diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go
index 76762b15a8bc..7c29b208b4b4 100644
--- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go
+++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go
@@ -32,7 +32,7 @@ const (
 type AggregationsKind = original.AggregationsKind
 
 const (
-	CasesAggregation AggregationsKind = original.CasesAggregation
+	AggregationsKindCasesAggregation AggregationsKind = original.AggregationsKindCasesAggregation
 )
 
 type AlertRuleKind = original.AlertRuleKind
@@ -63,10 +63,10 @@ const (
 type CaseStatus = original.CaseStatus
 
 const (
-	Closed     CaseStatus = original.Closed
-	Draft      CaseStatus = original.Draft
-	InProgress CaseStatus = original.InProgress
-	Open       CaseStatus = original.Open
+	CaseStatusClosed     CaseStatus = original.CaseStatusClosed
+	CaseStatusDraft      CaseStatus = original.CaseStatusDraft
+	CaseStatusInProgress CaseStatus = original.CaseStatusInProgress
+	CaseStatusNew        CaseStatus = original.CaseStatusNew
 )
 
 type CloseReason = original.CloseReason
@@ -80,11 +80,12 @@ const (
 type DataConnectorKind = original.DataConnectorKind
 
 const (
-	AzureActiveDirectory      DataConnectorKind = original.AzureActiveDirectory
-	AzureSecurityCenter       DataConnectorKind = original.AzureSecurityCenter
-	MicrosoftCloudAppSecurity DataConnectorKind = original.MicrosoftCloudAppSecurity
-	Office365                 DataConnectorKind = original.Office365
-	ThreatIntelligence        DataConnectorKind = original.ThreatIntelligence
+	AmazonWebServicesCloudTrail DataConnectorKind = original.AmazonWebServicesCloudTrail
+	AzureActiveDirectory        DataConnectorKind = original.AzureActiveDirectory
+	AzureSecurityCenter         DataConnectorKind = original.AzureSecurityCenter
+	MicrosoftCloudAppSecurity   DataConnectorKind = original.MicrosoftCloudAppSecurity
+	Office365                   DataConnectorKind = original.Office365
+	ThreatIntelligence          DataConnectorKind = original.ThreatIntelligence
 )
 
 type DataTypeState = original.DataTypeState
@@ -112,18 +113,20 @@ const (
 type KindBasicAggregations = original.KindBasicAggregations
 
 const (
-	KindAggregations KindBasicAggregations = original.KindAggregations
+	KindAggregations     KindBasicAggregations = original.KindAggregations
+	KindCasesAggregation KindBasicAggregations = original.KindCasesAggregation
 )
 
 type KindBasicDataConnector = original.KindBasicDataConnector
 
 const (
-	KindAzureActiveDirectory      KindBasicDataConnector = original.KindAzureActiveDirectory
-	KindAzureSecurityCenter       KindBasicDataConnector = original.KindAzureSecurityCenter
-	KindDataConnector             KindBasicDataConnector = original.KindDataConnector
-	KindMicrosoftCloudAppSecurity KindBasicDataConnector = original.KindMicrosoftCloudAppSecurity
-	KindOffice365                 KindBasicDataConnector = original.KindOffice365
-	KindThreatIntelligence        KindBasicDataConnector = original.KindThreatIntelligence
+	KindAmazonWebServicesCloudTrail KindBasicDataConnector = original.KindAmazonWebServicesCloudTrail
+	KindAzureActiveDirectory        KindBasicDataConnector = original.KindAzureActiveDirectory
+	KindAzureSecurityCenter         KindBasicDataConnector = original.KindAzureSecurityCenter
+	KindDataConnector               KindBasicDataConnector = original.KindDataConnector
+	KindMicrosoftCloudAppSecurity   KindBasicDataConnector = original.KindMicrosoftCloudAppSecurity
+	KindOffice365                   KindBasicDataConnector = original.KindOffice365
+	KindThreatIntelligence          KindBasicDataConnector = original.KindThreatIntelligence
 )
 
 type KindBasicEntity = original.KindBasicEntity
@@ -143,6 +146,13 @@ const (
 	KindUebaSettings   KindBasicSettings = original.KindUebaSettings
 )
 
