dynamics365CheckRequirements: coreClient.CompositeMapper = { + serializedName: "Dynamics365", + type: { + name: "Composite", + className: "Dynamics365CheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const McasCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftCloudAppSecurity", + type: { + name: "Composite", + className: "McasCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MdatpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftDefenderAdvancedThreatProtection", + type: { + name: "Composite", + className: "MdatpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MstiCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftThreatIntelligence", + type: { + name: "Composite", + className: "MstiCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const MtpCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftThreatProtection", + type: { + name: "Composite", + className: "MtpCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficeATPCheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficeATP", + type: { + name: "Composite", + className: "OfficeATPCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficeIRMCheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficeIRM", + type: { + name: "Composite", + className: "OfficeIRMCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const Office365ProjectCheckRequirements: coreClient.CompositeMapper = { + serializedName: "Office365Project", + type: { + name: "Composite", + className: "Office365ProjectCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const OfficePowerBICheckRequirements: coreClient.CompositeMapper = { + serializedName: "OfficePowerBI", + type: { + name: "Composite", + className: "OfficePowerBICheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const TICheckRequirements: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligence", + type: { + name: "Composite", + className: "TICheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + +export const TiTaxiiCheckRequirements: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligenceTaxii", + type: { + name: "Composite", + className: "TiTaxiiCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } - }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } } } } }; -export const FusionAlertRuleTemplateProperties: coreClient.CompositeMapper = { +export const AlertRuleTemplateWithMitreProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "FusionAlertRuleTemplateProperties", + className: "AlertRuleTemplateWithMitreProperties", modelProperties: { ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, - type: { - name: "String" - } - }, tactics: { serializedName: "tactics", type: { @@ -8174,26 +8554,9 @@ export const FusionAlertRuleTemplateProperties: coreClient.CompositeMapper = { } } } - } - } - } -}; - -export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - severity: { - serializedName: "severity", - required: true, - type: { - name: "String" - } }, - tactics: { - serializedName: "tactics", + techniques: { + serializedName: "techniques", type: { name: "Sequence", element: { @@ -8224,7 +8587,7 @@ export const ScheduledAlertRuleTemplateProperties: coreClient.CompositeMapper = name: "Composite", className: "ScheduledAlertRuleTemplateProperties", modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, ...QueryBasedAlertRuleTemplateProperties.type.modelProperties, ...ScheduledAlertRuleCommonProperties.type.modelProperties } @@ -8236,7 +8599,7 @@ export const NrtAlertRuleTemplateProperties: coreClient.CompositeMapper = { name: "Composite", className: "NrtAlertRuleTemplateProperties", modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, ...QueryBasedAlertRuleTemplateProperties.type.modelProperties } } @@ -8308,7 +8671,6 @@ export const NrtAlertRuleProperties: coreClient.CompositeMapper = { }; export const InsightQueryItemProperties: coreClient.CompositeMapper = { - serializedName: "Insight", type: { name: "Composite", className: "InsightQueryItemProperties", @@ -8461,6 +8823,26 @@ export const OfficeIRMCheckRequirementsProperties: coreClient.CompositeMapper = } }; +export const Office365ProjectCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + +export const OfficePowerBICheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBICheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + export const TICheckRequirementsProperties: coreClient.CompositeMapper = { type: { name: "Composite", @@ -8582,6 +8964,40 @@ export const OfficeATPDataConnectorProperties: coreClient.CompositeMapper = { } }; +export const Office365ProjectDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes" + } + } + } + } +}; + +export const OfficePowerBIDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes" + } + } + } + } +}; + export const OfficeIRMDataConnectorProperties: coreClient.CompositeMapper = { type: { name: "Composite", @@ -8820,6 +9236,26 @@ export const Dynamics365DataConnectorDataTypesDynamics365CdsActivities: coreClie } }; +export const Office365ProjectConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + +export const OfficePowerBIConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + export const OfficeDataConnectorDataTypesExchange: coreClient.CompositeMapper = { type: { name: "Composite", @@ -9025,12 +9461,14 @@ export const AutomationRule: coreClient.CompositeMapper = { ...ResourceWithEtag.type.modelProperties, displayName: { serializedName: "properties.displayName", + required: true, type: { name: "String" } }, order: { serializedName: "properties.order", + required: