diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/__init__.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/__init__.py new file mode 100644 index 0000000000000..e4094981a66f6 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/__init__.py @@ -0,0 +1,19 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._configuration import SecurityInsightsConfiguration +from ._security_insights import SecurityInsights +__all__ = ['SecurityInsights', 'SecurityInsightsConfiguration'] + +from .version import VERSION + +__version__ = VERSION + diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py new file mode 100644 index 0000000000000..888e11c12ce0f --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py @@ -0,0 +1,48 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +from msrestazure import AzureConfiguration + +from .version import VERSION + + +class SecurityInsightsConfiguration(AzureConfiguration): + """Configuration for SecurityInsights + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + :param subscription_id: Azure subscription ID + :type subscription_id: str + :param str base_url: Service URL + """ + + def __init__( + self, credentials, subscription_id, base_url=None): + + if credentials is None: + raise ValueError("Parameter 'credentials' must not be None.") + if subscription_id is None: + raise ValueError("Parameter 'subscription_id' must not be None.") + if not base_url: + base_url = 'https://management.azure.com' + + super(SecurityInsightsConfiguration, self).__init__(base_url) + + # Starting Autorest.Python 4.0.64, make connection pool activated by default + self.keep_alive = True + + self.add_user_agent('azure-mgmt-securityinsight/{}'.format(VERSION)) + self.add_user_agent('Azure-SDK-For-Python') + + self.credentials = credentials + self.subscription_id = subscription_id diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py new file mode 100644 index 0000000000000..8b6183a8deb44 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py @@ -0,0 +1,84 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.service_client import SDKClient +from msrest import Serializer, Deserializer + +from ._configuration import SecurityInsightsConfiguration +from .operations import Operations +from .operations import AlertRulesOperations +from .operations import ActionsOperations +from .operations import AlertRuleTemplatesOperations +from .operations import BookmarksOperations +from .operations import DataConnectorsOperations +from .operations import IncidentsOperations +from .operations import IncidentCommentsOperations +from . import models + + +class SecurityInsights(SDKClient): + """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider + + :ivar config: Configuration for client. + :vartype config: SecurityInsightsConfiguration + + :ivar operations: Operations operations + :vartype operations: azure.mgmt.securityinsight.operations.Operations + :ivar alert_rules: AlertRules operations + :vartype alert_rules: azure.mgmt.securityinsight.operations.AlertRulesOperations + :ivar actions: Actions operations + :vartype actions: azure.mgmt.securityinsight.operations.ActionsOperations + :ivar alert_rule_templates: AlertRuleTemplates operations + :vartype alert_rule_templates: azure.mgmt.securityinsight.operations.AlertRuleTemplatesOperations + :ivar bookmarks: Bookmarks operations + :vartype bookmarks: azure.mgmt.securityinsight.operations.BookmarksOperations + :ivar data_connectors: DataConnectors operations + :vartype data_connectors: azure.mgmt.securityinsight.operations.DataConnectorsOperations + :ivar incidents: Incidents operations + :vartype incidents: azure.mgmt.securityinsight.operations.IncidentsOperations + :ivar incident_comments: IncidentComments operations + :vartype incident_comments: azure.mgmt.securityinsight.operations.IncidentCommentsOperations + + :param credentials: Credentials needed for the client to connect to Azure. + :type credentials: :mod:`A msrestazure Credentials + object` + :param subscription_id: Azure subscription ID + :type subscription_id: str + :param str base_url: Service URL + """ + + def __init__( + self, credentials, subscription_id, base_url=None): + + self.config = SecurityInsightsConfiguration(credentials, subscription_id, base_url) + super(SecurityInsights, self).__init__(self.config.credentials, self.config) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self.api_version = '2020-01-01' + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + self.operations = Operations( + self._client, self.config, self._serialize, self._deserialize) + self.alert_rules = AlertRulesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.actions = ActionsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.alert_rule_templates = AlertRuleTemplatesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.bookmarks = BookmarksOperations( + self._client, self.config, self._serialize, self._deserialize) + self.data_connectors = DataConnectorsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.incidents = IncidentsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.incident_comments = IncidentCommentsOperations( + self._client, self.config, self._serialize, self._deserialize) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py new file mode 100644 index 0000000000000..83e2d4525b5ca --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py @@ -0,0 +1,236 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +try: + from ._models_py3 import AADDataConnector + from ._models_py3 import AATPDataConnector + from ._models_py3 import ActionPropertiesBase + from ._models_py3 import ActionRequest + from ._models_py3 import ActionResponse + from ._models_py3 import AlertRule + from ._models_py3 import AlertRuleTemplate + from ._models_py3 import AlertRuleTemplateDataSource + from ._models_py3 import AlertsDataTypeOfDataConnector + from ._models_py3 import ASCDataConnector + from ._models_py3 import AwsCloudTrailDataConnector + from ._models_py3 import AwsCloudTrailDataConnectorDataTypes + from ._models_py3 import AwsCloudTrailDataConnectorDataTypesLogs + from ._models_py3 import Bookmark + from ._models_py3 import ClientInfo + from ._models_py3 import DataConnector + from ._models_py3 import DataConnectorDataTypeCommon + from ._models_py3 import DataConnectorTenantId + from ._models_py3 import DataConnectorWithAlertsProperties + from ._models_py3 import ErrorAdditionalInfo + from ._models_py3 import ErrorResponse + from ._models_py3 import FusionAlertRule + from ._models_py3 import FusionAlertRuleTemplate + from ._models_py3 import Incident + from ._models_py3 import IncidentAdditionalData + from ._models_py3 import IncidentComment + from ._models_py3 import IncidentInfo + from ._models_py3 import IncidentLabel + from ._models_py3 import IncidentOwnerInfo + from ._models_py3 import MCASDataConnector + from ._models_py3 import MCASDataConnectorDataTypes + from ._models_py3 import MDATPDataConnector + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRule + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplate + from ._models_py3 import OfficeConsent + from ._models_py3 import OfficeConsentList + from ._models_py3 import OfficeDataConnector + from ._models_py3 import OfficeDataConnectorDataTypes + from ._models_py3 import OfficeDataConnectorDataTypesExchange + from ._models_py3 import OfficeDataConnectorDataTypesSharePoint + from ._models_py3 import Operation + from ._models_py3 import OperationDisplay + from ._models_py3 import Resource + from ._models_py3 import ResourceWithEtag + from ._models_py3 import ScheduledAlertRule + from ._models_py3 import ScheduledAlertRuleCommonProperties + from ._models_py3 import ScheduledAlertRuleTemplate + from ._models_py3 import Settings + from ._models_py3 import ThreatIntelligence + from ._models_py3 import TIDataConnector + from ._models_py3 import TIDataConnectorDataTypes + from ._models_py3 import TIDataConnectorDataTypesIndicators + from ._models_py3 import ToggleSettings + from ._models_py3 import UebaSettings + from ._models_py3 import UserInfo +except (SyntaxError, ImportError): + from ._models import AADDataConnector + from ._models import AATPDataConnector + from ._models import ActionPropertiesBase + from ._models import ActionRequest + from ._models import ActionResponse + from ._models import AlertRule + from ._models import AlertRuleTemplate + from ._models import AlertRuleTemplateDataSource + from ._models import AlertsDataTypeOfDataConnector + from ._models import ASCDataConnector + from ._models import AwsCloudTrailDataConnector + from ._models import AwsCloudTrailDataConnectorDataTypes + from ._models import AwsCloudTrailDataConnectorDataTypesLogs + from ._models import Bookmark + from ._models import ClientInfo + from ._models import DataConnector + from ._models import DataConnectorDataTypeCommon + from ._models import DataConnectorTenantId + from ._models import DataConnectorWithAlertsProperties + from ._models import ErrorAdditionalInfo + from ._models import ErrorResponse + from ._models import FusionAlertRule + from ._models import FusionAlertRuleTemplate + from ._models import Incident + from ._models import IncidentAdditionalData + from ._models import IncidentComment + from ._models import IncidentInfo + from ._models import IncidentLabel + from ._models import IncidentOwnerInfo + from ._models import MCASDataConnector + from ._models import MCASDataConnectorDataTypes + from ._models import MDATPDataConnector + from ._models import MicrosoftSecurityIncidentCreationAlertRule + from ._models import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties + from ._models import MicrosoftSecurityIncidentCreationAlertRuleTemplate + from ._models import OfficeConsent + from ._models import OfficeConsentList + from ._models import OfficeDataConnector + from ._models import OfficeDataConnectorDataTypes + from ._models import OfficeDataConnectorDataTypesExchange + from ._models import OfficeDataConnectorDataTypesSharePoint + from ._models import Operation + from ._models import OperationDisplay + from ._models import Resource + from ._models import ResourceWithEtag + from ._models import ScheduledAlertRule + from ._models import ScheduledAlertRuleCommonProperties + from ._models import ScheduledAlertRuleTemplate + from ._models import Settings + from ._models import ThreatIntelligence + from ._models import TIDataConnector + from ._models import TIDataConnectorDataTypes + from ._models import TIDataConnectorDataTypesIndicators + from ._models import ToggleSettings + from ._models import UebaSettings + from ._models import UserInfo +from ._paged_models import ActionResponsePaged +from ._paged_models import AlertRulePaged +from ._paged_models import AlertRuleTemplatePaged +from ._paged_models import BookmarkPaged +from ._paged_models import DataConnectorPaged +from ._paged_models import IncidentCommentPaged +from ._paged_models import IncidentPaged +from ._paged_models import OperationPaged +from ._security_insights_enums import ( + DataTypeState, + AlertRuleKind, + TemplateStatus, + TriggerOperator, + AlertSeverity, + MicrosoftSecurityProductName, + AttackTactic, + CaseSeverity, + DataConnectorKind, + IncidentClassification, + IncidentClassificationReason, + IncidentLabelType, + IncidentSeverity, + IncidentStatus, + SettingKind, + LicenseStatus, + StatusInMcas, +) + +__all__ = [ + 'AADDataConnector', + 'AATPDataConnector', + 'ActionPropertiesBase', + 'ActionRequest', + 'ActionResponse', + 'AlertRule', + 'AlertRuleTemplate', + 'AlertRuleTemplateDataSource', + 'AlertsDataTypeOfDataConnector', + 'ASCDataConnector', + 'AwsCloudTrailDataConnector', + 'AwsCloudTrailDataConnectorDataTypes', + 'AwsCloudTrailDataConnectorDataTypesLogs', + 'Bookmark', + 'ClientInfo', + 'DataConnector', + 'DataConnectorDataTypeCommon', + 'DataConnectorTenantId', + 'DataConnectorWithAlertsProperties', + 'ErrorAdditionalInfo', + 'ErrorResponse', + 'FusionAlertRule', + 'FusionAlertRuleTemplate', + 'Incident', + 'IncidentAdditionalData', + 'IncidentComment', + 'IncidentInfo', + 'IncidentLabel', + 'IncidentOwnerInfo', + 'MCASDataConnector', + 'MCASDataConnectorDataTypes', + 'MDATPDataConnector', + 'MicrosoftSecurityIncidentCreationAlertRule', + 'MicrosoftSecurityIncidentCreationAlertRuleCommonProperties', + 'MicrosoftSecurityIncidentCreationAlertRuleTemplate', + 'OfficeConsent', + 'OfficeConsentList', + 'OfficeDataConnector', + 'OfficeDataConnectorDataTypes', + 'OfficeDataConnectorDataTypesExchange', + 'OfficeDataConnectorDataTypesSharePoint', + 'Operation', + 'OperationDisplay', + 'Resource', + 'ResourceWithEtag', + 'ScheduledAlertRule', + 'ScheduledAlertRuleCommonProperties', + 'ScheduledAlertRuleTemplate', + 'Settings', + 'ThreatIntelligence', + 'TIDataConnector', + 'TIDataConnectorDataTypes', + 'TIDataConnectorDataTypesIndicators', + 'ToggleSettings', + 'UebaSettings', + 'UserInfo', + 'OperationPaged', + 'AlertRulePaged', + 'ActionResponsePaged', + 'AlertRuleTemplatePaged', + 'BookmarkPaged', + 'DataConnectorPaged', + 'IncidentPaged', + 'IncidentCommentPaged', + 'DataTypeState', + 'AlertRuleKind', + 'TemplateStatus', + 'TriggerOperator', + 'AlertSeverity', + 'MicrosoftSecurityProductName', + 'AttackTactic', + 'CaseSeverity', + 'DataConnectorKind', + 'IncidentClassification', + 'IncidentClassificationReason', + 'IncidentLabelType', + 'IncidentSeverity', + 'IncidentStatus', + 'SettingKind', + 'LicenseStatus', + 'StatusInMcas', +] diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models.py new file mode 100644 index 0000000000000..e3668718ff3f7 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models.py @@ -0,0 +1,2487 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model +from msrest.exceptions import HttpOperationError + + +class ResourceWithEtag(Model): + """An azure resource object with an Etag property. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ResourceWithEtag, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + self.etag = kwargs.get('etag', None) + + +class DataConnector(ResourceWithEtag): + """Data connector. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AADDataConnector, AATPDataConnector, ASCDataConnector, + AwsCloudTrailDataConnector, MCASDataConnector, MDATPDataConnector, + OfficeDataConnector, TIDataConnector + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'AzureActiveDirectory': 'AADDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector'} + } + + def __init__(self, **kwargs): + super(DataConnector, self).__init__(**kwargs) + self.kind = None + self.kind = 'DataConnector' + + +class AADDataConnector(DataConnector): + """Represents AAD (Azure Active Directory) data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, **kwargs): + super(AADDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + self.kind = 'AzureActiveDirectory' + + +class AATPDataConnector(DataConnector): + """Represents AATP (Azure Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, **kwargs): + super(AATPDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + self.kind = 'AzureAdvancedThreatProtection' + + +class ActionPropertiesBase(Model): + """Action property bag base. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, + /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + :type logic_app_resource_id: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ActionPropertiesBase, self).__init__(**kwargs) + self.logic_app_resource_id = kwargs.get('logic_app_resource_id', None) + + +class ActionRequest(ResourceWithEtag): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param logic_app_resource_id: Required. Logic App Resource Id, + /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'trigger_uri': {'key': 'properties.triggerUri', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ActionRequest, self).__init__(**kwargs) + self.logic_app_resource_id = kwargs.get('logic_app_resource_id', None) + self.trigger_uri = kwargs.get('trigger_uri', None) + + +class Resource(Model): + """An azure resource object. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(Resource, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + + +class ActionResponse(Resource): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the action. + :type etag: str + :param logic_app_resource_id: Required. Logic App Resource Id, + /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + :type logic_app_resource_id: str + :param workflow_id: The name of the logic app's workflow. + :type workflow_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'workflow_id': {'key': 'properties.workflowId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ActionResponse, self).