+type LicenseStatus = original.LicenseStatus
+
+const (
+	LicenseStatusDisabled LicenseStatus = original.LicenseStatusDisabled
+	LicenseStatusEnabled  LicenseStatus = original.LicenseStatusEnabled
+)
+
 type OSFamily = original.OSFamily
 
 const (
@@ -199,6 +209,10 @@ type AlertRulesListIterator = original.AlertRulesListIterator
 type AlertRulesListPage = original.AlertRulesListPage
 type AlertsDataTypeOfDataConnector = original.AlertsDataTypeOfDataConnector
 type AlertsDataTypeOfDataConnectorAlerts = original.AlertsDataTypeOfDataConnectorAlerts
+type AwsCloudTrailDataConnector = original.AwsCloudTrailDataConnector
+type AwsCloudTrailDataConnectorDataTypes = original.AwsCloudTrailDataConnectorDataTypes
+type AwsCloudTrailDataConnectorDataTypesLogs = original.AwsCloudTrailDataConnectorDataTypesLogs
+type AwsCloudTrailDataConnectorProperties = original.AwsCloudTrailDataConnectorProperties
 type BaseClient = original.BaseClient
 type BasicAggregations = original.BasicAggregations
 type BasicAlertRule = original.BasicAlertRule
@@ -216,6 +230,10 @@ type CaseList = original.CaseList
 type CaseListIterator = original.CaseListIterator
 type CaseListPage = original.CaseListPage
 type CaseProperties = original.CaseProperties
+type CasesAggregation = original.CasesAggregation
+type CasesAggregationBySeverityProperties = original.CasesAggregationBySeverityProperties
+type CasesAggregationByStatusProperties = original.CasesAggregationByStatusProperties
+type CasesAggregationProperties = original.CasesAggregationProperties
 type CasesAggregationsClient = original.CasesAggregationsClient
 type CasesClient = original.CasesClient
 type CloudError = original.CloudError
@@ -237,6 +255,12 @@ type EntityList = original.EntityList
 type EntityListIterator = original.EntityListIterator
 type EntityListPage = original.EntityListPage
 type EntityModel = original.EntityModel
+type EntityQueriesClient = original.EntityQueriesClient
+type EntityQuery = original.EntityQuery
+type EntityQueryList = original.EntityQueryList
+type EntityQueryListIterator = original.EntityQueryListIterator
+type EntityQueryListPage = original.EntityQueryListPage
+type EntityQueryProperties = original.EntityQueryProperties
 type FileEntity = original.FileEntity
 type FileEntityProperties = original.FileEntityProperties
 type HostEntity = original.HostEntity
@@ -358,6 +382,18 @@ func NewEntityListIterator(page EntityListPage) EntityListIterator {
 func NewEntityListPage(getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage {
 	return original.NewEntityListPage(getNextPage)
 }
+func NewEntityQueriesClient(subscriptionID string) EntityQueriesClient {
+	return original.NewEntityQueriesClient(subscriptionID)
+}
+func NewEntityQueriesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueriesClient {
+	return original.NewEntityQueriesClientWithBaseURI(baseURI, subscriptionID)
+}
+func NewEntityQueryListIterator(page EntityQueryListPage) EntityQueryListIterator {
+	return original.NewEntityQueryListIterator(page)
+}
+func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage {
+	return original.NewEntityQueryListPage(getNextPage)
+}
 func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator {
 	return original.NewOfficeConsentListIterator(page)
 }
@@ -433,6 +469,9 @@ func PossibleKindBasicSettingsValues() []KindBasicSettings {
 func PossibleKindValues() []Kind {
 	return original.PossibleKindValues()
 }
+func PossibleLicenseStatusValues() []LicenseStatus {
+	return original.PossibleLicenseStatusValues()
+}
 func PossibleOSFamilyValues() []OSFamily {
 	return original.PossibleOSFamilyValues()
 }
diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go
index 91ee04b3b4cf..9bd2fc7dc959 100644
--- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go
+++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go
@@ -28,6 +28,7 @@ type CasesAggregationsClientAPI = original.CasesAggregationsClientAPI
 type CasesClientAPI = original.CasesClientAPI
 type DataConnectorsClientAPI = original.DataConnectorsClientAPI
 type EntitiesClientAPI = original.EntitiesClientAPI
+type EntityQueriesClientAPI = original.EntityQueriesClientAPI
 type OfficeConsentsClientAPI = original.OfficeConsentsClientAPI
 type OperationsClientAPI = original.OperationsClientAPI
 type ProductSettingsClientAPI = original.ProductSettingsClientAPI
diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entityqueries.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entityqueries.go
new file mode 100644
index 000000000000..7e452fd7ee98
--- /dev/null
+++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/entityqueries.go
@@ -0,0 +1,270 @@
+package securityinsight
+
+// Copyright (c) Microsoft and contributors.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+import (
+	"context"
+	"github.com/Azure/go-autorest/autorest"
+	"github.com/Azure/go-autorest/autorest/azure"
+	"github.com/Azure/go-autorest/autorest/validation"
+	"github.com/Azure/go-autorest/tracing"
+	"net/http"
+)
+
+// EntityQueriesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
+type EntityQueriesClient struct {
+	BaseClient
+}
+
+// NewEntityQueriesClient creates an instance of the EntityQueriesClient client.
+func NewEntityQueriesClient(subscriptionID string) EntityQueriesClient {
+	return NewEntityQueriesClientWithBaseURI(DefaultBaseURI, subscriptionID)
+}
+
+// NewEntityQueriesClientWithBaseURI creates an instance of the EntityQueriesClient client.
+func NewEntityQueriesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueriesClient {
+	return EntityQueriesClient{NewWithBaseURI(baseURI, subscriptionID)}
+}
+
+// Get gets an entity query.
+// Parameters:
+// resourceGroupName - the name of the resource group within the user's subscription. The name is case
+// insensitive.
+// operationalInsightsResourceProvider - the namespace of workspaces resource provider-
+// Microsoft.OperationalInsights.
+// workspaceName - the name of the workspace.
+// entityQueryID - entity query ID
+func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (result EntityQuery, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/EntityQueriesClient.Get")
+		defer func() {