true, type: { name: "Number" } @@ -9044,6 +9482,7 @@ export const AutomationRule: coreClient.CompositeMapper = { }, actions: { serializedName: "properties.actions", + required: true, type: { name: "Sequence", element: { @@ -9054,29 +9493,29 @@ export const AutomationRule: coreClient.CompositeMapper = { } } }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", readOnly: true, type: { name: "DateTime" } }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", readOnly: true, type: { name: "DateTime" } }, - createdBy: { - serializedName: "properties.createdBy", + lastModifiedBy: { + serializedName: "properties.lastModifiedBy", type: { name: "Composite", className: "ClientInfo" } }, - lastModifiedBy: { - serializedName: "properties.lastModifiedBy", + createdBy: { + serializedName: "properties.createdBy", type: { name: "Composite", className: "ClientInfo" @@ -9177,6 +9616,40 @@ export const Bookmark: coreClient.CompositeMapper = { name: "Composite", className: "IncidentInfo" } + }, + entityMappings: { + serializedName: "properties.entityMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "BookmarkEntityMappings" + } + } + } + }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -9686,6 +10159,12 @@ export const SourceControl: coreClient.CompositeMapper = { name: "String" } }, + version: { + serializedName: "properties.version", + type: { + name: "String" + } + }, displayName: { serializedName: "properties.displayName", type: { @@ -9721,6 +10200,20 @@ export const SourceControl: coreClient.CompositeMapper = { name: "Composite", className: "Repository" } + }, + repositoryResourceInfo: { + serializedName: "properties.repositoryResourceInfo", + type: { + name: "Composite", + className: "RepositoryResourceInfo" + } + }, + lastDeploymentInfo: { + serializedName: "properties.lastDeploymentInfo", + type: { + name: "Composite", + className: "DeploymentInfo" + } } } } @@ -10025,14 +10518,19 @@ export const MLBehaviorAnalyticsAlertRuleTemplate: coreClient.CompositeMapper = name: "String" } }, - severity: { - serializedName: "properties.severity", + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - tactics: { - serializedName: "properties.tactics", + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { @@ -10041,6 +10539,12 @@ export const MLBehaviorAnalyticsAlertRuleTemplate: coreClient.CompositeMapper = } } } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } } } } @@ -10105,19 +10609,42 @@ export const FusionAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, severity: { serializedName: "properties.severity", type: { name: "String" } }, - tactics: { - serializedName: "properties.tactics", + sourceSettings: { + serializedName: "properties.sourceSettings", type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "FusionTemplateSourceSetting" } } } @@ -10185,14 +10712,19 @@ export const ThreatIntelligenceAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, - severity: { - serializedName: "properties.severity", + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - tactics: { - serializedName: "properties.tactics", + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { @@ -10201,6 +10733,12 @@ export const ThreatIntelligenceAlertRuleTemplate: coreClient.CompositeMapper = { } } } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } } } } @@ -10367,6 +10905,28 @@ export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, query: { serializedName: "properties.query", type: { @@ -10376,18 +10936,7 @@ export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { severity: { serializedName: "properties.severity", type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, version: { @@ -10517,20 +11066,19 @@ export const NrtAlertRuleTemplate: coreClient.CompositeMapper = { name: "String" } }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - severity: { - serializedName: "properties.severity", + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - tactics: { - serializedName: "properties.tactics", + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { @@ -10540,6 +11088,18 @@ export const NrtAlertRuleTemplate: coreClient.CompositeMapper = { } } }, + query: { + serializedName: "properties.query", + type: { + name: "String" + } + }, + severity: { + serializedName: "properties.severity", + type: { + name: "String" + } + }, version: { serializedName: "properties.version", type: { @@ -12817,6 +13377,70 @@ export const ThreatIntelligenceIndicatorModel: coreClient.CompositeMapper = { } }; +export const MLBehaviorAnalyticsAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MLBehaviorAnalyticsAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const FusionAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FusionAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + }, + sourceSettings: { + serializedName: "sourceSettings", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionTemplateSourceSetting" + } + } + } + } + } + } +}; + +export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceAlertRuleTemplateProperties", + modelProperties: { + ...AlertRuleTemplateWithMitreProperties.type.modelProperties, + severity: { + serializedName: "severity", + required: true, + type: { + name: "String" + } + } + } + } +}; + export const PermissionsCustomsItem: coreClient.CompositeMapper = { type: { name: "Composite", @@ -12887,6 +13511,18 @@ export const MLBehaviorAnalyticsAlertRule: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "properties.techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -12927,6 +13563,30 @@ export const FusionAlertRule: coreClient.CompositeMapper = { name: "Boolean" } }, + sourceSettings: { + serializedName: "properties.sourceSettings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionSourceSettings" + } + } + } + }, + scenarioExclusionPatterns: { + serializedName: "properties.scenarioExclusionPatterns", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FusionScenarioExclusionPattern" + } + } + } + }, lastModifiedUtc: { serializedName: "properties.lastModifiedUtc", readOnly: true, @@ -12952,6 +13612,18 @@ export const FusionAlertRule: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "properties.techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -13017,6 +13689,18 @@ export const ThreatIntelligenceAlertRule: coreClient.CompositeMapper = { } } } + }, + techniques: { + serializedName: "properties.techniques", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -13170,6 +13854,28 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { name: "String" } }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, displayName: { serializedName: "properties.displayName", type: { @@ -13207,17 +13913,6 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { name: "String" } }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, incidentConfiguration: { serializedName: "properties.incidentConfiguration", type: { @@ -13288,6 +13983,28 @@ export const NrtAlertRule: coreClient.CompositeMapper = { name: "String" } }, + tactics: { + serializedName: "properties.tactics", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, displayName: { serializedName: "properties.displayName", type: { @@ -13325,17 +14042,6 @@ export const NrtAlertRule: coreClient.CompositeMapper = { name: "String" } }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, incidentConfiguration: { serializedName: "properties.incidentConfiguration", type: { @@ -13988,6 +14694,58 @@ export const OfficeATPDataConnector: coreClient.CompositeMapper = { } }; +export const Office365ProjectDataConnector: coreClient.CompositeMapper = { + serializedName: "Office365Project", + type: { + name: "Composite", + className: "Office365ProjectDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "Office365ProjectConnectorDataTypes" + } + } + } + } +}; + +export const OfficePowerBIDataConnector: coreClient.CompositeMapper = { + serializedName: "OfficePowerBI", + type: { + name: "Composite", + className: "OfficePowerBIDataConnector", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "OfficePowerBIConnectorDataTypes" + } + } + } + } +}; + export const OfficeIRMDataConnector: coreClient.CompositeMapper = { serializedName: "OfficeIRM", type: { @@ -14227,17 +14985,20 @@ export let discriminators = { AutomationRuleAction: AutomationRuleAction, EntityTimelineItem: EntityTimelineItem, EntityQueryItem: EntityQueryItem, + ThreatIntelligenceResourceKind: ThreatIntelligenceResourceKind, DataConnectorsCheckRequirements: DataConnectorsCheckRequirements, "Resource.AlertRuleTemplate": AlertRuleTemplate, "Resource.Entity": Entity, "Resource.EntityQueryTemplate": EntityQueryTemplate, - "AutomationRuleCondition.Property": AutomationRulePropertyValuesCondition, - "AutomationRuleAction.RunPlaybook": AutomationRuleRunPlaybookAction, + "AutomationRuleCondition.Property": PropertyConditionProperties, "AutomationRuleAction.ModifyProperties": AutomationRuleModifyPropertiesAction, + "AutomationRuleAction.RunPlaybook": AutomationRuleRunPlaybookAction, "EntityTimelineItem.Activity": ActivityTimelineItem, "EntityTimelineItem.Bookmark": BookmarkTimelineItem, "EntityTimelineItem.SecurityAlert": SecurityAlertTimelineItem, "EntityQueryItem.Insight": InsightQueryItem, + "ThreatIntelligenceResourceKind.indicator": ThreatIntelligenceIndicatorModel, + "ThreatIntelligenceResourceKind.ThreatIntelligenceInformation": ThreatIntelligenceInformation, "DataConnectorsCheckRequirements.AzureActiveDirectory": AADCheckRequirements, "DataConnectorsCheckRequirements.AzureAdvancedThreatProtection": AatpCheckRequirements, "DataConnectorsCheckRequirements.AzureSecurityCenter": ASCCheckRequirements, @@ -14250,9 +15011,10 @@ export let discriminators = { "DataConnectorsCheckRequirements.MicrosoftThreatProtection": MtpCheckRequirements, "DataConnectorsCheckRequirements.OfficeATP": OfficeATPCheckRequirements, "DataConnectorsCheckRequirements.OfficeIRM": OfficeIRMCheckRequirements, + "DataConnectorsCheckRequirements.Office365Project": Office365ProjectCheckRequirements, + "DataConnectorsCheckRequirements.OfficePowerBI": OfficePowerBICheckRequirements, "DataConnectorsCheckRequirements.ThreatIntelligence": TICheckRequirements, "DataConnectorsCheckRequirements.ThreatIntelligenceTaxii": TiTaxiiCheckRequirements, - "ThreatIntelligenceResourceKind.ThreatIntelligenceInformation": ThreatIntelligenceInformation, "Resource.AlertRule": AlertRule, "Resource.EntityQuery": EntityQuery, "Resource.CustomEntityQuery": CustomEntityQuery, @@ -14286,7 +15048,6 @@ export let discriminators = { "Resource.SubmissionMail": SubmissionMailEntity, "Resource.Url": UrlEntity, "Resource.Activity": ActivityCustomEntityQuery, - "ThreatIntelligenceResourceKind.indicator": ThreatIntelligenceIndicatorModel, "Resource.Expansion": ExpansionEntityQuery, "Resource.Anomalies": Anomalies, "Resource.EyesOn": EyesOn, @@ -14302,6 +15063,8 @@ export let discriminators = { "Resource.MicrosoftCloudAppSecurity": McasDataConnector, "Resource.Dynamics365": Dynamics365DataConnector, "Resource.OfficeATP": OfficeATPDataConnector, + "Resource.Office365Project": Office365ProjectDataConnector, + "Resource.OfficePowerBI": OfficePowerBIDataConnector, "Resource.OfficeIRM": OfficeIRMDataConnector, "Resource.MicrosoftDefenderAdvancedThreatProtection": MdatpDataConnector, "Resource.Office365": OfficeDataConnector, diff --git a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts index f9957be1f9cd..aa1fd9407428 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts @@ -15,13 +15,14 @@ import { AlertRule as AlertRuleMapper, ActionRequest as ActionRequestMapper, AutomationRule as AutomationRuleMapper, + ManualTriggerRequestBody as ManualTriggerRequestBodyMapper, Bookmark as BookmarkMapper, Relation as RelationMapper, BookmarkExpandParameters as BookmarkExpandParametersMapper, - CustomEntityQuery as CustomEntityQueryMapper, EntityExpandParameters as EntityExpandParametersMapper, EntityGetInsightsParameters as EntityGetInsightsParametersMapper, EntityTimelineParameters as EntityTimelineParametersMapper, + CustomEntityQuery as CustomEntityQueryMapper, Incident as IncidentMapper, TeamProperties as TeamPropertiesMapper, IncidentComment as IncidentCommentMapper, @@ -30,14 +31,14 @@ import { SentinelOnboardingState as SentinelOnboardingStateMapper, Settings as SettingsMapper, SourceControl as SourceControlMapper, + ThreatIntelligenceIndicatorModelForRequestBody as ThreatIntelligenceIndicatorModelForRequestBodyMapper, + ThreatIntelligenceFilteringCriteria as ThreatIntelligenceFilteringCriteriaMapper, + ThreatIntelligenceAppendTags as ThreatIntelligenceAppendTagsMapper, Watchlist as WatchlistMapper, WatchlistItem as WatchlistItemMapper, DataConnector as DataConnectorMapper, DataConnectorConnectBody as DataConnectorConnectBodyMapper, - DataConnectorsCheckRequirements as DataConnectorsCheckRequirementsMapper, - ThreatIntelligenceIndicatorModelForRequestBody as ThreatIntelligenceIndicatorModelForRequestBodyMapper, - ThreatIntelligenceFilteringCriteria as ThreatIntelligenceFilteringCriteriaMapper, - ThreatIntelligenceAppendTags as ThreatIntelligenceAppendTagsMapper + DataConnectorsCheckRequirements as DataConnectorsCheckRequirementsMapper } from "../models/mappers"; export const accept: OperationParameter = { @@ -67,7 +68,7 @@ export const $host: OperationURLParameter = { export const apiVersion: OperationQueryParameter = { parameterPath: "apiVersion", mapper: { - defaultValue: "2021-09-01-preview", + defaultValue: "2022-01-01-preview", isConstant: true, serializedName: "api-version", type: { @@ -198,11 +199,27 @@ export const automationRuleId: OperationURLParameter = { } }; -export const automationRule: OperationParameter = { - parameterPath: "automationRule", +export const automationRuleToUpsert: OperationParameter = { + parameterPath: ["options", "automationRuleToUpsert"], mapper: AutomationRuleMapper }; +export const requestBody: OperationParameter = { + parameterPath: ["options", "requestBody"], + mapper: ManualTriggerRequestBodyMapper +}; + +export const incidentIdentifier: OperationURLParameter = { + parameterPath: "incidentIdentifier", + mapper: { + serializedName: "incidentIdentifier", + required: true, + type: { + name: "String" + } + } +}; + export const bookmarkId: OperationURLParameter = { parameterPath: "bookmarkId", mapper: { @@ -302,7 +319,44 @@ export const domain: OperationQueryParameter = { } }; +export const entityId: OperationURLParameter = { + parameterPath: "entityId", + mapper: { + serializedName: "entityId", + required: true, + type: { + name: "String" + } + } +}; + +export const parameters1: OperationParameter = { + parameterPath: "parameters", + mapper: EntityExpandParametersMapper +}; + export const kind: OperationQueryParameter = { + parameterPath: "kind", + mapper: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } +}; + +export const parameters2: OperationParameter = { + parameterPath: "parameters", + mapper: EntityGetInsightsParametersMapper +}; + +export const parameters3: OperationParameter = { + parameterPath: "parameters", + mapper: EntityTimelineParametersMapper +}; + +export const kind1: OperationQueryParameter = { parameterPath: ["options", "kind"], mapper: { serializedName: "kind", @@ -328,26 +382,22 @@ export const entityQuery: OperationParameter = { mapper: CustomEntityQueryMapper }; -export const entityId: OperationURLParameter = { - parameterPath: "entityId", +export const kind2: OperationQueryParameter = { + parameterPath: ["options", "kind"], mapper: { - serializedName: "entityId", - required: true, + defaultValue: "Activity", + isConstant: true, + serializedName: "kind", type: { name: "String" } } }; -export const parameters1: OperationParameter = { - parameterPath: "parameters", - mapper: EntityExpandParametersMapper -}; - -export const kind1: OperationQueryParameter = { - parameterPath: "kind", +export const entityQueryTemplateId: OperationURLParameter = { + parameterPath: "entityQueryTemplateId", mapper: { - serializedName: "kind", + serializedName: "entityQueryTemplateId", required: true, type: { name: "String" @@ -355,16 +405,6 @@ export const kind1: OperationQueryParameter = { } }; -export const parameters2: OperationParameter = { - parameterPath: "parameters", - mapper: EntityGetInsightsParametersMapper -}; - -export const parameters3: OperationParameter = { - parameterPath: "parameters", - mapper: EntityTimelineParametersMapper -}; - export const incidentId: OperationURLParameter = { parameterPath: "incidentId", mapper: { @@ -433,6 +473,17 @@ export const metadataPatch: OperationParameter = { mapper: MetadataPatchMapper }; +export const consentId: OperationURLParameter = { + parameterPath: "consentId", + mapper: { + serializedName: "consentId", + required: true, + type: { + name: "String" + } + } +}; + export const sentinelOnboardingStateName: OperationURLParameter = { parameterPath: "sentinelOnboardingStateName", mapper: { @@ -492,6 +543,37 @@ export const sourceControl: OperationParameter = { mapper: SourceControlMapper }; +export const threatIntelligenceProperties: OperationParameter = { + parameterPath: "threatIntelligenceProperties", + mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper +}; + +export const name: OperationURLParameter = { + parameterPath: "name", + mapper: { + serializedName: "name", + required: true, + type: { + name: "String" + } + } +}; + +export const threatIntelligenceFilteringCriteria: OperationParameter = { + parameterPath: "threatIntelligenceFilteringCriteria", + mapper: ThreatIntelligenceFilteringCriteriaMapper +}; + +export const threatIntelligenceAppendTags: OperationParameter = { + parameterPath: "threatIntelligenceAppendTags", + mapper: ThreatIntelligenceAppendTagsMapper +}; + +export const threatIntelligenceReplaceTags: OperationParameter = { + parameterPath: "threatIntelligenceReplaceTags", + mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper +}; + export const watchlistAlias: OperationURLParameter = { parameterPath: "watchlistAlias", mapper: { @@ -549,68 +631,3 @@ export const dataConnectorsCheckRequirements: OperationParameter = { parameterPath: "dataConnectorsCheckRequirements", mapper: DataConnectorsCheckRequirementsMapper }; - -export const threatIntelligenceProperties: OperationParameter = { - parameterPath: "threatIntelligenceProperties", - mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper -}; - -export const name: OperationURLParameter = { - parameterPath: "name", - mapper: { - serializedName: "name", - required: true, - type: { - name: "String" - } - } -}; - -export const threatIntelligenceFilteringCriteria: OperationParameter = { - parameterPath: "threatIntelligenceFilteringCriteria", - mapper: ThreatIntelligenceFilteringCriteriaMapper -}; - -export const threatIntelligenceAppendTags: OperationParameter = { - parameterPath: "threatIntelligenceAppendTags", - mapper: ThreatIntelligenceAppendTagsMapper -}; - -export const threatIntelligenceReplaceTags: OperationParameter = { - parameterPath: "threatIntelligenceReplaceTags", - mapper: ThreatIntelligenceIndicatorModelForRequestBodyMapper -}; - -export const consentId: OperationURLParameter = { - parameterPath: "consentId", - mapper: { - serializedName: "consentId", - required: true, - type: { - name: "String" - } - } -}; - -export const kind2: OperationQueryParameter = { - parameterPath: ["options", "kind"], - mapper: { - defaultValue: "Activity", - isConstant: true, - serializedName: "kind", - type: { - name: "String" - } - } -}; - -export const entityQueryTemplateId: OperationURLParameter = { - parameterPath: "entityQueryTemplateId", - mapper: { - serializedName: "entityQueryTemplateId", - required: true, - type: { - name: "String" - } - } -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts index 55f54bf28e69..8085591446ce 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts @@ -16,12 +16,15 @@ import { AutomationRule, AutomationRulesListNextOptionalParams, AutomationRulesListOptionalParams, - AutomationRulesListResponse, AutomationRulesGetOptionalParams, AutomationRulesGetResponse, AutomationRulesCreateOrUpdateOptionalParams, AutomationRulesCreateOrUpdateResponse, AutomationRulesDeleteOptionalParams, + AutomationRulesDeleteResponse, + AutomationRulesListResponse, + AutomationRulesManualTriggerPlaybookOptionalParams, + AutomationRulesManualTriggerPlaybookResponse, AutomationRulesListNextResponse } from "../models"; @@ -97,23 +100,6 @@ export class AutomationRulesImpl implements AutomationRules { } } - /** - * Gets all automation rules. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: AutomationRulesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - /** * Gets the automation rule. * @param resourceGroupName The name of the resource group. The name is case insensitive. @@ -138,24 +124,16 @@ export class AutomationRulesImpl implements AutomationRules { * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID - * @param automationRule The automation rule * @param options The options parameters. */ createOrUpdate( resourceGroupName: string, workspaceName: string, automationRuleId: string, - automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams ): Promise { return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - automationRuleId, - automationRule, - options - }, + { resourceGroupName, workspaceName, automationRuleId, options }, createOrUpdateOperationSpec ); } @@ -172,13 +150,49 @@ export class AutomationRulesImpl implements AutomationRules { workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams - ): Promise { + ): Promise { return this.client.sendOperationRequest( { resourceGroupName, workspaceName, automationRuleId, options }, deleteOperationSpec ); } + /** + * Gets all automation rules. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: AutomationRulesListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * Triggers playbook on a specific incident + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentIdentifier + * @param options The options parameters. + */ + manualTriggerPlaybook( + resourceGroupName: string, + workspaceName: string, + incidentIdentifier: string, + options?: AutomationRulesManualTriggerPlaybookOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentIdentifier, options }, + manualTriggerPlaybookOperationSpec + ); + } + /** * ListNext * @param resourceGroupName The name of the resource group. The name is case insensitive. @@ -201,13 +215,13 @@ export class AutomationRulesImpl implements AutomationRules { // Operation Specifications const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); -const listOperationSpec: coreClient.OperationSpec = { +const getOperationSpec: coreClient.OperationSpec = { path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", httpMethod: "GET", responses: { 200: { - bodyMapper: Mappers.AutomationRulesList + bodyMapper: Mappers.AutomationRule }, default: { bodyMapper: Mappers.CloudError @@ -218,23 +232,28 @@ const listOperationSpec: coreClient.OperationSpec = { Parameters.$host, Parameters.subscriptionId, Parameters.resourceGroupName, - Parameters.workspaceName + Parameters.workspaceName, + Parameters.automationRuleId ], headerParameters: [Parameters.accept], serializer }; -const getOperationSpec: coreClient.OperationSpec = { +const createOrUpdateOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "GET", + httpMethod: "PUT", responses: { 200: { bodyMapper: Mappers.AutomationRule }, + 201: { + bodyMapper: Mappers.AutomationRule + }, default: { bodyMapper: Mappers.CloudError } }, + requestBody: Parameters.automationRuleToUpsert, queryParameters: [Parameters.apiVersion], urlParameters: [ Parameters.$host, @@ -243,25 +262,29 @@ const getOperationSpec: coreClient.OperationSpec = { Parameters.workspaceName, Parameters.automationRuleId ], - headerParameters: [Parameters.accept], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", serializer }; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { +const deleteOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "PUT", + httpMethod: "DELETE", responses: { 200: { - bodyMapper: Mappers.AutomationRule + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } }, - 201: { - bodyMapper: Mappers.AutomationRule + 204: { + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } }, default: { bodyMapper: Mappers.CloudError } }, - requestBody: Parameters.automationRule, queryParameters: [Parameters.apiVersion], urlParameters: [ Parameters.$host, @@ -270,17 +293,17 @@ const createOrUpdateOperationSpec: coreClient.OperationSpec = { Parameters.workspaceName, Parameters.automationRuleId ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", + headerParameters: [Parameters.accept], serializer }; -const deleteOperationSpec: coreClient.OperationSpec = { +const listOperationSpec: coreClient.OperationSpec = { path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", - httpMethod: "DELETE", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules", + httpMethod: "GET", responses: { - 200: {}, - 204: {}, + 200: { + bodyMapper: Mappers.AutomationRulesList + }, default: { bodyMapper: Mappers.CloudError } @@ -290,12 +313,38 @@ const deleteOperationSpec: coreClient.OperationSpec = { Parameters.$host, Parameters.subscriptionId, Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.automationRuleId + Parameters.workspaceName ], headerParameters: [Parameters.accept], serializer }; +const manualTriggerPlaybookOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook", + httpMethod: "POST", + responses: { + 204: { + bodyMapper: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.requestBody, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentIdentifier + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; const listNextOperationSpec: coreClient.OperationSpec = { path: "{nextLink}", httpMethod: "GET", diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts index 82199b6e0cb2..ff60c1cc995f 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts @@ -352,7 +352,7 @@ const connectOperationSpec: coreClient.OperationSpec = { responses: { 200: {}, default: { - bodyMapper: Mappers.ErrorResponse + bodyMapper: Mappers.CloudError } }, requestBody: Parameters.connectBody, @@ -375,7 +375,7 @@ const disconnectOperationSpec: coreClient.OperationSpec = { responses: { 200: {}, default: { - bodyMapper: Mappers.ErrorResponse + bodyMapper: Mappers.CloudError } }, queryParameters: [Parameters.apiVersion], diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts index c29d5caa98b8..3f01a3174daa 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts @@ -306,7 +306,7 @@ const queriesOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion, Parameters.kind1], + queryParameters: [Parameters.apiVersion, Parameters.kind], urlParameters: [ Parameters.$host, Parameters.subscriptionId, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts index 85592e81dda7..21190c27d569 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts @@ -208,7 +208,7 @@ const listOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion, Parameters.kind], + queryParameters: [Parameters.apiVersion, Parameters.kind1], urlParameters: [ Parameters.$host, Parameters.subscriptionId, @@ -302,7 +302,7 @@ const listNextOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.CloudError } }, - queryParameters: [Parameters.apiVersion, Parameters.kind], + queryParameters: [Parameters.apiVersion, Parameters.kind1], urlParameters: [ Parameters.