__init__(**kwargs) + self.etag = kwargs.get('etag', None) + self.logic_app_resource_id = kwargs.get('logic_app_resource_id', None) + self.workflow_id = kwargs.get('workflow_id', None) + + +class AlertRule(ResourceWithEtag): + """Alert rule. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: FusionAlertRule, + MicrosoftSecurityIncidentCreationAlertRule, ScheduledAlertRule + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'Fusion': 'FusionAlertRule', 'MicrosoftSecurityIncidentCreation': 'MicrosoftSecurityIncidentCreationAlertRule', 'Scheduled': 'ScheduledAlertRule'} + } + + def __init__(self, **kwargs): + super(AlertRule, self).__init__(**kwargs) + self.kind = None + self.kind = 'AlertRule' + + +class AlertRuleTemplate(Resource): + """Alert rule template. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: FusionAlertRuleTemplate, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ScheduledAlertRuleTemplate + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'Fusion': 'FusionAlertRuleTemplate', 'MicrosoftSecurityIncidentCreation': 'MicrosoftSecurityIncidentCreationAlertRuleTemplate', 'Scheduled': 'ScheduledAlertRuleTemplate'} + } + + def __init__(self, **kwargs): + super(AlertRuleTemplate, self).__init__(**kwargs) + self.kind = None + self.kind = 'AlertRuleTemplate' + + +class AlertRuleTemplateDataSource(Model): + """alert rule template data sources. + + :param connector_id: The connector id that provides the following data + types + :type connector_id: str + :param data_types: The data types used by the alert rule template + :type data_types: list[str] + """ + + _attribute_map = { + 'connector_id': {'key': 'connectorId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(AlertRuleTemplateDataSource, self).__init__(**kwargs) + self.connector_id = kwargs.get('connector_id', None) + self.data_types = kwargs.get('data_types', None) + + +class AlertsDataTypeOfDataConnector(Model): + """Alerts data type for data connectors. + + :param alerts: Alerts data type connection. + :type alerts: + ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__(self, **kwargs): + super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) + self.alerts = kwargs.get('alerts', None) + + +class ASCDataConnector(DataConnector): + """Represents ASC (Azure Security Center) data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :param subscription_id: The subscription id to connect to, and get the + data from. + :type subscription_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ASCDataConnector, self).__init__(**kwargs) + self.data_types = kwargs.get('data_types', None) + self.subscription_id = kwargs.get('subscription_id', None) + self.kind = 'AzureSecurityCenter' + + +class AwsCloudTrailDataConnector(DataConnector): + """Represents Amazon Web Services CloudTrail data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) + that is used to access the Aws account. + :type aws_role_arn: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AwsCloudTrailDataConnectorDataTypes'}, + } + + def __init__(self, **kwargs): + super(AwsCloudTrailDataConnector, self).__init__(**kwargs) + self.aws_role_arn = kwargs.get('aws_role_arn', None) + self.data_types = kwargs.get('data_types', None) + self.kind = 'AmazonWebServicesCloudTrail' + + +class AwsCloudTrailDataConnectorDataTypes(Model): + """The available data types for Amazon Web Services CloudTrail data connector. + + :param logs: Logs data type. + :type logs: + ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs + """ + + _attribute_map = { + 'logs': {'key': 'logs', 'type': 'AwsCloudTrailDataConnectorDataTypesLogs'}, + } + + def __init__(self, **kwargs): + super(AwsCloudTrailDataConnectorDataTypes, self).__init__(**kwargs) + self.logs = kwargs.get('logs', None) + + +class DataConnectorDataTypeCommon(Model): + """Common field for data type in data connectors. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DataConnectorDataTypeCommon, self).__init__(**kwargs) + self.state = kwargs.get('state', None) + + +class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AwsCloudTrailDataConnectorDataTypesLogs, self).__init__(**kwargs) + + +class Bookmark(ResourceWithEtag): + """Represents a bookmark in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param created: The time the bookmark was created + :type created: datetime + :param created_by: Describes a user that created the bookmark + :type created_by: ~azure.mgmt.securityinsight.models.UserInfo + :param display_name: Required. The display name of the bookmark + :type display_name: str + :param labels: List of labels relevant to this bookmark + :type labels: list[str] + :param notes: The notes of the bookmark + :type notes: str + :param query: Required. The query of the bookmark. + :type query: str + :param query_result: The query result of the bookmark. + :type query_result: str + :param updated: The last time the bookmark was updated + :type updated: datetime + :param updated_by: Describes a user that updated the bookmark + :type updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :param incident_info: Describes an incident that relates to bookmark + :type incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'display_name': {'required': True}, + 'query': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'created': {'key': 'properties.created', 'type': 'iso-8601'}, + 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'labels': {'key': 'properties.labels', 'type': '[str]'}, + 'notes': {'key': 'properties.notes', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, + 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, + 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, + 'incident_info': {'key': 'properties.incidentInfo', 'type': 'IncidentInfo'}, + } + + def __init__(self, **kwargs): + super(Bookmark, self).__init__(**kwargs) + self.created = kwargs.get('created', None) + self.created_by = kwargs.get('created_by', None) + self.display_name = kwargs.get('display_name', None) + self.labels = kwargs.get('labels', None) + self.notes = kwargs.get('notes', None) + self.query = kwargs.get('query', None) + self.query_result = kwargs.get('query_result', None) + self.updated = kwargs.get('updated', None) + self.updated_by = kwargs.get('updated_by', None) + self.incident_info = kwargs.get('incident_info', None) + + +class ClientInfo(Model): + """Information on the client (user or application) that made some action. + + :param email: The email of the client. + :type email: str + :param name: The name of the client. + :type name: str + :param object_id: The object id of the client. + :type object_id: str + :param user_principal_name: The user principal name of the client. + :type user_principal_name: str + """ + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ClientInfo, self).__init__(**kwargs) + self.email = kwargs.get('email', None) + self.name = kwargs.get('name', None) + self.object_id = kwargs.get('object_id', None) + self.user_principal_name = kwargs.get('user_principal_name', None) + + +class CloudError(Model): + """An error response for a resource management request. + + :param error: The error object of the CloudError response + :type error: ~azure.mgmt.securityinsight.models.ErrorResponse + """ + + _attribute_map = { + 'error': {'key': 'error', 'type': 'ErrorResponse'}, + } + + def __init__(self, **kwargs): + super(CloudError, self).__init__(**kwargs) + self.error = kwargs.get('error', None) + + +class CloudErrorException(HttpOperationError): + """Server responsed with exception of type: 'CloudError'. + + :param deserialize: A deserializer + :param response: Server response to be deserialized. + """ + + def __init__(self, deserialize, response, *args): + + super(CloudErrorException, self).__init__(deserialize, response, 'CloudError', *args) + + +class DataConnectorTenantId(Model): + """Properties data connector on tenant level. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DataConnectorTenantId, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + + +class DataConnectorWithAlertsProperties(Model): + """Data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, **kwargs): + super(DataConnectorWithAlertsProperties, self).__init__(**kwargs) + self.data_types = kwargs.get('data_types', None) + + +class ErrorAdditionalInfo(Model): + """The resource management error additional info. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar type: The additional info type. + :vartype type: str + :ivar info: The additional info. + :vartype info: object + """ + + _validation = { + 'type': {'readonly': True}, + 'info': {'readonly': True}, + } + + _attribute_map = { + 'type': {'key': 'type', 'type': 'str'}, + 'info': {'key': 'info', 'type': 'object'}, + } + + def __init__(self, **kwargs): + super(ErrorAdditionalInfo, self).__init__(**kwargs) + self.type = None + self.info = None + + +class ErrorResponse(Model): + """Error Response. + + Common error response for all Azure Resource Manager APIs to return error + details for failed operations. (This also follows the OData error response + format.). + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar target: The error target. + :vartype target: str + :ivar details: The error details. + :vartype details: list[~azure.mgmt.securityinsight.models.ErrorResponse] + :ivar additional_info: The error additional info. + :vartype additional_info: + list[~azure.mgmt.securityinsight.models.ErrorAdditionalInfo] + """ + + _validation = { + 'code': {'readonly': True}, + 'message': {'readonly': True}, + 'target': {'readonly': True}, + 'details': {'readonly': True}, + 'additional_info': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + 'target': {'key': 'target', 'type': 'str'}, + 'details': {'key': 'details', 'type': '[ErrorResponse]'}, + 'additional_info': {'key': 'additionalInfo', 'type': '[ErrorAdditionalInfo]'}, + } + + def __init__(self, **kwargs): + super(ErrorResponse, self).__init__(**kwargs) + self.code = None + self.message = None + self.target = None + self.details = None + self.additional_info = None + + +class FusionAlertRule(AlertRule): + """Represents Fusion alert rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param alert_rule_template_name: Required. The Name of the alert rule + template used to create this rule. + :type alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert + rule. + :vartype display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or + disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: datetime + :ivar severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule + :vartype tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'alert_rule_template_name': {'required': True}, + 'description': {'readonly': True}, + 'display_name': {'readonly': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + 'severity': {'readonly': True}, + 'tactics': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(FusionAlertRule, self).__init__(**kwargs) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = None + self.display_name = None + self.enabled = kwargs.get('enabled', None) + self.last_modified_utc = None + self.severity = None + self.tactics = None + self.kind = 'Fusion' + + +class FusionAlertRuleTemplate(AlertRuleTemplate): + """Represents Fusion alert rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param kind: Required. Constant filled by server. + :type kind: str + :param alert_rules_created_by_template_count: the number of alert rules + that were created by this template + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been + added. + :vartype created_date_utc: datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: + 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(FusionAlertRuleTemplate, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.created_date_utc = None + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.status = kwargs.get('status', None) + self.severity = kwargs.get('severity', None) + self.tactics = kwargs.get('tactics', None) + self.kind = 'Fusion' + + +class Incident(ResourceWithEtag): + """Represents an incident in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :ivar additional_data: Additional data on the incident + :vartype additional_data: + ~azure.mgmt.securityinsight.models.IncidentAdditionalData + :param classification: The reason the incident was closed. Possible values + include: 'Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive' + :type classification: str or + ~azure.mgmt.securityinsight.models.IncidentClassification + :param classification_comment: Describes the reason the incident was + closed + :type classification_comment: str + :param classification_reason: The classification reason the incident was + closed with. Possible values include: 'SuspiciousActivity', + 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData' + :type classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :ivar created_time_utc: The time the incident was created + :vartype created_time_utc: datetime + :param description: The description of the incident + :type description: str + :param first_activity_time_utc: The time of the first activity in the + incident + :type first_activity_time_utc: datetime + :ivar incident_url: The deep-link url to the incident in Azure portal + :vartype incident_url: str + :ivar incident_number: A sequential number + :vartype incident_number: int + :param labels: List of labels relevant to this incident + :type labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :param last_activity_time_utc: The time of the last activity in the + incident + :type last_activity_time_utc: datetime + :ivar last_modified_time_utc: The last time the incident was updated + :vartype last_modified_time_utc: datetime + :param owner: Describes a user that the incident is assigned to + :type owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :ivar related_analytic_rule_ids: List of resource ids of Analytic rules + related to the incident + :vartype related_analytic_rule_ids: list[str] + :param severity: Required. The severity of the incident. Possible values + include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :param status: Required. The status of the incident. Possible values + include: 'New', 'Active', 'Closed' + :type status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :param title: Required. The title of the incident + :type title: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'created_time_utc': {'readonly': True}, + 'incident_url': {'readonly': True}, + 'incident_number': {'readonly': True}, + 'last_modified_time_utc': {'readonly': True}, + 'related_analytic_rule_ids': {'readonly': True}, + 'severity': {'required': True}, + 'status': {'required': True}, + 'title': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': 'IncidentAdditionalData'}, + 'classification': {'key': 'properties.classification', 'type': 'str'}, + 'classification_comment': {'key': 'properties.classificationComment', 'type': 'str'}, + 'classification_reason': {'key': 'properties.classificationReason', 'type': 'str'}, + 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'first_activity_time_utc': {'key': 'properties.firstActivityTimeUtc', 'type': 'iso-8601'}, + 'incident_url': {'key': 'properties.incidentUrl', 'type': 'str'}, + 'incident_number': {'key': 'properties.incidentNumber', 'type': 'int'}, + 'labels': {'key': 'properties.labels', 'type': '[IncidentLabel]'}, + 'last_activity_time_utc': {'key': 'properties.lastActivityTimeUtc', 'type': 'iso-8601'}, + 'last_modified_time_utc': {'key': 'properties.lastModifiedTimeUtc', 'type': 'iso-8601'}, + 'owner': {'key': 'properties.owner', 'type': 'IncidentOwnerInfo'}, + 'related_analytic_rule_ids': {'key': 'properties.relatedAnalyticRuleIds', 'type': '[str]'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'title': {'key': 'properties.title', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(Incident, self).__init__(**kwargs) + self.additional_data = None + self.classification = kwargs.get('classification', None) + self.classification_comment = kwargs.get('classification_comment', None) + self.classification_reason = kwargs.get('classification_reason', None) + self.created_time_utc = None + self.description = kwargs.get('description', None) + self.first_activity_time_utc = kwargs.get('first_activity_time_utc', None) + self.incident_url = None + self.incident_number = None + self.labels = kwargs.get('labels', None) + self.last_activity_time_utc = kwargs.get('last_activity_time_utc', None) + self.last_modified_time_utc = None + self.owner = kwargs.get('owner', None) + self.related_analytic_rule_ids = None + self.severity = kwargs.get('severity', None) + self.status = kwargs.get('status', None) + self.title = kwargs.get('title', None) + + +class IncidentAdditionalData(Model): + """Incident additional data property bag. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar alerts_count: The number of alerts in the incident + :vartype alerts_count: int + :ivar bookmarks_count: The number of bookmarks in the incident + :vartype bookmarks_count: int + :ivar comments_count: The number of comments in the incident + :vartype comments_count: int + :ivar alert_product_names: List of product names of alerts in the incident + :vartype alert_product_names: list[str] + :ivar tactics: The tactics associated with incident + :vartype tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'alerts_count': {'readonly': True}, + 'bookmarks_count': {'readonly': True}, + 'comments_count': {'readonly': True}, + 'alert_product_names': {'readonly': True}, + 'tactics': {'readonly': True}, + } + + _attribute_map = { + 'alerts_count': {'key': 'alertsCount', 'type': 'int'}, + 'bookmarks_count': {'key': 'bookmarksCount', 'type': 'int'}, + 'comments_count': {'key': 'commentsCount', 'type': 'int'}, + 'alert_product_names': {'key': 'alertProductNames', 'type': '[str]'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(IncidentAdditionalData, self).__init__(**kwargs) + self.alerts_count = None + self.bookmarks_count = None + self.comments_count = None + self.alert_product_names = None + self.tactics = None + + +class IncidentComment(Resource): + """Represents an incident comment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :ivar created_time_utc: The time the comment was created + :vartype created_time_utc: datetime + :param message: Required. The comment message + :type message: str + :ivar author: Describes the client that created the comment + :vartype author: ~azure.mgmt.securityinsight.models.ClientInfo + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'created_time_utc': {'readonly': True}, + 'message': {'required': True}, + 'author': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'message': {'key': 'properties.message', 'type': 'str'}, + 'author': {'key': 'properties.author', 'type': 'ClientInfo'}, + } + + def __init__(self, **kwargs): + super(IncidentComment, self).__init__(**kwargs) + self.created_time_utc = None + self.message = kwargs.get('message', None) + self.author = None + + +class IncidentInfo(Model): + """Describes related incident information for the bookmark. + + All required parameters must be populated in order to send to Azure. + + :param incident_id: Required. Incident Id + :type incident_id: str + :param severity: Required. The severity of the incident. Possible values + include: 'Critical', 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.CaseSeverity + :param title: Required. The title of the incident + :type title: str + :param relation_name: Required. Relation Name + :type relation_name: str + """ + + _validation = { + 'incident_id': {'required': True}, + 'severity': {'required': True}, + 'title': {'required': True}, + 'relation_name': {'required': True}, + } + + _attribute_map = { + 'incident_id': {'key': 'incidentId', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'title': {'key': 'title', 'type': 'str'}, + 'relation_name': {'key': 'relationName', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(IncidentInfo, self).__init__(**kwargs) + self.incident_id = kwargs.get('incident_id', None) + self.severity = kwargs.get('severity', None) + self.title = kwargs.get('title', None) + self.relation_name = kwargs.get('relation_name', None) + + +class IncidentLabel(Model): + """Represents an incident label. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param label_name: Required. The name of the label + :type label_name: str + :ivar label_type: The type of the label. Possible values include: 'User', + 'System' + :vartype label_type: str or + ~azure.mgmt.securityinsight.models.IncidentLabelType + """ + + _validation = { + 'label_name': {'required': True}, + 'label_type': {'readonly': True}, + } + + _attribute_map = { + 'label_name': {'key': 'labelName', 'type': 'str'}, + 'label_type': {'key': 'labelType', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(IncidentLabel, self).__init__(**kwargs) + self.label_name = kwargs.get('label_name', None) + self.label_type = None + + +class IncidentOwnerInfo(Model): + """Information on the user an incident is assigned to. + + :param email: The email of the user the incident is assigned to. + :type email: str + :param assigned_to: The name of the user the incident is assigned to. + :type assigned_to: str + :param object_id: The object id of the user the incident is assigned to. + :type object_id: str + :param user_principal_name: The user principal name of the user the + incident is assigned to. + :type user_principal_name: str + """ + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'assigned_to': {'key': 'assignedTo', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(IncidentOwnerInfo, self).__init__(**kwargs) + self.email = kwargs.get('email', None) + self.assigned_to = kwargs.get('assigned_to', None) + self.object_id = kwargs.get('object_id', None) + self.user_principal_name = kwargs.get('user_principal_name', None) + + +class MCASDataConnector(DataConnector): + """Represents MCAS (Microsoft Cloud App Security) data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'MCASDataConnectorDataTypes'}, + } + + def __init__(self, **kwargs): + super(MCASDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + self.kind = 'MicrosoftCloudAppSecurity' + + +class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data + connector. + + :param alerts: Alerts data type connection. + :type alerts: + ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :param discovery_logs: Discovery log data type connection. + :type discovery_logs: + ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, + 'discovery_logs': {'key': 'discoveryLogs', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__(self, **kwargs): + super(MCASDataConnectorDataTypes, self).__init__(**kwargs) + self.discovery_logs = kwargs.get('discovery_logs', None) + + +class MDATPDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data + connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, **kwargs): + super(MDATPDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + self.kind = 'MicrosoftDefenderAdvancedThreatProtection' + + +class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): + """Represents MicrosoftSecurityIncidentCreation rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param display_names_filter: the alerts' displayNames on which the cases + will be generated + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the + cases will not be generated + :type display_names_exclude_filter: list[str] + :param product_filter: Required. The alerts' productName on which the + cases will be generated. Possible values include: 'Microsoft Cloud App + Security', 'Azure Security Center', 'Azure Advanced Threat Protection', + 'Azure Active Directory Identity Protection', 'Azure Security Center for + IoT' + :type product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will + be generated + :type severities_filter: list[str or + ~azure.mgmt.securityinsight.models.AlertSeverity] + :param alert_rule_template_name: The Name of the alert rule template used + to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this + alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or + disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'product_filter': {'required': True}, + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'properties.displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + } + + def __init__(self, **kwargs): + super(MicrosoftSecurityIncidentCreationAlertRule, self).__init__(**kwargs) + self.display_names_filter = kwargs.get('display_names_filter', None) + self.display_names_exclude_filter = kwargs.get('display_names_exclude_filter', None) + self.product_filter = kwargs.get('product_filter', None) + self.severities_filter = kwargs.get('severities_filter', None) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.enabled = kwargs.get('enabled', None) + self.last_modified_utc = None + self.kind = 'MicrosoftSecurityIncidentCreation' + + +class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(Model): + """MicrosoftSecurityIncidentCreation rule common property bag. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases + will be generated + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the + cases will not be generated + :type display_names_exclude_filter: list[str] + :param product_filter: Required. The alerts' productName on which the + cases will be generated. Possible values include: 'Microsoft Cloud App + Security', 'Azure Security Center', 'Azure Advanced Threat Protection', + 'Azure Active Directory Identity Protection', 'Azure Security Center for + IoT' + :type product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will + be generated + :type severities_filter: list[str or + ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + 'product_filter': {'required': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties, self).__init__(**kwargs) + self.display_names_filter = kwargs.get('display_names_filter', None) + self.display_names_exclude_filter = kwargs.get('display_names_exclude_filter', None) + self.product_filter = kwargs.get('product_filter', None) + self.severities_filter = kwargs.get('severities_filter', None) + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplate(AlertRuleTemplate): + """Represents MicrosoftSecurityIncidentCreation rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param kind: Required. Constant filled by server. + :type kind: str + :param alert_rules_created_by_template_count: the number of alert rules + that were created by this template + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been + added. + :vartype created_date_utc: datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: + 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param display_names_filter: the alerts' displayNames on which the cases + will be generated + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the + cases will not be generated + :type display_names_exclude_filter: list[str] + :param product_filter: Required. The alerts' productName on which the + cases will be generated. Possible values include: 'Microsoft Cloud App + Security', 'Azure Security Center', 'Azure Advanced Threat Protection', + 'Azure Active Directory Identity Protection', 'Azure Security Center for + IoT' + :type product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will + be generated + :type severities_filter: list[str or + ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + 'product_filter': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'properties.displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(MicrosoftSecurityIncidentCreationAlertRuleTemplate, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.created_date_utc = None + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.status = kwargs.get('status', None) + self.display_names_filter = kwargs.get('display_names_filter', None) + self.display_names_exclude_filter = kwargs.get('display_names_exclude_filter', None) + self.product_filter = kwargs.get('product_filter', None) + self.severities_filter = kwargs.get('severities_filter', None) + self.kind = 'MicrosoftSecurityIncidentCreation' + + +class OfficeConsent(Resource): + """Consent for Office365 tenant that already made. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param tenant_id: The tenantId of the Office365 with the consent. + :type tenant_id: str + :ivar tenant_name: The tenant name of the Office365 with the consent. + :vartype tenant_name: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'tenant_name': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'tenant_name': {'key': 'properties.tenantName', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(OfficeConsent, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.tenant_name = None + + +class OfficeConsentList(Model): + """List of all the office365 consents. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of office consents. + :vartype next_link: str + :param value: Required. Array of the consents. + :type value: list[~azure.mgmt.securityinsight.models.OfficeConsent] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[OfficeConsent]'}, + } + + def __init__(self, **kwargs): + super(OfficeConsentList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs.get('value', None) + + +class OfficeDataConnector(DataConnector): + """Represents office data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, + } + + def __init__(self, **kwargs): + super(OfficeDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + self.kind = 'Office365' + + +class OfficeDataConnectorDataTypes(Model): + """The available data types for office data connector. + + :param exchange: Exchange data type connection. + :type exchange: + ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :param share_point: SharePoint data type connection. + :type share_point: + ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + """ + + _attribute_map = { + 'exchange': {'key': 'exchange', 'type': 'OfficeDataConnectorDataTypesExchange'}, + 'share_point': {'key': 'sharePoint', 'type': 'OfficeDataConnectorDataTypesSharePoint'}, + } + + def __init__(self, **kwargs): + super(OfficeDataConnectorDataTypes, self).__init__(**kwargs) + self.exchange = kwargs.get('exchange', None) + self.share_point = kwargs.get('share_point', None) + + +class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): + """Exchange data type connection. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(OfficeDataConnectorDataTypesExchange, self).__init__(**kwargs) + + +class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): + """SharePoint data type connection. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(OfficeDataConnectorDataTypesSharePoint, self).__init__(**kwargs) + + +class Operation(Model): + """Operation provided by provider. + + :param display: Properties of the operation + :type display: ~azure.mgmt.securityinsight.models.OperationDisplay + :param name: Name of the operation + :type name: str + """ + + _attribute_map = { + 'display': {'key': 'display', 'type': 'OperationDisplay'}, + 'name': {'key': 'name', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(Operation, self).__init__(**kwargs) + self.display = kwargs.get('display', None) + self.name = kwargs.get('name', None) + + +class OperationDisplay(Model): + """Properties of the operation. + + :param description: Description of the operation + :type description: str + :param operation: Operation name + :type operation: str + :param provider: Provider name + :type provider: str + :param resource: Resource name + :type resource: str + """ + + _attribute_map = { + 'description': {'key': 'description', 'type': 'str'}, + 'operation': {'key': 'operation', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'resource': {'key': 'resource', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(OperationDisplay, self).__init__(**kwargs) + self.description = kwargs.get('description', None) + self.operation = kwargs.get('operation', None) + self.provider = kwargs.get('provider', None) + self.resource = kwargs.get('resource', None) + + +class ScheduledAlertRule(AlertRule): + """Represents scheduled alert rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for + this alert rule to run. + :type query_frequency: timedelta + :param query_period: The period (in ISO 8601 duration format) that this + alert rule looks at. + :type query_period: timedelta + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers + alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', + 'NotEqual' + :type trigger_operator: str or + ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param alert_rule_template_name: The Name of the alert rule template used + to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this + alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or + disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been + modified. + :vartype last_modified_utc: datetime + :param suppression_duration: Required. The suppression (in ISO 8601 + duration format) to wait since last time this alert rule been triggered. + :type suppression_duration: timedelta + :param suppression_enabled: Required. Determines whether the suppression + for this alert rule is enabled or disabled. + :type suppression_enabled: bool + :param tactics: The tactics of the alert rule + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + 'suppression_duration': {'required': True}, + 'suppression_enabled': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'TriggerOperator'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'suppression_duration': {'key': 'properties.suppressionDuration', 'type': 'duration'}, + 'suppression_enabled': {'key': 'properties.suppressionEnabled', 'type': 'bool'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(ScheduledAlertRule, self).