+			sc := -1
+			if result.Response.Response != nil {
+				sc = result.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}},
+		{TargetValue: resourceGroupName,
+			Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}},
+		{TargetValue: workspaceName,
+			Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil},
+				{Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("securityinsight.EntityQueriesClient", "Get", err.Error())
+	}
+
+	req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, entityQueryID)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "securityinsight.EntityQueriesClient", "Get", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.GetSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "securityinsight.EntityQueriesClient", "Get", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.GetResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "securityinsight.EntityQueriesClient", "Get", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// GetPreparer prepares the Get request.
+func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"entityQueryId":                       autorest.Encode("path", entityQueryID),
+		"operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider),
+		"resourceGroupName":                   autorest.Encode("path", resourceGroupName),
+		"subscriptionId":                      autorest.Encode("path", client.SubscriptionID),
+		"workspaceName":                       autorest.Encode("path", workspaceName),
+	}
+
+	const APIVersion = "2019-01-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// GetSender sends the Get request. The method will close the
+// http.Response Body if it receives an error.
+func (client EntityQueriesClient) GetSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		azure.DoRetryWithRegistration(client.Client))
+}
+
+// GetResponder handles the response to the Get request. The method always
+// closes the http.Response Body.
+func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQuery, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// List gets all entity queries.
+// Parameters:
+// resourceGroupName - the name of the resource group within the user's subscription. The name is case
+// insensitive.
+// operationalInsightsResourceProvider - the namespace of workspaces resource provider-
+// Microsoft.OperationalInsights.
+// workspaceName - the name of the workspace.
+func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListPage, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/EntityQueriesClient.List")
+		defer func() {
+			sc := -1
+			if result.eql.Response.Response != nil {
+				sc = result.eql.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}},
+		{TargetValue: resourceGroupName,
+			Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}},
+		{TargetValue: workspaceName,
+			Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil},
+				{Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("securityinsight.EntityQueriesClient", "List", err.Error())
+	}
+
+	result.fn = client.listNextResults
+	req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "securityinsight.EntityQueriesClient", "List", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListSender(req)
+	if err != nil {
+		result.eql.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "securityinsight.EntityQueriesClient", "List", resp, "Failure sending request")
+		return
+	}
+
+	result.eql, err = client.ListResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "securityinsight.EntityQueriesClient", "List", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListPreparer prepares the List request.
+func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider),
+		"resourceGroupName":                   autorest.Encode("path", resourceGroupName),
+		"subscriptionId":                      autorest.Encode("path", client.SubscriptionID),
+		"workspaceName":                       autorest.Encode("path", workspaceName),
+	}
+
+	const APIVersion = "2019-01-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListSender sends the List request. The method will close the
+// http.Response Body if it receives an error.
+func (client EntityQueriesClient) ListSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		azure.DoRetryWithRegistration(client.Client))
+}
+
+// ListResponder handles the response to the List request. The method always
+// closes the http.Response Body.
+func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// listNextResults retrieves the next set of results, if any.
+func (client EntityQueriesClient) listNextResults(ctx context.Context, lastResults EntityQueryList) (result EntityQueryList, err error) {
+	req, err := lastResults.entityQueryListPreparer(ctx)
+	if err != nil {
+		return result, autorest.NewErrorWithError(err, "securityinsight.EntityQueriesClient", "listNextResults", nil, "Failure preparing next results request")
+	}
+	if req == nil {
+		return
+	}
+	resp, err := client.ListSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		return result, autorest.NewErrorWithError(err, "securityinsight.EntityQueriesClient", "listNextResults", resp, "Failure sending next results request")
+	}
+	result, err = client.ListResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "securityinsight.EntityQueriesClient", "listNextResults", resp, "Failure responding to next results request")
+	}
+	return
+}
+
+// ListComplete enumerates all values, automatically crossing page boundaries as required.
+func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListIterator, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/EntityQueriesClient.List")
+		defer func() {
+			sc := -1
+			if result.Response().Response.Response != nil {
+				sc = result.page.Response().Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName)
+	return
+}
diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go
index 3be5b4cd9b39..9edc244aaa02 100644
--- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go
+++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go
@@ -35,13 +35,13 @@ const fqdn = "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight
 type AggregationsKind string
 