$host, Parameters.subscriptionId, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts index 1cf716300f95..68f26bcfc90b 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts @@ -15,26 +15,26 @@ export * from "./bookmarkRelations"; export * from "./bookmarkOperations"; export * from "./iPGeodata"; export * from "./domainWhois"; -export * from "./entityQueries"; export * from "./entities"; export * from "./entitiesGetTimeline"; export * from "./entitiesRelations"; export * from "./entityRelations"; +export * from "./entityQueries"; +export * from "./entityQueryTemplates"; export * from "./incidents"; export * from "./incidentComments"; export * from "./incidentRelations"; export * from "./metadata"; +export * from "./officeConsents"; export * from "./sentinelOnboardingStates"; export * from "./productSettings"; export * from "./sourceControlOperations"; export * from "./sourceControls"; +export * from "./threatIntelligenceIndicator"; +export * from "./threatIntelligenceIndicators"; +export * from "./threatIntelligenceIndicatorMetrics"; export * from "./watchlists"; export * from "./watchlistItems"; export * from "./dataConnectors"; export * from "./dataConnectorsCheckRequirementsOperations"; -export * from "./threatIntelligenceIndicator"; -export * from "./threatIntelligenceIndicators"; -export * from "./threatIntelligenceIndicatorMetrics"; export * from "./operations"; -export * from "./officeConsents"; -export * from "./entityQueryTemplates"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts index fc1210e5c84e..9b8aee0e56ff 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts @@ -14,7 +14,10 @@ import { AutomationRulesGetResponse, AutomationRulesCreateOrUpdateOptionalParams, AutomationRulesCreateOrUpdateResponse, - AutomationRulesDeleteOptionalParams + AutomationRulesDeleteOptionalParams, + AutomationRulesDeleteResponse, + AutomationRulesManualTriggerPlaybookOptionalParams, + AutomationRulesManualTriggerPlaybookResponse } from "../models"; /// @@ -49,14 +52,12 @@ export interface AutomationRules { * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID - * @param automationRule The automation rule * @param options The options parameters. */ createOrUpdate( resourceGroupName: string, workspaceName: string, automationRuleId: string, - automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams ): Promise; /** @@ -71,5 +72,18 @@ export interface AutomationRules { workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams - ): Promise; + ): Promise; + /** + * Triggers playbook on a specific incident + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentIdentifier + * @param options The options parameters. + */ + manualTriggerPlaybook( + resourceGroupName: string, + workspaceName: string, + incidentIdentifier: string, + options?: AutomationRulesManualTriggerPlaybookOptionalParams + ): Promise; } diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts index 1cf716300f95..68f26bcfc90b 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts @@ -15,26 +15,26 @@ export * from "./bookmarkRelations"; export * from "./bookmarkOperations"; export * from "./iPGeodata"; export * from "./domainWhois"; -export * from "./entityQueries"; export * from "./entities"; export * from "./entitiesGetTimeline"; export * from "./entitiesRelations"; export * from "./entityRelations"; +export * from "./entityQueries"; +export * from "./entityQueryTemplates"; export * from "./incidents"; export * from "./incidentComments"; export * from "./incidentRelations"; export * from "./metadata"; +export * from "./officeConsents"; export * from "./sentinelOnboardingStates"; export * from "./productSettings"; export * from "./sourceControlOperations"; export * from "./sourceControls"; +export * from "./threatIntelligenceIndicator"; +export * from "./threatIntelligenceIndicators"; +export * from "./threatIntelligenceIndicatorMetrics"; export * from "./watchlists"; export * from "./watchlistItems"; export * from "./dataConnectors"; export * from "./dataConnectorsCheckRequirementsOperations"; -export * from "./threatIntelligenceIndicator"; -export * from "./threatIntelligenceIndicators"; -export * from "./threatIntelligenceIndicatorMetrics"; export * from "./operations"; -export * from "./officeConsents"; -export * from "./entityQueryTemplates"; diff --git a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts index 957dd1d33970..81ed6e14704d 100644 --- a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts +++ b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts @@ -18,29 +18,29 @@ import { BookmarkOperationsImpl, IPGeodataImpl, DomainWhoisImpl, - EntityQueriesImpl, EntitiesImpl, EntitiesGetTimelineImpl, EntitiesRelationsImpl, EntityRelationsImpl, + EntityQueriesImpl, + EntityQueryTemplatesImpl, IncidentsImpl, IncidentCommentsImpl, IncidentRelationsImpl, MetadataImpl, + OfficeConsentsImpl, SentinelOnboardingStatesImpl, ProductSettingsImpl, SourceControlOperationsImpl, SourceControlsImpl, + ThreatIntelligenceIndicatorImpl, + ThreatIntelligenceIndicatorsImpl, + ThreatIntelligenceIndicatorMetricsImpl, WatchlistsImpl, WatchlistItemsImpl, DataConnectorsImpl, DataConnectorsCheckRequirementsOperationsImpl, - ThreatIntelligenceIndicatorImpl, - ThreatIntelligenceIndicatorsImpl, - ThreatIntelligenceIndicatorMetricsImpl, - OperationsImpl, - OfficeConsentsImpl, - EntityQueryTemplatesImpl + OperationsImpl } from "./operations"; import { AlertRules, @@ -52,29 +52,29 @@ import { BookmarkOperations, IPGeodata, DomainWhois, - EntityQueries, Entities, EntitiesGetTimeline, EntitiesRelations, EntityRelations, + EntityQueries, + EntityQueryTemplates, Incidents, IncidentComments, IncidentRelations, Metadata, + OfficeConsents, SentinelOnboardingStates, ProductSettings, SourceControlOperations, SourceControls, + ThreatIntelligenceIndicator, + ThreatIntelligenceIndicators, + ThreatIntelligenceIndicatorMetrics, Watchlists, WatchlistItems, DataConnectors, DataConnectorsCheckRequirementsOperations, - ThreatIntelligenceIndicator, - ThreatIntelligenceIndicators, - ThreatIntelligenceIndicatorMetrics, - Operations, - OfficeConsents, - EntityQueryTemplates + Operations } from "./operationsInterfaces"; import { SecurityInsightsOptionalParams } from "./models"; @@ -110,7 +110,7 @@ export class SecurityInsights extends coreClient.ServiceClient { credential: credentials }; - const packageDetails = `azsdk-js-arm-securityinsight/1.0.0-beta.1`; + const packageDetails = `azsdk-js-arm-securityinsight/1.0.0-beta.2`; const userAgentPrefix = options.userAgentOptions && options.userAgentOptions.userAgentPrefix ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}` @@ -133,7 +133,7 @@ export class SecurityInsights extends coreClient.ServiceClient { // Assigning values to Constant parameters this.$host = options.$host || "https://management.azure.com"; - this.apiVersion = options.apiVersion || "2021-09-01-preview"; + this.apiVersion = options.apiVersion || "2022-01-01-preview"; this.alertRules = new AlertRulesImpl(this); this.actions = new ActionsImpl(this); this.alertRuleTemplates = new AlertRuleTemplatesImpl(this); @@ -143,25 +143,21 @@ export class SecurityInsights extends coreClient.ServiceClient { this.bookmarkOperations = new BookmarkOperationsImpl(this); this.iPGeodata = new IPGeodataImpl(this); this.domainWhois = new DomainWhoisImpl(this); - this.entityQueries = new EntityQueriesImpl(this); this.entities = new EntitiesImpl(this); this.entitiesGetTimeline = new EntitiesGetTimelineImpl(this); this.entitiesRelations = new EntitiesRelationsImpl(this); this.entityRelations = new EntityRelationsImpl(this); + this.entityQueries = new EntityQueriesImpl(this); + this.entityQueryTemplates = new EntityQueryTemplatesImpl(this); this.incidents = new IncidentsImpl(this); this.incidentComments = new IncidentCommentsImpl(this); this.incidentRelations = new IncidentRelationsImpl(this); this.metadata = new MetadataImpl(this); + this.officeConsents = new OfficeConsentsImpl(this); this.sentinelOnboardingStates = new SentinelOnboardingStatesImpl(this); this.productSettings = new ProductSettingsImpl(this); this.sourceControlOperations = new SourceControlOperationsImpl(this); this.sourceControls = new SourceControlsImpl(this); - this.watchlists = new WatchlistsImpl(this); - this.watchlistItems = new WatchlistItemsImpl(this); - this.dataConnectors = new DataConnectorsImpl(this); - this.dataConnectorsCheckRequirementsOperations = new DataConnectorsCheckRequirementsOperationsImpl( - this - ); this.threatIntelligenceIndicator = new ThreatIntelligenceIndicatorImpl( this ); @@ -171,9 +167,13 @@ export class SecurityInsights extends coreClient.ServiceClient { this.threatIntelligenceIndicatorMetrics = new ThreatIntelligenceIndicatorMetricsImpl( this ); + this.watchlists = new WatchlistsImpl(this); + this.watchlistItems = new WatchlistItemsImpl(this); + this.dataConnectors = new DataConnectorsImpl(this); + this.dataConnectorsCheckRequirementsOperations = new DataConnectorsCheckRequirementsOperationsImpl( + this + ); this.operations = new OperationsImpl(this); - this.officeConsents = new OfficeConsentsImpl(this); - this.entityQueryTemplates = new EntityQueryTemplatesImpl(this); } alertRules: AlertRules; @@ -185,27 +185,27 @@ export class SecurityInsights extends coreClient.ServiceClient { bookmarkOperations: BookmarkOperations; iPGeodata: IPGeodata; domainWhois: DomainWhois; - entityQueries: EntityQueries; entities: Entities; entitiesGetTimeline: EntitiesGetTimeline; entitiesRelations: EntitiesRelations; entityRelations: EntityRelations; + entityQueries: EntityQueries; + entityQueryTemplates: EntityQueryTemplates; incidents: Incidents; incidentComments: IncidentComments; incidentRelations: IncidentRelations; metadata: Metadata; + officeConsents: OfficeConsents; sentinelOnboardingStates: SentinelOnboardingStates; productSettings: ProductSettings; sourceControlOperations: SourceControlOperations; sourceControls: SourceControls; + threatIntelligenceIndicator: ThreatIntelligenceIndicator; + threatIntelligenceIndicators: ThreatIntelligenceIndicators; + threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; watchlists: Watchlists; watchlistItems: WatchlistItems; dataConnectors: DataConnectors; dataConnectorsCheckRequirementsOperations: DataConnectorsCheckRequirementsOperations; - threatIntelligenceIndicator: ThreatIntelligenceIndicator; - threatIntelligenceIndicators: ThreatIntelligenceIndicators; - threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; operations: Operations; - officeConsents: OfficeConsents; - entityQueryTemplates: EntityQueryTemplates; } diff --git a/sdk/securityinsight/arm-securityinsight/tsconfig.json b/sdk/securityinsight/arm-securityinsight/tsconfig.json index 6e3251194117..3e6ae96443f3 100644 --- a/sdk/securityinsight/arm-securityinsight/tsconfig.json +++ b/sdk/securityinsight/arm-securityinsight/tsconfig.json @@ -9,11 +9,19 @@ "esModuleInterop": true, "allowSyntheticDefaultImports": true, "forceConsistentCasingInFileNames": true, - "lib": ["es6", "dom"], + "lib": [ + "es6", + "dom" + ], "declaration": true, "outDir": "./dist-esm", "importHelpers": true }, - "include": ["./src/**/*.ts", "./test/**/*.ts"], - "exclude": ["node_modules"] -} + "include": [ + "./src/**/*.ts", + "./test/**/*.ts" + ], + "exclude": [ + "node_modules" + ] +} \ No newline at end of file