__init__(**kwargs) + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.severity = kwargs.get('severity', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.enabled = kwargs.get('enabled', None) + self.last_modified_utc = None + self.suppression_duration = kwargs.get('suppression_duration', None) + self.suppression_enabled = kwargs.get('suppression_enabled', None) + self.tactics = kwargs.get('tactics', None) + self.kind = 'Scheduled' + + +class ScheduledAlertRuleCommonProperties(Model): + """Schedule alert rule template property bag. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for + this alert rule to run. + :type query_frequency: timedelta + :param query_period: The period (in ISO 8601 duration format) that this + alert rule looks at. + :type query_period: timedelta + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers + alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', + 'NotEqual' + :type trigger_operator: str or + ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + """ + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'TriggerOperator'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(ScheduledAlertRuleCommonProperties, self).__init__(**kwargs) + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.severity = kwargs.get('severity', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) + + +class ScheduledAlertRuleTemplate(AlertRuleTemplate): + """Represents scheduled alert rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param kind: Required. Constant filled by server. + :type kind: str + :param alert_rules_created_by_template_count: the number of alert rules + that were created by this template + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been + added. + :vartype created_date_utc: datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: + 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for + this alert rule to run. + :type query_frequency: timedelta + :param query_period: The period (in ISO 8601 duration format) that this + alert rule looks at. + :type query_period: timedelta + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers + alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', + 'NotEqual' + :type trigger_operator: str or + ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'TriggerOperator'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(ScheduledAlertRuleTemplate, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.created_date_utc = None + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.status = kwargs.get('status', None) + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.severity = kwargs.get('severity', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) + self.tactics = kwargs.get('tactics', None) + self.kind = 'Scheduled' + + +class Settings(ResourceWithEtag): + """The Settings. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ToggleSettings, UebaSettings + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'ToggleSettings': 'ToggleSettings', 'UebaSettings': 'UebaSettings'} + } + + def __init__(self, **kwargs): + super(Settings, self).__init__(**kwargs) + self.kind = None + self.kind = 'Settings' + + +class ThreatIntelligence(Model): + """ThreatIntelligence property bag. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar confidence: Confidence (must be between 0 and 1) + :vartype confidence: float + :ivar provider_name: Name of the provider from whom this Threat + Intelligence information was received + :vartype provider_name: str + :ivar report_link: Report link + :vartype report_link: str + :ivar threat_description: Threat description (free text) + :vartype threat_description: str + :ivar threat_name: Threat name (e.g. "Jedobot malware") + :vartype threat_name: str + :ivar threat_type: Threat type (e.g. "Botnet") + :vartype threat_type: str + """ + + _validation = { + 'confidence': {'readonly': True}, + 'provider_name': {'readonly': True}, + 'report_link': {'readonly': True}, + 'threat_description': {'readonly': True}, + 'threat_name': {'readonly': True}, + 'threat_type': {'readonly': True}, + } + + _attribute_map = { + 'confidence': {'key': 'confidence', 'type': 'float'}, + 'provider_name': {'key': 'providerName', 'type': 'str'}, + 'report_link': {'key': 'reportLink', 'type': 'str'}, + 'threat_description': {'key': 'threatDescription', 'type': 'str'}, + 'threat_name': {'key': 'threatName', 'type': 'str'}, + 'threat_type': {'key': 'threatType', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ThreatIntelligence, self).__init__(**kwargs) + self.confidence = None + self.provider_name = None + self.report_link = None + self.threat_description = None + self.threat_name = None + self.threat_type = None + + +class TIDataConnector(DataConnector): + """Represents threat intelligence data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'TIDataConnectorDataTypes'}, + } + + def __init__(self, **kwargs): + super(TIDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + self.kind = 'ThreatIntelligence' + + +class TIDataConnectorDataTypes(Model): + """The available data types for TI (Threat Intelligence) data connector. + + :param indicators: Data type for indicators connection. + :type indicators: + ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators + """ + + _attribute_map = { + 'indicators': {'key': 'indicators', 'type': 'TIDataConnectorDataTypesIndicators'}, + } + + def __init__(self, **kwargs): + super(TIDataConnectorDataTypes, self).__init__(**kwargs) + self.indicators = kwargs.get('indicators', None) + + +class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + """Data type for indicators connection. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(TIDataConnectorDataTypesIndicators, self).__init__(**kwargs) + + +class ToggleSettings(Settings): + """Settings with single toggle. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param is_enabled: Determines whether the setting is enable or disabled. + :type is_enabled: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(ToggleSettings, self).__init__(**kwargs) + self.is_enabled = kwargs.get('is_enabled', None) + self.kind = 'ToggleSettings' + + +class UebaSettings(Settings): + """Represents settings for User and Entity Behavior Analytics enablement. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar atp_license_status: Determines whether the tenant has ATP (Advanced + Threat Protection) license. Possible values include: 'Enabled', 'Disabled' + :vartype atp_license_status: str or + ~azure.mgmt.securityinsight.models.LicenseStatus + :param is_enabled: Determines whether User and Entity Behavior Analytics + is enabled for this workspace. + :type is_enabled: bool + :ivar status_in_mcas: Determines whether User and Entity Behavior + Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible + values include: 'Enabled', 'Disabled' + :vartype status_in_mcas: str or + ~azure.mgmt.securityinsight.models.StatusInMcas + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'atp_license_status': {'readonly': True}, + 'status_in_mcas': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'atp_license_status': {'key': 'properties.atpLicenseStatus', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + 'status_in_mcas': {'key': 'properties.statusInMcas', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(UebaSettings, self).__init__(**kwargs) + self.atp_license_status = None + self.is_enabled = kwargs.get('is_enabled', None) + self.status_in_mcas = None + self.kind = 'UebaSettings' + + +class UserInfo(Model): + """User information that made some action. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str + :param object_id: Required. The object id of the user. + :type object_id: str + """ + + _validation = { + 'email': {'readonly': True}, + 'name': {'readonly': True}, + 'object_id': {'required': True}, + } + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(UserInfo, self).__init__(**kwargs) + self.email = None + self.name = None + self.object_id = kwargs.get('object_id', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py new file mode 100644 index 0000000000000..1161203264f37 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py @@ -0,0 +1,2487 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model +from msrest.exceptions import HttpOperationError + + +class ResourceWithEtag(Model): + """An azure resource object with an Etag property. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + } + + def __init__(self, *, etag: str=None, **kwargs) -> None: + super(ResourceWithEtag, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + self.etag = etag + + +class DataConnector(ResourceWithEtag): + """Data connector. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AADDataConnector, AATPDataConnector, ASCDataConnector, + AwsCloudTrailDataConnector, MCASDataConnector, MDATPDataConnector, + OfficeDataConnector, TIDataConnector + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'AzureActiveDirectory': 'AADDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector'} + } + + def __init__(self, *, etag: str=None, **kwargs) -> None: + super(DataConnector, self).__init__(etag=etag, **kwargs) + self.kind = None + self.kind = 'DataConnector' + + +class AADDataConnector(DataConnector): + """Represents AAD (Azure Active Directory) data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, *, etag: str=None, tenant_id: str=None, data_types=None, **kwargs) -> None: + super(AADDataConnector, self).__init__(etag=etag, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + self.kind = 'AzureActiveDirectory' + + +class AATPDataConnector(DataConnector): + """Represents AATP (Azure Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, *, etag: str=None, tenant_id: str=None, data_types=None, **kwargs) -> None: + super(AATPDataConnector, self).__init__(etag=etag, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + self.kind = 'AzureAdvancedThreatProtection' + + +class ActionPropertiesBase(Model): + """Action property bag base. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, + /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + :type logic_app_resource_id: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + } + + def __init__(self, *, logic_app_resource_id: str, **kwargs) -> None: + super(ActionPropertiesBase, self).__init__(**kwargs) + self.logic_app_resource_id = logic_app_resource_id + + +class ActionRequest(ResourceWithEtag): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param logic_app_resource_id: Required. Logic App Resource Id, + /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'trigger_uri': {'key': 'properties.triggerUri', 'type': 'str'}, + } + + def __init__(self, *, logic_app_resource_id: str, etag: str=None, trigger_uri: str=None, **kwargs) -> None: + super(ActionRequest, self).__init__(etag=etag, **kwargs) + self.logic_app_resource_id = logic_app_resource_id + self.trigger_uri = trigger_uri + + +class Resource(Model): + """An azure resource object. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(Resource, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + + +class ActionResponse(Resource): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the action. + :type etag: str + :param logic_app_resource_id: Required. Logic App Resource Id, + /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + :type logic_app_resource_id: str + :param workflow_id: The name of the logic app's workflow. + :type workflow_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'workflow_id': {'key': 'properties.workflowId', 'type': 'str'}, + } + + def __init__(self, *, logic_app_resource_id: str, etag: str=None, workflow_id: str=None, **kwargs) -> None: + super(ActionResponse, self).__init__(**kwargs) + self.etag = etag + self.logic_app_resource_id = logic_app_resource_id + self.workflow_id = workflow_id + + +class AlertRule(ResourceWithEtag): + """Alert rule. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: FusionAlertRule, + MicrosoftSecurityIncidentCreationAlertRule, ScheduledAlertRule + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'Fusion': 'FusionAlertRule', 'MicrosoftSecurityIncidentCreation': 'MicrosoftSecurityIncidentCreationAlertRule', 'Scheduled': 'ScheduledAlertRule'} + } + + def __init__(self, *, etag: str=None, **kwargs) -> None: + super(AlertRule, self).__init__(etag=etag, **kwargs) + self.kind = None + self.kind = 'AlertRule' + + +class AlertRuleTemplate(Resource): + """Alert rule template. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: FusionAlertRuleTemplate, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ScheduledAlertRuleTemplate + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'Fusion': 'FusionAlertRuleTemplate', 'MicrosoftSecurityIncidentCreation': 'MicrosoftSecurityIncidentCreationAlertRuleTemplate', 'Scheduled': 'ScheduledAlertRuleTemplate'} + } + + def __init__(self, **kwargs) -> None: + super(AlertRuleTemplate, self).__init__(**kwargs) + self.kind = None + self.kind = 'AlertRuleTemplate' + + +class AlertRuleTemplateDataSource(Model): + """alert rule template data sources. + + :param connector_id: The connector id that provides the following data + types + :type connector_id: str + :param data_types: The data types used by the alert rule template + :type data_types: list[str] + """ + + _attribute_map = { + 'connector_id': {'key': 'connectorId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': '[str]'}, + } + + def __init__(self, *, connector_id: str=None, data_types=None, **kwargs) -> None: + super(AlertRuleTemplateDataSource, self).__init__(**kwargs) + self.connector_id = connector_id + self.data_types = data_types + + +class AlertsDataTypeOfDataConnector(Model): + """Alerts data type for data connectors. + + :param alerts: Alerts data type connection. + :type alerts: + ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__(self, *, alerts=None, **kwargs) -> None: + super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) + self.alerts = alerts + + +class ASCDataConnector(DataConnector): + """Represents ASC (Azure Security Center) data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :param subscription_id: The subscription id to connect to, and get the + data from. + :type subscription_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, + } + + def __init__(self, *, etag: str=None, data_types=None, subscription_id: str=None, **kwargs) -> None: + super(ASCDataConnector, self).__init__(etag=etag, **kwargs) + self.data_types = data_types + self.subscription_id = subscription_id + self.kind = 'AzureSecurityCenter' + + +class AwsCloudTrailDataConnector(DataConnector): + """Represents Amazon Web Services CloudTrail data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) + that is used to access the Aws account. + :type aws_role_arn: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AwsCloudTrailDataConnectorDataTypes'}, + } + + def __init__(self, *, etag: str=None, aws_role_arn: str=None, data_types=None, **kwargs) -> None: + super(AwsCloudTrailDataConnector, self).__init__(etag=etag, **kwargs) + self.aws_role_arn = aws_role_arn + self.data_types = data_types + self.kind = 'AmazonWebServicesCloudTrail' + + +class AwsCloudTrailDataConnectorDataTypes(Model): + """The available data types for Amazon Web Services CloudTrail data connector. + + :param logs: Logs data type. + :type logs: + ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs + """ + + _attribute_map = { + 'logs': {'key': 'logs', 'type': 'AwsCloudTrailDataConnectorDataTypesLogs'}, + } + + def __init__(self, *, logs=None, **kwargs) -> None: + super(AwsCloudTrailDataConnectorDataTypes, self).__init__(**kwargs) + self.logs = logs + + +class DataConnectorDataTypeCommon(Model): + """Common field for data type in data connectors. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, *, state=None, **kwargs) -> None: + super(DataConnectorDataTypeCommon, self).__init__(**kwargs) + self.state = state + + +class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, *, state=None, **kwargs) -> None: + super(AwsCloudTrailDataConnectorDataTypesLogs, self).