 const (
-	// CasesAggregation ...
-	CasesAggregation AggregationsKind = "CasesAggregation"
+	// AggregationsKindCasesAggregation ...
+	AggregationsKindCasesAggregation AggregationsKind = "CasesAggregation"
 )
 
 // PossibleAggregationsKindValues returns an array of possible values for the AggregationsKind const type.
 func PossibleAggregationsKindValues() []AggregationsKind {
-	return []AggregationsKind{CasesAggregation}
+	return []AggregationsKind{AggregationsKindCasesAggregation}
 }
 
 // AlertRuleKind enumerates the values for alert rule kind.
@@ -101,19 +101,19 @@ func PossibleCaseSeverityValues() []CaseSeverity {
 type CaseStatus string
 
 const (
-	// Closed A non active case
-	Closed CaseStatus = "Closed"
-	// Draft Case that wasn't promoted yet to active
-	Draft CaseStatus = "Draft"
-	// InProgress An active case which is handled
-	InProgress CaseStatus = "InProgress"
-	// Open An active case which isn't handled currently
-	Open CaseStatus = "Open"
+	// CaseStatusClosed A non active case
+	CaseStatusClosed CaseStatus = "Closed"
+	// CaseStatusDraft Case that wasn't promoted yet to active
+	CaseStatusDraft CaseStatus = "Draft"
+	// CaseStatusInProgress An active case which is handled
+	CaseStatusInProgress CaseStatus = "InProgress"
+	// CaseStatusNew An active case which isn't handled currently
+	CaseStatusNew CaseStatus = "New"
 )
 
 // PossibleCaseStatusValues returns an array of possible values for the CaseStatus const type.
 func PossibleCaseStatusValues() []CaseStatus {
-	return []CaseStatus{Closed, Draft, InProgress, Open}
+	return []CaseStatus{CaseStatusClosed, CaseStatusDraft, CaseStatusInProgress, CaseStatusNew}
 }
 
 // CloseReason enumerates the values for close reason.
@@ -137,6 +137,8 @@ func PossibleCloseReasonValues() []CloseReason {
 type DataConnectorKind string
 
 const (
+	// AmazonWebServicesCloudTrail ...
+	AmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail"
 	// AzureActiveDirectory ...
 	AzureActiveDirectory DataConnectorKind = "AzureActiveDirectory"
 	// AzureSecurityCenter ...
@@ -151,7 +153,7 @@ const (
 
 // PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.
 func PossibleDataConnectorKindValues() []DataConnectorKind {
-	return []DataConnectorKind{AzureActiveDirectory, AzureSecurityCenter, MicrosoftCloudAppSecurity, Office365, ThreatIntelligence}
+	return []DataConnectorKind{AmazonWebServicesCloudTrail, AzureActiveDirectory, AzureSecurityCenter, MicrosoftCloudAppSecurity, Office365, ThreatIntelligence}
 }
 
 // DataTypeState enumerates the values for data type state.
@@ -207,17 +209,21 @@ type KindBasicAggregations string
 const (
 	// KindAggregations ...
 	KindAggregations KindBasicAggregations = "Aggregations"
+	// KindCasesAggregation ...
+	KindCasesAggregation KindBasicAggregations = "CasesAggregation"
 )
 
 // PossibleKindBasicAggregationsValues returns an array of possible values for the KindBasicAggregations const type.
 func PossibleKindBasicAggregationsValues() []KindBasicAggregations {
-	return []KindBasicAggregations{KindAggregations}
+	return []KindBasicAggregations{KindAggregations, KindCasesAggregation}
 }
 
 // KindBasicDataConnector enumerates the values for kind basic data connector.
 type KindBasicDataConnector string
 
 const (
+	// KindAmazonWebServicesCloudTrail ...
+	KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail"
 	// KindAzureActiveDirectory ...
 	KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory"
 	// KindAzureSecurityCenter ...
@@ -234,7 +240,7 @@ const (
 
 // PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type.
 func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector {
-	return []KindBasicDataConnector{KindAzureActiveDirectory, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindOffice365, KindThreatIntelligence}
+	return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindOffice365, KindThreatIntelligence}
 }
 
 // KindBasicEntity enumerates the values for kind basic entity.
@@ -273,6 +279,21 @@ func PossibleKindBasicSettingsValues() []KindBasicSettings {
 	return []KindBasicSettings{KindSettings, KindToggleSettings, KindUebaSettings}
 }
 
+// LicenseStatus enumerates the values for license status.
+type LicenseStatus string
+
+const (
+	// LicenseStatusDisabled ...
+	LicenseStatusDisabled LicenseStatus = "Disabled"
+	// LicenseStatusEnabled ...
+	LicenseStatusEnabled LicenseStatus = "Enabled"
+)
+
+// PossibleLicenseStatusValues returns an array of possible values for the LicenseStatus const type.
+func PossibleLicenseStatusValues() []LicenseStatus {
+	return []LicenseStatus{LicenseStatusDisabled, LicenseStatusEnabled}
+}
+
 // OSFamily enumerates the values for os family.
 type OSFamily string
 
@@ -353,7 +374,7 @@ type AADDataConnector struct {
 	Name *string `json:"name,omitempty"`
 	// Etag - Etag of the data connector.
 	Etag *string `json:"etag,omitempty"`
-	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
+	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
 	Kind KindBasicDataConnector `json:"kind,omitempty"`
 }
 
@@ -383,6 +404,11 @@ func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) {
 	return nil, false
 }
 
+// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector.
+func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) {
+	return nil, false
+}
+
 // AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector.
 func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) {
 	return &adc, true
@@ -860,6 +886,7 @@ func NewActionsListPage(getNextPage func(context.Context, ActionsList) (ActionsL
 
 // BasicAggregations the aggregation.
 type BasicAggregations interface {
+	AsCasesAggregation() (*CasesAggregation, bool)
 	AsAggregations() (*Aggregations, bool)
 }
 
@@ -872,7 +899,7 @@ type Aggregations struct {
 	Type *string `json:"type,omitempty"`
 	// Name - READ-ONLY; Azure resource name
 	Name *string `json:"name,omitempty"`
-	// Kind - Possible values include: 'KindAggregations'
+	// Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation'
 	Kind KindBasicAggregations `json:"kind,omitempty"`
 }
 
@@ -884,6 +911,10 @@ func unmarshalBasicAggregations(body []byte) (BasicAggregations, error) {
 	}
 
 	switch m["kind"] {
+	case string(KindCasesAggregation):
+		var ca CasesAggregation
+		err := json.Unmarshal(body, &ca)
+		return ca, err
 	default:
 		var a Aggregations
 		err := json.Unmarshal(body, &a)
@@ -919,6 +950,11 @@ func (a Aggregations) MarshalJSON() ([]byte, error) {
 	return json.Marshal(objectMap)
 }
 
+// AsCasesAggregation is the BasicAggregations implementation for Aggregations.
+func (a Aggregations) AsCasesAggregation() (*CasesAggregation, bool) {
+	return nil, false
+}
+
 // AsAggregations is the BasicAggregations implementation for Aggregations.
 func (a Aggregations) AsAggregations() (*Aggregations, bool) {
 	return &a, true
@@ -931,7 +967,7 @@ func (a Aggregations) AsBasicAggregations() (BasicAggregations, bool) {
 
 // AggregationsKind1 describes an Azure resource with kind.
 type AggregationsKind1 struct {
-	// Kind - The kind of the setting. Possible values include: 'CasesAggregation'
+	// Kind - The kind of the setting. Possible values include: 'AggregationsKindCasesAggregation'
 	Kind AggregationsKind `json:"kind,omitempty"`
 }
 
@@ -1263,7 +1299,7 @@ type ASCDataConnector struct {
 	Name *string `json:"name,omitempty"`
 	// Etag - Etag of the data connector.
 	Etag *string `json:"etag,omitempty"`
-	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
+	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
 	Kind KindBasicDataConnector `json:"kind,omitempty"`
 }
 
@@ -1293,6 +1329,11 @@ func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) {
 	return nil, false
 }
 
+// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector.
+func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) {
+	return nil, false
+}
+
 // AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector.
 func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) {
 	return nil, false
@@ -1395,6 +1436,168 @@ type ASCDataConnectorProperties struct {
 	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
 }
 
+// AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector.
+type AwsCloudTrailDataConnector struct {
+	// AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.
+	*AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"`
+	// ID - READ-ONLY; Azure resource Id
+	ID *string `json:"id,omitempty"`
+	// Type - READ-ONLY; Azure resource type
+	Type *string `json:"type,omitempty"`
+	// Name - READ-ONLY; Azure resource name
+	Name *string `json:"name,omitempty"`
+	// Etag - Etag of the data connector.
+	Etag *string `json:"etag,omitempty"`
+	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
+	Kind KindBasicDataConnector `json:"kind,omitempty"`
+}
+
+// MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector.
+func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) {
+	actdc.Kind = KindAmazonWebServicesCloudTrail
+	objectMap := make(map[string]interface{})
+	if actdc.AwsCloudTrailDataConnectorProperties != nil {
+		objectMap["properties"] = actdc.AwsCloudTrailDataConnectorProperties
+	}
+	if actdc.Etag != nil {
+		objectMap["etag"] = actdc.Etag
+	}
+	if actdc.Kind != "" {
+		objectMap["kind"] = actdc.Kind
+	}
+	return json.Marshal(objectMap)
+}
+
+// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
+func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) {
+	return nil, false
+}
+
+// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
+func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) {
+	return nil, false
+}
+
+// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
+func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) {
+	return &actdc, true
+}
+
+// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
+func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) {
+	return nil, false
+}
+
+// AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
+func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) {
+	return nil, false
+}
+
+// AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
+func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) {
+	return nil, false
+}
+
+// AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
+func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool) {
+	return nil, false
+}
+
+// AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
+func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) {
+	return &actdc, true
+}
+
+// UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct.
+func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error {
+	var m map[string]*json.RawMessage
+	err := json.Unmarshal(body, &m)
+	if err != nil {
+		return err
+	}
+	for k, v := range m {
+		switch k {
+		case "properties":
+			if v != nil {
+				var awsCloudTrailDataConnectorProperties AwsCloudTrailDataConnectorProperties
+				err = json.Unmarshal(*v, &awsCloudTrailDataConnectorProperties)
+				if err != nil {
+					return err
+				}
+				actdc.AwsCloudTrailDataConnectorProperties = &awsCloudTrailDataConnectorProperties
+			}
+		case "id":
+			if v != nil {
+				var ID string
+				err = json.Unmarshal(*v, &ID)
+				if err != nil {
+					return err
+				}
+				actdc.ID = &ID
+			}
+		case "type":
+			if v != nil {
+				var typeVar string
+				err = json.Unmarshal(*v, &typeVar)
+				if err != nil {
+					return err
+				}
+				actdc.Type = &typeVar
+			}
+		case "name":
+			if v != nil {
+				var name string
+				err = json.Unmarshal(*v, &name)
+				if err != nil {
+					return err
+				}
+				actdc.Name = &name
+			}
+		case "etag":
+			if v != nil {
+				var etag string
+				err = json.Unmarshal(*v, &etag)
+				if err != nil {
+					return err
+				}
+				actdc.Etag = &etag
+			}
+		case "kind":
+			if v != nil {
+				var kind KindBasicDataConnector
+				err = json.Unmarshal(*v, &kind)
+				if err != nil {
+					return err
+				}
+				actdc.Kind = kind
+			}
+		}
+	}
+
+	return nil
+}
+
+// AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data
+// connector.
+type AwsCloudTrailDataConnectorDataTypes struct {
+	// Logs - Logs data type.
+	Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"`
+}
+
+// AwsCloudTrailDataConnectorDataTypesLogs logs data type.
+type AwsCloudTrailDataConnectorDataTypesLogs struct {
+	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
+	State DataTypeState `json:"state,omitempty"`
+}
+
+// AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties.
+type AwsCloudTrailDataConnectorProperties struct {
+	// AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
+	AwsRoleArn *string `json:"awsRoleArn,omitempty"`
+	// DataTypes - The available data types for the connector.
+	DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"`
+}
+
 // Bookmark represents a bookmark in Azure Security Insights.
 type Bookmark struct {
 	autorest.Response `json:"-"`
@@ -1901,12 +2104,148 @@ type CaseProperties struct {
 	AssignedTo *UserInfo `json:"assignedTo,omitempty"`
 	// Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational'
 	Severity CaseSeverity `json:"severity,omitempty"`
-	// Status - The status of the case. Possible values include: 'Draft', 'Open', 'InProgress', 'Closed'
+	// Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed'
 	Status CaseStatus `json:"status,omitempty"`
 	// CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'Other'
 	CloseReason CloseReason `json:"closeReason,omitempty"`
 }
 