__init__(state=state, **kwargs) + + +class Bookmark(ResourceWithEtag): + """Represents a bookmark in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param created: The time the bookmark was created + :type created: datetime + :param created_by: Describes a user that created the bookmark + :type created_by: ~azure.mgmt.securityinsight.models.UserInfo + :param display_name: Required. The display name of the bookmark + :type display_name: str + :param labels: List of labels relevant to this bookmark + :type labels: list[str] + :param notes: The notes of the bookmark + :type notes: str + :param query: Required. The query of the bookmark. + :type query: str + :param query_result: The query result of the bookmark. + :type query_result: str + :param updated: The last time the bookmark was updated + :type updated: datetime + :param updated_by: Describes a user that updated the bookmark + :type updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :param incident_info: Describes an incident that relates to bookmark + :type incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'display_name': {'required': True}, + 'query': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'created': {'key': 'properties.created', 'type': 'iso-8601'}, + 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'labels': {'key': 'properties.labels', 'type': '[str]'}, + 'notes': {'key': 'properties.notes', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, + 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, + 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, + 'incident_info': {'key': 'properties.incidentInfo', 'type': 'IncidentInfo'}, + } + + def __init__(self, *, display_name: str, query: str, etag: str=None, created=None, created_by=None, labels=None, notes: str=None, query_result: str=None, updated=None, updated_by=None, incident_info=None, **kwargs) -> None: + super(Bookmark, self).__init__(etag=etag, **kwargs) + self.created = created + self.created_by = created_by + self.display_name = display_name + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.updated_by = updated_by + self.incident_info = incident_info + + +class ClientInfo(Model): + """Information on the client (user or application) that made some action. + + :param email: The email of the client. + :type email: str + :param name: The name of the client. + :type name: str + :param object_id: The object id of the client. + :type object_id: str + :param user_principal_name: The user principal name of the client. + :type user_principal_name: str + """ + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, + } + + def __init__(self, *, email: str=None, name: str=None, object_id: str=None, user_principal_name: str=None, **kwargs) -> None: + super(ClientInfo, self).__init__(**kwargs) + self.email = email + self.name = name + self.object_id = object_id + self.user_principal_name = user_principal_name + + +class CloudError(Model): + """An error response for a resource management request. + + :param error: The error object of the CloudError response + :type error: ~azure.mgmt.securityinsight.models.ErrorResponse + """ + + _attribute_map = { + 'error': {'key': 'error', 'type': 'ErrorResponse'}, + } + + def __init__(self, *, error=None, **kwargs) -> None: + super(CloudError, self).__init__(**kwargs) + self.error = error + + +class CloudErrorException(HttpOperationError): + """Server responsed with exception of type: 'CloudError'. + + :param deserialize: A deserializer + :param response: Server response to be deserialized. + """ + + def __init__(self, deserialize, response, *args): + + super(CloudErrorException, self).__init__(deserialize, response, 'CloudError', *args) + + +class DataConnectorTenantId(Model): + """Properties data connector on tenant level. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + } + + def __init__(self, *, tenant_id: str=None, **kwargs) -> None: + super(DataConnectorTenantId, self).__init__(**kwargs) + self.tenant_id = tenant_id + + +class DataConnectorWithAlertsProperties(Model): + """Data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, *, data_types=None, **kwargs) -> None: + super(DataConnectorWithAlertsProperties, self).__init__(**kwargs) + self.data_types = data_types + + +class ErrorAdditionalInfo(Model): + """The resource management error additional info. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar type: The additional info type. + :vartype type: str + :ivar info: The additional info. + :vartype info: object + """ + + _validation = { + 'type': {'readonly': True}, + 'info': {'readonly': True}, + } + + _attribute_map = { + 'type': {'key': 'type', 'type': 'str'}, + 'info': {'key': 'info', 'type': 'object'}, + } + + def __init__(self, **kwargs) -> None: + super(ErrorAdditionalInfo, self).__init__(**kwargs) + self.type = None + self.info = None + + +class ErrorResponse(Model): + """Error Response. + + Common error response for all Azure Resource Manager APIs to return error + details for failed operations. (This also follows the OData error response + format.). + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar target: The error target. + :vartype target: str + :ivar details: The error details. + :vartype details: list[~azure.mgmt.securityinsight.models.ErrorResponse] + :ivar additional_info: The error additional info. + :vartype additional_info: + list[~azure.mgmt.securityinsight.models.ErrorAdditionalInfo] + """ + + _validation = { + 'code': {'readonly': True}, + 'message': {'readonly': True}, + 'target': {'readonly': True}, + 'details': {'readonly': True}, + 'additional_info': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + 'target': {'key': 'target', 'type': 'str'}, + 'details': {'key': 'details', 'type': '[ErrorResponse]'}, + 'additional_info': {'key': 'additionalInfo', 'type': '[ErrorAdditionalInfo]'}, + } + + def __init__(self, **kwargs) -> None: + super(ErrorResponse, self).__init__(**kwargs) + self.code = None + self.message = None + self.target = None + self.details = None + self.additional_info = None + + +class FusionAlertRule(AlertRule): + """Represents Fusion alert rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param alert_rule_template_name: Required. The Name of the alert rule + template used to create this rule. + :type alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert + rule. + :vartype display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or + disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: datetime + :ivar severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule + :vartype tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'alert_rule_template_name': {'required': True}, + 'description': {'readonly': True}, + 'display_name': {'readonly': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + 'severity': {'readonly': True}, + 'tactics': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__(self, *, alert_rule_template_name: str, enabled: bool, etag: str=None, **kwargs) -> None: + super(FusionAlertRule, self).__init__(etag=etag, **kwargs) + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.last_modified_utc = None + self.severity = None + self.tactics = None + self.kind = 'Fusion' + + +class FusionAlertRuleTemplate(AlertRuleTemplate): + """Represents Fusion alert rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param kind: Required. Constant filled by server. + :type kind: str + :param alert_rules_created_by_template_count: the number of alert rules + that were created by this template + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been + added. + :vartype created_date_utc: datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: + 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__(self, *, alert_rules_created_by_template_count: int=None, description: str=None, display_name: str=None, required_data_connectors=None, status=None, severity=None, tactics=None, **kwargs) -> None: + super(FusionAlertRuleTemplate, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.severity = severity + self.tactics = tactics + self.kind = 'Fusion' + + +class Incident(ResourceWithEtag): + """Represents an incident in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :ivar additional_data: Additional data on the incident + :vartype additional_data: + ~azure.mgmt.securityinsight.models.IncidentAdditionalData + :param classification: The reason the incident was closed. Possible values + include: 'Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive' + :type classification: str or + ~azure.mgmt.securityinsight.models.IncidentClassification + :param classification_comment: Describes the reason the incident was + closed + :type classification_comment: str + :param classification_reason: The classification reason the incident was + closed with. Possible values include: 'SuspiciousActivity', + 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData' + :type classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :ivar created_time_utc: The time the incident was created + :vartype created_time_utc: datetime + :param description: The description of the incident + :type description: str + :param first_activity_time_utc: The time of the first activity in the + incident + :type first_activity_time_utc: datetime + :ivar incident_url: The deep-link url to the incident in Azure portal + :vartype incident_url: str + :ivar incident_number: A sequential number + :vartype incident_number: int + :param labels: List of labels relevant to this incident + :type labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :param last_activity_time_utc: The time of the last activity in the + incident + :type last_activity_time_utc: datetime + :ivar last_modified_time_utc: The last time the incident was updated + :vartype last_modified_time_utc: datetime + :param owner: Describes a user that the incident is assigned to + :type owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :ivar related_analytic_rule_ids: List of resource ids of Analytic rules + related to the incident + :vartype related_analytic_rule_ids: list[str] + :param severity: Required. The severity of the incident. Possible values + include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :param status: Required. The status of the incident. Possible values + include: 'New', 'Active', 'Closed' + :type status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :param title: Required. The title of the incident + :type title: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'created_time_utc': {'readonly': True}, + 'incident_url': {'readonly': True}, + 'incident_number': {'readonly': True}, + 'last_modified_time_utc': {'readonly': True}, + 'related_analytic_rule_ids': {'readonly': True}, + 'severity': {'required': True}, + 'status': {'required': True}, + 'title': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': 'IncidentAdditionalData'}, + 'classification': {'key': 'properties.classification', 'type': 'str'}, + 'classification_comment': {'key': 'properties.classificationComment', 'type': 'str'}, + 'classification_reason': {'key': 'properties.classificationReason', 'type': 'str'}, + 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'first_activity_time_utc': {'key': 'properties.firstActivityTimeUtc', 'type': 'iso-8601'}, + 'incident_url': {'key': 'properties.incidentUrl', 'type': 'str'}, + 'incident_number': {'key': 'properties.incidentNumber', 'type': 'int'}, + 'labels': {'key': 'properties.labels', 'type': '[IncidentLabel]'}, + 'last_activity_time_utc': {'key': 'properties.lastActivityTimeUtc', 'type': 'iso-8601'}, + 'last_modified_time_utc': {'key': 'properties.lastModifiedTimeUtc', 'type': 'iso-8601'}, + 'owner': {'key': 'properties.owner', 'type': 'IncidentOwnerInfo'}, + 'related_analytic_rule_ids': {'key': 'properties.relatedAnalyticRuleIds', 'type': '[str]'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'title': {'key': 'properties.title', 'type': 'str'}, + } + + def __init__(self, *, severity, status, title: str, etag: str=None, classification=None, classification_comment: str=None, classification_reason=None, description: str=None, first_activity_time_utc=None, labels=None, last_activity_time_utc=None, owner=None, **kwargs) -> None: + super(Incident, self).__init__(etag=etag, **kwargs) + self.additional_data = None + self.classification = classification + self.classification_comment = classification_comment + self.classification_reason = classification_reason + self.created_time_utc = None + self.description = description + self.first_activity_time_utc = first_activity_time_utc + self.incident_url = None + self.incident_number = None + self.labels = labels + self.last_activity_time_utc = last_activity_time_utc + self.last_modified_time_utc = None + self.owner = owner + self.related_analytic_rule_ids = None + self.severity = severity + self.status = status + self.title = title + + +class IncidentAdditionalData(Model): + """Incident additional data property bag. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar alerts_count: The number of alerts in the incident + :vartype alerts_count: int + :ivar bookmarks_count: The number of bookmarks in the incident + :vartype bookmarks_count: int + :ivar comments_count: The number of comments in the incident + :vartype comments_count: int + :ivar alert_product_names: List of product names of alerts in the incident + :vartype alert_product_names: list[str] + :ivar tactics: The tactics associated with incident + :vartype tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'alerts_count': {'readonly': True}, + 'bookmarks_count': {'readonly': True}, + 'comments_count': {'readonly': True}, + 'alert_product_names': {'readonly': True}, + 'tactics': {'readonly': True}, + } + + _attribute_map = { + 'alerts_count': {'key': 'alertsCount', 'type': 'int'}, + 'bookmarks_count': {'key': 'bookmarksCount', 'type': 'int'}, + 'comments_count': {'key': 'commentsCount', 'type': 'int'}, + 'alert_product_names': {'key': 'alertProductNames', 'type': '[str]'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__(self, **kwargs) -> None: + super(IncidentAdditionalData, self).__init__(**kwargs) + self.alerts_count = None + self.bookmarks_count = None + self.comments_count = None + self.alert_product_names = None + self.tactics = None + + +class IncidentComment(Resource): + """Represents an incident comment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :ivar created_time_utc: The time the comment was created + :vartype created_time_utc: datetime + :param message: Required. The comment message + :type message: str + :ivar author: Describes the client that created the comment + :vartype author: ~azure.mgmt.securityinsight.models.ClientInfo + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'created_time_utc': {'readonly': True}, + 'message': {'required': True}, + 'author': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'message': {'key': 'properties.message', 'type': 'str'}, + 'author': {'key': 'properties.author', 'type': 'ClientInfo'}, + } + + def __init__(self, *, message: str, **kwargs) -> None: + super(IncidentComment, self).__init__(**kwargs) + self.created_time_utc = None + self.message = message + self.author = None + + +class IncidentInfo(Model): + """Describes related incident information for the bookmark. + + All required parameters must be populated in order to send to Azure. + + :param incident_id: Required. Incident Id + :type incident_id: str + :param severity: Required. The severity of the incident. Possible values + include: 'Critical', 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.CaseSeverity + :param title: Required. The title of the incident + :type title: str + :param relation_name: Required. Relation Name + :type relation_name: str + """ + + _validation = { + 'incident_id': {'required': True}, + 'severity': {'required': True}, + 'title': {'required': True}, + 'relation_name': {'required': True}, + } + + _attribute_map = { + 'incident_id': {'key': 'incidentId', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'title': {'key': 'title', 'type': 'str'}, + 'relation_name': {'key': 'relationName', 'type': 'str'}, + } + + def __init__(self, *, incident_id: str, severity, title: str, relation_name: str, **kwargs) -> None: + super(IncidentInfo, self).__init__(**kwargs) + self.incident_id = incident_id + self.severity = severity + self.title = title + self.relation_name = relation_name + + +class IncidentLabel(Model): + """Represents an incident label. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param label_name: Required. The name of the label + :type label_name: str + :ivar label_type: The type of the label. Possible values include: 'User', + 'System' + :vartype label_type: str or + ~azure.mgmt.securityinsight.models.IncidentLabelType + """ + + _validation = { + 'label_name': {'required': True}, + 'label_type': {'readonly': True}, + } + + _attribute_map = { + 'label_name': {'key': 'labelName', 'type': 'str'}, + 'label_type': {'key': 'labelType', 'type': 'str'}, + } + + def __init__(self, *, label_name: str, **kwargs) -> None: + super(IncidentLabel, self).__init__(**kwargs) + self.label_name = label_name + self.label_type = None + + +class IncidentOwnerInfo(Model): + """Information on the user an incident is assigned to. + + :param email: The email of the user the incident is assigned to. + :type email: str + :param assigned_to: The name of the user the incident is assigned to. + :type assigned_to: str + :param object_id: The object id of the user the incident is assigned to. + :type object_id: str + :param user_principal_name: The user principal name of the user the + incident is assigned to. + :type user_principal_name: str + """ + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'assigned_to': {'key': 'assignedTo', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, + } + + def __init__(self, *, email: str=None, assigned_to: str=None, object_id: str=None, user_principal_name: str=None, **kwargs) -> None: + super(IncidentOwnerInfo, self).__init__(**kwargs) + self.email = email + self.assigned_to = assigned_to + self.object_id = object_id + self.user_principal_name = user_principal_name + + +class MCASDataConnector(DataConnector): + """Represents MCAS (Microsoft Cloud App Security) data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'MCASDataConnectorDataTypes'}, + } + + def __init__(self, *, etag: str=None, tenant_id: str=None, data_types=None, **kwargs) -> None: + super(MCASDataConnector, self).__init__(etag=etag, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + self.kind = 'MicrosoftCloudAppSecurity' + + +class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data + connector. + + :param alerts: Alerts data type connection. + :type alerts: + ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :param discovery_logs: Discovery log data type connection. + :type discovery_logs: + ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, + 'discovery_logs': {'key': 'discoveryLogs', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__(self, *, alerts=None, discovery_logs=None, **kwargs) -> None: + super(MCASDataConnectorDataTypes, self).__init__(alerts=alerts, **kwargs) + self.discovery_logs = discovery_logs + + +class MDATPDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data + connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, *, etag: str=None, tenant_id: str=None, data_types=None, **kwargs) -> None: + super(MDATPDataConnector, self).__init__(etag=etag, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + self.kind = 'MicrosoftDefenderAdvancedThreatProtection' + + +class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): + """Represents MicrosoftSecurityIncidentCreation rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param display_names_filter: the alerts' displayNames on which the cases + will be generated + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the + cases will not be generated + :type display_names_exclude_filter: list[str] + :param product_filter: Required. The alerts' productName on which the + cases will be generated. Possible values include: 'Microsoft Cloud App + Security', 'Azure Security Center', 'Azure Advanced Threat Protection', + 'Azure Active Directory Identity Protection', 'Azure Security Center for + IoT' + :type product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will + be generated + :type severities_filter: list[str or + ~azure.mgmt.securityinsight.models.AlertSeverity] + :param alert_rule_template_name: The Name of the alert rule template used + to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this + alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or + disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'product_filter': {'required': True}, + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'properties.displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + } + + def __init__(self, *, product_filter, display_name: str, enabled: bool, etag: str=None, display_names_filter=None, display_names_exclude_filter=None, severities_filter=None, alert_rule_template_name: str=None, description: str=None, **kwargs) -> None: + super(MicrosoftSecurityIncidentCreationAlertRule, self).__init__(etag=etag, **kwargs) + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + self.kind = 'MicrosoftSecurityIncidentCreation' + + +class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(Model): + """MicrosoftSecurityIncidentCreation rule common property bag. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases + will be generated + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the + cases will not be generated + :type display_names_exclude_filter: list[str] + :param product_filter: Required. The alerts' productName on which the + cases will be generated. Possible values include: 'Microsoft Cloud App + Security', 'Azure Security Center', 'Azure Advanced Threat Protection', + 'Azure Active Directory Identity Protection', 'Azure Security Center for + IoT' + :type product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will + be generated + :type severities_filter: list[str or + ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + 'product_filter': {'required': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + } + + def __init__(self, *, product_filter, display_names_filter=None, display_names_exclude_filter=None, severities_filter=None, **kwargs) -> None: + super(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties, self).__init__(**kwargs) + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplate(AlertRuleTemplate): + """Represents MicrosoftSecurityIncidentCreation rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param kind: Required. Constant filled by server. + :type kind: str + :param alert_rules_created_by_template_count: the number of alert rules + that were created by this template + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been + added. + :vartype created_date_utc: datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: + 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param display_names_filter: the alerts' displayNames on which the cases + will be generated + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the + cases will not be generated + :type display_names_exclude_filter: list[str] + :param product_filter: Required. The alerts' productName on which the + cases will be generated. Possible values include: 'Microsoft Cloud App + Security', 'Azure Security Center', 'Azure Advanced Threat Protection', + 'Azure Active Directory Identity Protection', 'Azure Security Center for + IoT' + :type product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will + be generated + :type severities_filter: list[str or + ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + 'product_filter': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'properties.displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + } + + def __init__(self, *, product_filter, alert_rules_created_by_template_count: int=None, description: str=None, display_name: str=None, required_data_connectors=None, status=None, display_names_filter=None, display_names_exclude_filter=None, severities_filter=None, **kwargs) -> None: + super(MicrosoftSecurityIncidentCreationAlertRuleTemplate, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + self.kind = 'MicrosoftSecurityIncidentCreation' + + +class OfficeConsent(Resource): + """Consent for Office365 tenant that already made. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param tenant_id: The tenantId of the Office365 with the consent. + :type tenant_id: str + :ivar tenant_name: The tenant name of the Office365 with the consent. + :vartype tenant_name: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'tenant_name': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'tenant_name': {'key': 'properties.tenantName', 'type': 'str'}, + } + + def __init__(self, *, tenant_id: str=None, **kwargs) -> None: + super(OfficeConsent, self).__init__(**kwargs) + self.tenant_id = tenant_id + self.tenant_name = None + + +class OfficeConsentList(Model): + """List of all the office365 consents. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of office consents. + :vartype next_link: str + :param value: Required. Array of the consents. + :type value: list[~azure.mgmt.securityinsight.models.OfficeConsent] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[OfficeConsent]'}, + } + + def __init__(self, *, value, **kwargs) -> None: + super(OfficeConsentList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class OfficeDataConnector(DataConnector): + """Represents office data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, + } + + def __init__(self, *, etag: str=None, tenant_id: str=None, data_types=None, **kwargs) -> None: + super(OfficeDataConnector, self).__init__(etag=etag, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + self.kind = 'Office365' + + +class OfficeDataConnectorDataTypes(Model): + """The available data types for office data connector. + + :param exchange: Exchange data type connection. + :type exchange: + ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :param share_point: SharePoint data type connection. + :type share_point: + ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + """ + + _attribute_map = { + 'exchange': {'key': 'exchange', 'type': 'OfficeDataConnectorDataTypesExchange'}, + 'share_point': {'key': 'sharePoint', 'type': 'OfficeDataConnectorDataTypesSharePoint'}, + } + + def __init__(self, *, exchange=None, share_point=None, **kwargs) -> None: + super(OfficeDataConnectorDataTypes, self).__init__(**kwargs) + self.exchange = exchange + self.share_point = share_point + + +class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): + """Exchange data type connection. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, *, state=None, **kwargs) -> None: + super(OfficeDataConnectorDataTypesExchange, self).__init__(state=state, **kwargs) + + +class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): + """SharePoint data type connection. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, *, state=None, **kwargs) -> None: + super(OfficeDataConnectorDataTypesSharePoint, self).__init__(state=state, **kwargs) + + +class Operation(Model): + """Operation provided by provider. + + :param display: Properties of the operation + :type display: ~azure.mgmt.securityinsight.models.OperationDisplay + :param name: Name of the operation + :type name: str + """ + + _attribute_map = { + 'display': {'key': 'display', 'type': 'OperationDisplay'}, + 'name': {'key': 'name', 'type': 'str'}, + } + + def __init__(self, *, display=None, name: str=None, **kwargs) -> None: + super(Operation, self).__init__(**kwargs) + self.display = display + self.name = name + + +class OperationDisplay(Model): + """Properties of the operation. + + :param description: Description of the operation + :type description: str + :param operation: Operation name + :type operation: str + :param provider: Provider name + :type provider: str + :param resource: Resource name + :type resource: str + """ + + _attribute_map = { + 'description': {'key': 'description', 'type': 'str'}, + 'operation': {'key': 'operation', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'resource': {'key': 'resource', 'type': 'str'}, + } + + def __init__(self, *, description: str=None, operation: str=None, provider: str=None, resource: str=None, **kwargs) -> None: + super(OperationDisplay, self).__init__(**kwargs) + self.description = description + self.operation = operation + self.provider = provider + self.resource = resource + + +class ScheduledAlertRule(AlertRule): + """Represents scheduled alert rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for + this alert rule to run. + :type query_frequency: timedelta + :param query_period: The period (in ISO 8601 duration format) that this + alert rule looks at. + :type query_period: timedelta + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers + alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', + 'NotEqual' + :type trigger_operator: str or + ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param alert_rule_template_name: The Name of the alert rule template used + to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this + alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or + disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been + modified. + :vartype last_modified_utc: datetime + :param suppression_duration: Required. The suppression (in ISO 8601 + duration format) to wait since last time this alert rule been triggered. + :type suppression_duration: timedelta + :param suppression_enabled: Required. Determines whether the suppression + for this alert rule is enabled or disabled. + :type suppression_enabled: bool + :param tactics: The tactics of the alert rule + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + 'suppression_duration': {'required': True}, + 'suppression_enabled': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'TriggerOperator'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'suppression_duration': {'key': 'properties.suppressionDuration', 'type': 'duration'}, + 'suppression_enabled': {'key': 'properties.suppressionEnabled', 'type': 'bool'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__(self, *, display_name: str, enabled: bool, suppression_duration, suppression_enabled: bool, etag: str=None, query: str=None, query_frequency=None, query_period=None, severity=None, trigger_operator=None, trigger_threshold: int=None, alert_rule_template_name: str=None, description: str=None, tactics=None, **kwargs) -> None: + super(ScheduledAlertRule, self).__init__(etag=etag, **kwargs) + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + self.suppression_duration = suppression_duration + self.suppression_enabled = suppression_enabled + self.tactics = tactics + self.kind = 'Scheduled' + + +class ScheduledAlertRuleCommonProperties(Model): + """Schedule alert rule template property bag. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for + this alert rule to run. + :type query_frequency: timedelta + :param query_period: The period (in ISO 8601 duration format) that this + alert rule looks at. + :type query_period: timedelta + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers + alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', + 'NotEqual' + :type trigger_operator: str or + ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + """ + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'TriggerOperator'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + } + + def __init__(self, *, query: str=None, query_frequency=None, query_period=None, severity=None, trigger_operator=None, trigger_threshold: int=None, **kwargs) -> None: + super(ScheduledAlertRuleCommonProperties, self).__init__(**kwargs) + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + + +class ScheduledAlertRuleTemplate(AlertRuleTemplate): + """Represents scheduled alert rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param kind: Required. Constant filled by server. + :type kind: str + :param alert_rules_created_by_template_count: the number of alert rules + that were created by this template + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been + added. + :vartype created_date_utc: datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: + 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for + this alert rule to run. + :type query_frequency: timedelta + :param query_period: The period (in ISO 8601 duration format) that this + alert rule looks at. + :type query_period: timedelta + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers + alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', + 'NotEqual' + :type trigger_operator: str or + ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'TriggerOperator'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__(self, *, alert_rules_created_by_template_count: int=None, description: str=None, display_name: str=None, required_data_connectors=None, status=None, query: str=None, query_frequency=None, query_period=None, severity=None, trigger_operator=None, trigger_threshold: int=None, tactics=None, **kwargs) -> None: + super(ScheduledAlertRuleTemplate, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + self.tactics = tactics + self.kind = 'Scheduled' + + +class Settings(ResourceWithEtag): + """The Settings. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ToggleSettings, UebaSettings + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'ToggleSettings': 'ToggleSettings', 'UebaSettings': 'UebaSettings'} + } + + def __init__(self, *, etag: str=None, **kwargs) -> None: + super(Settings, self).__init__(etag=etag, **kwargs) + self.kind = None + self.kind = 'Settings' + + +class ThreatIntelligence(Model): + """ThreatIntelligence property bag. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar confidence: Confidence (must be between 0 and 1) + :vartype confidence: float + :ivar provider_name: Name of the provider from whom this Threat + Intelligence information was received + :vartype provider_name: str + :ivar report_link: Report link + :vartype report_link: str + :ivar threat_description: Threat description (free text) + :vartype threat_description: str + :ivar threat_name: Threat name (e.g. "Jedobot malware") + :vartype threat_name: str + :ivar threat_type: Threat type (e.g. "Botnet") + :vartype threat_type: str + """ + + _validation = { + 'confidence': {'readonly': True}, + 'provider_name': {'readonly': True}, + 'report_link': {'readonly': True}, + 'threat_description': {'readonly': True}, + 'threat_name': {'readonly': True}, + 'threat_type': {'readonly': True}, + } + + _attribute_map = { + 'confidence': {'key': 'confidence', 'type': 'float'}, + 'provider_name': {'key': 'providerName', 'type': 'str'}, + 'report_link': {'key': 'reportLink', 'type': 'str'}, + 'threat_description': {'key': 'threatDescription', 'type': 'str'}, + 'threat_name': {'key': 'threatName', 'type': 'str'}, + 'threat_type': {'key': 'threatType', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(ThreatIntelligence, self).__init__(**kwargs) + self.confidence = None + self.provider_name = None + self.report_link = None + self.threat_description = None + self.threat_name = None + self.threat_type = None + + +class TIDataConnector(DataConnector): + """Represents threat intelligence data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'TIDataConnectorDataTypes'}, + } + + def __init__(self, *, etag: str=None, tenant_id: str=None, data_types=None, **kwargs) -> None: + super(TIDataConnector, self).__init__(etag=etag, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + self.kind = 'ThreatIntelligence' + + +class TIDataConnectorDataTypes(Model): + """The available data types for TI (Threat Intelligence) data connector. + + :param indicators: Data type for indicators connection. + :type indicators: + ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators + """ + + _attribute_map = { + 'indicators': {'key': 'indicators', 'type': 'TIDataConnectorDataTypesIndicators'}, + } + + def __init__(self, *, indicators=None, **kwargs) -> None: + super(TIDataConnectorDataTypes, self).__init__(**kwargs) + self.indicators = indicators + + +class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + """Data type for indicators connection. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, *, state=None, **kwargs) -> None: + super(TIDataConnectorDataTypesIndicators, self).__init__(state=state, **kwargs) + + +class ToggleSettings(Settings): + """Settings with single toggle. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param is_enabled: Determines whether the setting is enable or disabled. + :type is_enabled: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + } + + def __init__(self, *, etag: str=None, is_enabled: bool=None, **kwargs) -> None: + super(ToggleSettings, self).__init__(etag=etag, **kwargs) + self.is_enabled = is_enabled + self.kind = 'ToggleSettings' + + +class UebaSettings(Settings): + """Represents settings for User and Entity Behavior Analytics enablement. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar name: Azure resource name + :vartype name: str + :ivar type: Azure resource type + :vartype type: str + :param etag: Etag of the azure resource + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar atp_license_status: Determines whether the tenant has ATP (Advanced + Threat Protection) license. Possible values include: 'Enabled', 'Disabled' + :vartype atp_license_status: str or + ~azure.mgmt.securityinsight.models.LicenseStatus + :param is_enabled: Determines whether User and Entity Behavior Analytics + is enabled for this workspace. + :type is_enabled: bool + :ivar status_in_mcas: Determines whether User and Entity Behavior + Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible + values include: 'Enabled', 'Disabled' + :vartype status_in_mcas: str or + ~azure.mgmt.securityinsight.models.StatusInMcas + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'atp_license_status': {'readonly': True}, + 'status_in_mcas': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'atp_license_status': {'key': 'properties.atpLicenseStatus', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + 'status_in_mcas': {'key': 'properties.statusInMcas', 'type': 'str'}, + } + + def __init__(self, *, etag: str=None, is_enabled: bool=None, **kwargs) -> None: + super(UebaSettings, self).__init__(etag=etag, **kwargs) + self.atp_license_status = None + self.is_enabled = is_enabled + self.status_in_mcas = None + self.kind = 'UebaSettings' + + +class UserInfo(Model): + """User information that made some action. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str + :param object_id: Required. The object id of the user. + :type object_id: str + """ + + _validation = { + 'email': {'readonly': True}, + 'name': {'readonly': True}, + 'object_id': {'required': True}, + } + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + } + + def __init__(self, *, object_id: str, **kwargs) -> None: + super(UserInfo, self).__init__(**kwargs) + self.email = None + self.name = None + self.object_id = object_id diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_paged_models.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_paged_models.py new file mode 100644 index 0000000000000..ef16df10f5b63 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_paged_models.py @@ -0,0 +1,118 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.paging import Paged + + +class OperationPaged(Paged): + """ + A paging container for iterating over a list of :class:`Operation ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[Operation]'} + } + + def __init__(self, *args, **kwargs): + + super(OperationPaged, self).__init__(*args, **kwargs) +class AlertRulePaged(Paged): + """ + A paging container for iterating over a list of :class:`AlertRule ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[AlertRule]'} + } + + def __init__(self, *args, **kwargs): + + super(AlertRulePaged, self).__init__(*args, **kwargs) +class ActionResponsePaged(Paged): + """ + A paging container for iterating over a list of :class:`ActionResponse ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[ActionResponse]'} + } + + def __init__(self, *args, **kwargs): + + super(ActionResponsePaged, self).__init__(*args, **kwargs) +class AlertRuleTemplatePaged(Paged): + """ + A paging container for iterating over a list of :class:`AlertRuleTemplate ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[AlertRuleTemplate]'} + } + + def __init__(self, *args, **kwargs): + + super(AlertRuleTemplatePaged, self).__init__(*args, **kwargs) +class BookmarkPaged(Paged): + """ + A paging container for iterating over a list of :class:`Bookmark ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[Bookmark]'} + } + + def __init__(self, *args, **kwargs): + + super(BookmarkPaged, self).__init__(*args, **kwargs) +class DataConnectorPaged(Paged): + """ + A paging container for iterating over a list of :class:`DataConnector ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[DataConnector]'} + } + + def __init__(self, *args, **kwargs): + + super(DataConnectorPaged, self).__init__(*args, **kwargs) +class IncidentPaged(Paged): + """ + A paging container for iterating over a list of :class:`Incident ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[Incident]'} + } + + def __init__(self, *args, **kwargs): + + super(IncidentPaged, self).__init__(*args, **kwargs) +class IncidentCommentPaged(Paged): + """ + A paging container for iterating over a list of :class:`IncidentComment ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[IncidentComment]'} + } + + def __init__(self, *args, **kwargs): + + super(IncidentCommentPaged, self).__init__(*args, **kwargs) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py new file mode 100644 index 0000000000000..4e24aff1d344e --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py @@ -0,0 +1,149 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from enum import Enum + + +class DataTypeState(str, Enum): + + enabled = "Enabled" + disabled = "Disabled" + + +class AlertRuleKind(str, Enum): + + scheduled = "Scheduled" + microsoft_security_incident_creation = "MicrosoftSecurityIncidentCreation" + fusion = "Fusion" + + +class TemplateStatus(str, Enum): + + installed = "Installed" #: Alert rule template installed. and can not use more then once + available = "Available" #: Alert rule template is available. + not_available = "NotAvailable" #: Alert rule template is not available + + +class TriggerOperator(str, Enum): + + greater_than = "GreaterThan" + less_than = "LessThan" + equal = "Equal" + not_equal = "NotEqual" + + +class AlertSeverity(str, Enum): + + high = "High" #: High severity + medium = "Medium" #: Medium severity + low = "Low" #: Low severity + informational = "Informational" #: Informational severity + + +class MicrosoftSecurityProductName(str, Enum): + + microsoft_cloud_app_security = "Microsoft Cloud App Security" + azure_security_center = "Azure Security Center" + azure_advanced_threat_protection = "Azure Advanced Threat Protection" + azure_active_directory_identity_protection = "Azure Active Directory Identity Protection" + azure_security_centerfor_io_t = "Azure Security Center for IoT" + + +class AttackTactic(str, Enum): + + initial_access = "InitialAccess" + execution = "Execution" + persistence = "Persistence" + privilege_escalation = "PrivilegeEscalation" + defense_evasion = "DefenseEvasion" + credential_access = "CredentialAccess" + discovery = "Discovery" + lateral_movement = "LateralMovement" + collection = "Collection" + exfiltration = "Exfiltration" + command_and_control = "CommandAndControl" + impact = "Impact" + + +class CaseSeverity(str, Enum): + + critical = "Critical" #: Critical severity + high = "High" #: High severity + medium = "Medium" #: Medium severity + low = "Low" #: Low severity + informational = "Informational" #: Informational severity + + +class DataConnectorKind(str, Enum): + + azure_active_directory = "AzureActiveDirectory" + azure_security_center = "AzureSecurityCenter" + microsoft_cloud_app_security = "MicrosoftCloudAppSecurity" + threat_intelligence = "ThreatIntelligence" + office365 = "Office365" + amazon_web_services_cloud_trail = "AmazonWebServicesCloudTrail" + azure_advanced_threat_protection = "AzureAdvancedThreatProtection" + microsoft_defender_advanced_threat_protection = "MicrosoftDefenderAdvancedThreatProtection" + + +class IncidentClassification(str, Enum): + + undetermined = "Undetermined" #: Incident classification was undetermined + true_positive = "TruePositive" #: Incident was true positive + benign_positive = "BenignPositive" #: Incident was benign positive + false_positive = "FalsePositive" #: Incident was false positive + + +class IncidentClassificationReason(str, Enum): + + suspicious_activity = "SuspiciousActivity" #: Classification reason was suspicious activity + suspicious_but_expected = "SuspiciousButExpected" #: Classification reason was suspicious but expected + incorrect_alert_logic = "IncorrectAlertLogic" #: Classification reason was incorrect alert logic + inaccurate_data = "InaccurateData" #: Classification reason was inaccurate data + + +class IncidentLabelType(str, Enum): + + user = "User" #: Label manually created by a user + system = "System" #: Label automatically created by the system + + +class IncidentSeverity(str, Enum): + + high = "High" #: High severity + medium = "Medium" #: Medium severity + low = "Low" #: Low severity + informational = "Informational" #: Informational severity + + +class IncidentStatus(str, Enum): + + new = "New" #: An active incident which isn't being handled currently + active = "Active" #: An active incident which is being handled + closed = "Closed" #: A non-active incident + + +class SettingKind(str, Enum): + + ueba_settings = "UebaSettings" + toggle_settings = "ToggleSettings" + + +class LicenseStatus(str, Enum): + + enabled = "Enabled" + disabled = "Disabled" + + +class StatusInMcas(str, Enum): + + enabled = "Enabled" + disabled = "Disabled" diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py new file mode 100644 index 0000000000000..30f2aad9abc85 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py @@ -0,0 +1,30 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from ._operations import Operations +from ._alert_rules_operations import AlertRulesOperations +from ._actions_operations import ActionsOperations +from ._alert_rule_templates_operations import AlertRuleTemplatesOperations +from ._bookmarks_operations import BookmarksOperations +from ._data_connectors_operations import DataConnectorsOperations +from ._incidents_operations import IncidentsOperations +from ._incident_comments_operations import IncidentCommentsOperations + +__all__ = [ + 'Operations', + 'AlertRulesOperations', + 'ActionsOperations', + 'AlertRuleTemplatesOperations', + 'BookmarksOperations', + 'DataConnectorsOperations', + 'IncidentsOperations', + 'IncidentCommentsOperations', +] diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py new file mode 100644 index 0000000000000..082376e8c6667 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py @@ -0,0 +1,116 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class ActionsOperations(object): + """ActionsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + + self.config = config + + def list_by_alert_rule( + self, resource_group_name, workspace_name, rule_id, custom_headers=None, raw=False, **operation_config): + """Gets all actions of alert rule. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID + :type rule_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of ActionResponse + :rtype: + ~azure.mgmt.securityinsight.models.ActionResponsePaged[~azure.mgmt.securityinsight.models.ActionResponse] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_alert_rule.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.ActionResponsePaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py new file mode 100644 index 0000000000000..cfb1d48589256 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py @@ -0,0 +1,178 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class AlertRuleTemplatesOperations(object): + """AlertRuleTemplatesOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + + self.config = config + + def list( + self, resource_group_name, workspace_name, custom_headers=None, raw=False, **operation_config): + """Gets all alert rule templates. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of AlertRuleTemplate + :rtype: + ~azure.mgmt.securityinsight.models.AlertRuleTemplatePaged[~azure.mgmt.securityinsight.models.AlertRuleTemplate] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.AlertRuleTemplatePaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates'} + + def get( + self, resource_group_name, workspace_name, alert_rule_template_id, custom_headers=None, raw=False, **operation_config): + """Gets the alert rule template. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param alert_rule_template_id: Alert rule template ID + :type alert_rule_template_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: AlertRuleTemplate or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.AlertRuleTemplate or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'alertRuleTemplateId': self._serialize.url("alert_rule_template_id", alert_rule_template_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('AlertRuleTemplate', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py new file mode 100644 index 0000000000000..64183a648d99f --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py @@ -0,0 +1,512 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class AlertRulesOperations(object): + """AlertRulesOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + + self.config = config + + def list( + self, resource_group_name, workspace_name, custom_headers=None, raw=False, **operation_config): + """Gets all alert rules. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of AlertRule + :rtype: + ~azure.mgmt.securityinsight.models.AlertRulePaged[~azure.mgmt.securityinsight.models.AlertRule] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.AlertRulePaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} + + def get( + self, resource_group_name, workspace_name, rule_id, custom_headers=None, raw=False, **operation_config): + """Gets the alert rule. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID + :type rule_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: AlertRule or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.AlertRule or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('AlertRule', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} + + def create_or_update( + self, resource_group_name, workspace_name, rule_id, alert_rule, custom_headers=None, raw=False, **operation_config): + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID + :type rule_id: str + :param alert_rule: The alert rule + :type alert_rule: ~azure.mgmt.securityinsight.models.AlertRule + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: AlertRule or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.AlertRule or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(alert_rule, 'AlertRule') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('AlertRule', response) + if response.status_code == 201: + deserialized = self._deserialize('AlertRule', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} + + def delete( + self, resource_group_name, workspace_name, rule_id, custom_headers=None, raw=False, **operation_config): + """Delete the alert rule. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID + :type rule_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} + + def get_action( + self, resource_group_name, workspace_name, rule_id, action_id, custom_headers=None, raw=False, **operation_config): + """Gets the action of alert rule. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID + :type rule_id: str + :param action_id: Action ID + :type action_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ActionResponse or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.ActionResponse or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get_action.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('ActionResponse', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} + + def create_or_update_action( + self, resource_group_name, workspace_name, rule_id, action_id, action, custom_headers=None, raw=False, **operation_config): + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID + :type rule_id: str + :param action_id: Action ID + :type action_id: str + :param action: The action + :type action: ~azure.mgmt.securityinsight.models.ActionRequest + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ActionResponse or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.ActionResponse or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update_action.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(action, 'ActionRequest') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('ActionResponse', response) + if response.status_code == 201: + deserialized = self._deserialize('ActionResponse', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} + + def delete_action( + self, resource_group_name, workspace_name, rule_id, action_id, custom_headers=None, raw=False, **operation_config): + """Delete the action of alert rule. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID + :type rule_id: str + :param action_id: Action ID + :type action_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete_action.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py new file mode 100644 index 0000000000000..4903c3d132ba9 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py @@ -0,0 +1,308 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class BookmarksOperations(object): + """BookmarksOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + + self.config = config + + def list( + self, resource_group_name, workspace_name, custom_headers=None, raw=False, **operation_config): + """Gets all bookmarks. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of Bookmark + :rtype: + ~azure.mgmt.securityinsight.models.BookmarkPaged[~azure.mgmt.securityinsight.models.Bookmark] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.BookmarkPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks'} + + def get( + self, resource_group_name, workspace_name, bookmark_id, custom_headers=None, raw=False, **operation_config): + """Gets a bookmark. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param bookmark_id: Bookmark ID + :type bookmark_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: Bookmark or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.Bookmark or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Bookmark', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} + + def create_or_update( + self, resource_group_name, workspace_name, bookmark_id, bookmark, custom_headers=None, raw=False, **operation_config): + """Creates or updates the bookmark. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param bookmark_id: Bookmark ID + :type bookmark_id: str + :param bookmark: The bookmark + :type bookmark: ~azure.mgmt.securityinsight.models.Bookmark + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: Bookmark or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.Bookmark or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(bookmark, 'Bookmark') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Bookmark', response) + if response.status_code == 201: + deserialized = self._deserialize('Bookmark', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} + + def delete( + self, resource_group_name, workspace_name, bookmark_id, custom_headers=None, raw=False, **operation_config): + """Delete the bookmark. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param bookmark_id: Bookmark ID + :type bookmark_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py new file mode 100644 index 0000000000000..fb4998b458425 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py @@ -0,0 +1,308 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class DataConnectorsOperations(object): + """DataConnectorsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + + self.config = config + + def list( + self, resource_group_name, workspace_name, custom_headers=None, raw=False, **operation_config): + """Gets all data connectors. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of DataConnector + :rtype: + ~azure.mgmt.securityinsight.models.DataConnectorPaged[~azure.mgmt.securityinsight.models.DataConnector] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.DataConnectorPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors'} + + def get( + self, resource_group_name, workspace_name, data_connector_id, custom_headers=None, raw=False, **operation_config): + """Gets a data connector. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID + :type data_connector_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: DataConnector or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.DataConnector or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DataConnector', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} + + def create_or_update( + self, resource_group_name, workspace_name, data_connector_id, data_connector, custom_headers=None, raw=False, **operation_config): + """Creates or updates the data connector. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID + :type data_connector_id: str + :param data_connector: The data connector + :type data_connector: ~azure.mgmt.securityinsight.models.DataConnector + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: DataConnector or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.DataConnector or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(data_connector, 'DataConnector') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DataConnector', response) + if response.status_code == 201: + deserialized = self._deserialize('DataConnector', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} + + def delete( + self, resource_group_name, workspace_name, data_connector_id, custom_headers=None, raw=False, **operation_config): + """Delete the data connector. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID + :type data_connector_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py new file mode 100644 index 0000000000000..376f9746c44c6 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py @@ -0,0 +1,281 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class IncidentCommentsOperations(object): + """IncidentCommentsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + + self.config = config + + def list_by_incident( + self, resource_group_name, workspace_name, incident_id, filter=None, orderby=None, top=None, skip_token=None, custom_headers=None, raw=False, **operation_config): + """Gets all incident comments. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID + :type incident_id: str + :param filter: Filters the results, based on a Boolean condition. + Optional. + :type filter: str + :param orderby: Sorts the results. Optional. + :type orderby: str + :param top: Returns only the first n results. Optional. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation + returned a partial result. If a previous response contains a nextLink + element, the value of the nextLink element will include a skiptoken + parameter that specifies a starting point to use for subsequent calls. + Optional. + :type skip_token: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of IncidentComment + :rtype: + ~azure.mgmt.securityinsight.models.IncidentCommentPaged[~azure.mgmt.securityinsight.models.IncidentComment] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_incident.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + if orderby is not None: + query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str') + if top is not None: + query_parameters['$top'] = self._serialize.query("top", top, 'int') + if skip_token is not None: + query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.IncidentCommentPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_by_incident.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments'} + + def get( + self, resource_group_name, workspace_name, incident_id, incident_comment_id, custom_headers=None, raw=False, **operation_config): + """Gets an incident comment. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID + :type incident_id: str + :param incident_comment_id: Incident comment ID + :type incident_comment_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: IncidentComment or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.IncidentComment or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + 'incidentCommentId': self._serialize.url("incident_comment_id", incident_comment_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IncidentComment', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}'} + + def create_comment( + self, resource_group_name, workspace_name, incident_id, incident_comment_id, message, custom_headers=None, raw=False, **operation_config): + """Creates the incident comment. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID + :type incident_id: str + :param incident_comment_id: Incident comment ID + :type incident_comment_id: str + :param message: The comment message + :type message: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: IncidentComment or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.IncidentComment or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + incident_comment = models.IncidentComment(message=message) + + # Construct URL + url = self.create_comment.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + 'incidentCommentId': self._serialize.url("incident_comment_id", incident_comment_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(incident_comment, 'IncidentComment') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 201: + deserialized = self._deserialize('IncidentComment', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_comment.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py new file mode 100644 index 0000000000000..1403a9fdf59b5 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py @@ -0,0 +1,329 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class IncidentsOperations(object): + """IncidentsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + + self.config = config + + def list( + self, resource_group_name, workspace_name, filter=None, orderby=None, top=None, skip_token=None, custom_headers=None, raw=False, **operation_config): + """Gets all incidents. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. + Optional. + :type filter: str + :param orderby: Sorts the results. Optional. + :type orderby: str + :param top: Returns only the first n results. Optional. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation + returned a partial result. If a previous response contains a nextLink + element, the value of the nextLink element will include a skiptoken + parameter that specifies a starting point to use for subsequent calls. + Optional. + :type skip_token: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of Incident + :rtype: + ~azure.mgmt.securityinsight.models.IncidentPaged[~azure.mgmt.securityinsight.models.Incident] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + if orderby is not None: + query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str') + if top is not None: + query_parameters['$top'] = self._serialize.query("top", top, 'int') + if skip_token is not None: + query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.IncidentPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents'} + + def get( + self, resource_group_name, workspace_name, incident_id, custom_headers=None, raw=False, **operation_config): + """Gets an incident. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID + :type incident_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: Incident or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.Incident or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Incident', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} + + def create_or_update( + self, resource_group_name, workspace_name, incident_id, incident, custom_headers=None, raw=False, **operation_config): + """Creates or updates the incident. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID + :type incident_id: str + :param incident: The incident + :type incident: ~azure.mgmt.securityinsight.models.Incident + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: Incident or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.Incident or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(incident, 'Incident') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Incident', response) + if response.status_code == 201: + deserialized = self._deserialize('Incident', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} + + def delete( + self, resource_group_name, workspace_name, incident_id, custom_headers=None, raw=False, **operation_config): + """Delete the incident. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID + :type incident_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py new file mode 100644 index 0000000000000..89a9a24c82096 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py @@ -0,0 +1,103 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class Operations(object): + """Operations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + + self.config = config + + def list( + self, custom_headers=None, raw=False, **operation_config): + """Lists all operations available Azure Security Insights Resource + Provider. + + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of Operation + :rtype: + ~azure.mgmt.securityinsight.models.OperationPaged[~azure.mgmt.securityinsight.models.Operation] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.OperationPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/providers/Microsoft.SecurityInsights/operations'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/version.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/version.py new file mode 100644 index 0000000000000..e0ec669828cbf --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/version.py @@ -0,0 +1,13 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +VERSION = "0.1.0" +