+// CasesAggregation represents aggregations results for cases.
+type CasesAggregation struct {
+	// CasesAggregationProperties - Properties of aggregations results of cases.
+	*CasesAggregationProperties `json:"properties,omitempty"`
+	// ID - READ-ONLY; Azure resource Id
+	ID *string `json:"id,omitempty"`
+	// Type - READ-ONLY; Azure resource type
+	Type *string `json:"type,omitempty"`
+	// Name - READ-ONLY; Azure resource name
+	Name *string `json:"name,omitempty"`
+	// Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation'
+	Kind KindBasicAggregations `json:"kind,omitempty"`
+}
+
+// MarshalJSON is the custom marshaler for CasesAggregation.
+func (ca CasesAggregation) MarshalJSON() ([]byte, error) {
+	ca.Kind = KindCasesAggregation
+	objectMap := make(map[string]interface{})
+	if ca.CasesAggregationProperties != nil {
+		objectMap["properties"] = ca.CasesAggregationProperties
+	}
+	if ca.Kind != "" {
+		objectMap["kind"] = ca.Kind
+	}
+	return json.Marshal(objectMap)
+}
+
+// AsCasesAggregation is the BasicAggregations implementation for CasesAggregation.
+func (ca CasesAggregation) AsCasesAggregation() (*CasesAggregation, bool) {
+	return &ca, true
+}
+
+// AsAggregations is the BasicAggregations implementation for CasesAggregation.
+func (ca CasesAggregation) AsAggregations() (*Aggregations, bool) {
+	return nil, false
+}
+
+// AsBasicAggregations is the BasicAggregations implementation for CasesAggregation.
+func (ca CasesAggregation) AsBasicAggregations() (BasicAggregations, bool) {
+	return &ca, true
+}
+
+// UnmarshalJSON is the custom unmarshaler for CasesAggregation struct.
+func (ca *CasesAggregation) UnmarshalJSON(body []byte) error {
+	var m map[string]*json.RawMessage
+	err := json.Unmarshal(body, &m)
+	if err != nil {
+		return err
+	}
+	for k, v := range m {
+		switch k {
+		case "properties":
+			if v != nil {
+				var casesAggregationProperties CasesAggregationProperties
+				err = json.Unmarshal(*v, &casesAggregationProperties)
+				if err != nil {
+					return err
+				}
+				ca.CasesAggregationProperties = &casesAggregationProperties
+			}
+		case "id":
+			if v != nil {
+				var ID string
+				err = json.Unmarshal(*v, &ID)
+				if err != nil {
+					return err
+				}
+				ca.ID = &ID
+			}
+		case "type":
+			if v != nil {
+				var typeVar string
+				err = json.Unmarshal(*v, &typeVar)
+				if err != nil {
+					return err
+				}
+				ca.Type = &typeVar
+			}
+		case "name":
+			if v != nil {
+				var name string
+				err = json.Unmarshal(*v, &name)
+				if err != nil {
+					return err
+				}
+				ca.Name = &name
+			}
+		case "kind":
+			if v != nil {
+				var kind KindBasicAggregations
+				err = json.Unmarshal(*v, &kind)
+				if err != nil {
+					return err
+				}
+				ca.Kind = kind
+			}
+		}
+	}
+
+	return nil
+}
+
+// CasesAggregationBySeverityProperties aggregative results of cases by severity property bag.
+type CasesAggregationBySeverityProperties struct {
+	// TotalCriticalSeverity - READ-ONLY; Total amount of open cases with severity Critical
+	TotalCriticalSeverity *int32 `json:"totalCriticalSeverity,omitempty"`
+	// TotalHighSeverity - READ-ONLY; Total amount of open cases with severity High
+	TotalHighSeverity *int32 `json:"totalHighSeverity,omitempty"`
+	// TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium
+	TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"`
+	// TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low
+	TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"`
+	// TotalInformationalSeverity - READ-ONLY; Total amount of open cases with severity Informational
+	TotalInformationalSeverity *int32 `json:"totalInformationalSeverity,omitempty"`
+}
+
+// CasesAggregationByStatusProperties aggregative results of cases by status property bag.
+type CasesAggregationByStatusProperties struct {
+	// TotalNewStatus - READ-ONLY; Total amount of open cases with status New
+	TotalNewStatus *int32 `json:"totalNewStatus,omitempty"`
+	// TotalInProgressStatus - READ-ONLY; Total amount of open cases with status InProgress
+	TotalInProgressStatus *int32 `json:"totalInProgressStatus,omitempty"`
+	// TotalResolvedStatus - READ-ONLY; Total amount of open cases with status Resolved
+	TotalResolvedStatus *int32 `json:"totalResolvedStatus,omitempty"`
+	// TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed
+	TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"`
+}
+
+// CasesAggregationProperties aggregative results of cases property bag.
+type CasesAggregationProperties struct {
+	// AggregationBySeverity - Aggregations results by case severity.
+	AggregationBySeverity *CasesAggregationBySeverityProperties `json:"aggregationBySeverity,omitempty"`
+	// AggregationByStatus - Aggregations results by case status.
+	AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"`
+}
+
 // CloudError error response structure.
 type CloudError struct {
 	// CloudErrorBody - Error data
@@ -1958,6 +2297,7 @@ type CloudErrorBody struct {
 type BasicDataConnector interface {
 	AsOfficeDataConnector() (*OfficeDataConnector, bool)
 	AsTIDataConnector() (*TIDataConnector, bool)
+	AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
 	AsAADDataConnector() (*AADDataConnector, bool)
 	AsASCDataConnector() (*ASCDataConnector, bool)
 	AsMCASDataConnector() (*MCASDataConnector, bool)
@@ -1975,7 +2315,7 @@ type DataConnector struct {
 	Name *string `json:"name,omitempty"`
 	// Etag - Etag of the data connector.
 	Etag *string `json:"etag,omitempty"`
-	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
+	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
 	Kind KindBasicDataConnector `json:"kind,omitempty"`
 }
 
@@ -1995,6 +2335,10 @@ func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) {
 		var tdc TIDataConnector
 		err := json.Unmarshal(body, &tdc)
 		return tdc, err
+	case string(KindAmazonWebServicesCloudTrail):
+		var actdc AwsCloudTrailDataConnector
+		err := json.Unmarshal(body, &actdc)
+		return actdc, err
 	case string(KindAzureActiveDirectory):
 		var adc AADDataConnector
 		err := json.Unmarshal(body, &adc)
@@ -2055,6 +2399,11 @@ func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) {
 	return nil, false
 }
 
+// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector.
+func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) {
+	return nil, false
+}
+
 // AsAADDataConnector is the BasicDataConnector implementation for DataConnector.
 func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) {
 	return nil, false
@@ -2088,7 +2437,7 @@ type DataConnectorDataTypeCommon struct {
 
 // DataConnectorKind1 describes an Azure resource with kind.
 type DataConnectorKind1 struct {
-	// Kind - The kind of the data connector. Possible values include: 'AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSecurity', 'ThreatIntelligence', 'Office365'
+	// Kind - The kind of the data connector. Possible values include: 'AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSecurity', 'ThreatIntelligence', 'Office365', 'AmazonWebServicesCloudTrail'
 	Kind DataConnectorKind `json:"kind,omitempty"`
 }
 
@@ -2601,6 +2950,241 @@ func (em *EntityModel) UnmarshalJSON(body []byte) error {
 	return nil
 }
 
+// EntityQuery specific entity query.
+type EntityQuery struct {
+	autorest.Response `json:"-"`
+	// EntityQueryProperties - Entity query properties
+	*EntityQueryProperties `json:"properties,omitempty"`
+	// ID - READ-ONLY; Azure resource Id
+	ID *string `json:"id,omitempty"`
+	// Type - READ-ONLY; Azure resource type
+	Type *string `json:"type,omitempty"`
+	// Name - READ-ONLY; Azure resource name
+	Name *string `json:"name,omitempty"`
+}
+
+// MarshalJSON is the custom marshaler for EntityQuery.
+func (eq EntityQuery) MarshalJSON() ([]byte, error) {
+	objectMap := make(map[string]interface{})
+	if eq.EntityQueryProperties != nil {
+		objectMap["properties"] = eq.EntityQueryProperties
+	}
+	return json.Marshal(objectMap)
+}
+
+// UnmarshalJSON is the custom unmarshaler for EntityQuery struct.
+func (eq *EntityQuery) UnmarshalJSON(body []byte) error {
+	var m map[string]*json.RawMessage
+	err := json.Unmarshal(body, &m)
+	if err != nil {
+		return err
+	}
+	for k, v := range m {
+		switch k {
+		case "properties":
+			if v != nil {
+				var entityQueryProperties EntityQueryProperties
+				err = json.Unmarshal(*v, &entityQueryProperties)
+				if err != nil {
+					return err
+				}
+				eq.EntityQueryProperties = &entityQueryProperties
+			}
+		case "id":
+			if v != nil {
+				var ID string
+				err = json.Unmarshal(*v, &ID)
+				if err != nil {
+					return err
+				}
+				eq.ID = &ID
+			}
+		case "type":
+			if v != nil {
+				var typeVar string
+				err = json.Unmarshal(*v, &typeVar)
+				if err != nil {
+					return err
+				}
+				eq.Type = &typeVar
+			}
+		case "name":
+			if v != nil {
+				var name string
+				err = json.Unmarshal(*v, &name)
+				if err != nil {
+					return err
+				}
+				eq.Name = &name
+			}
+		}
+	}
+
+	return nil
+}
+
+// EntityQueryList list of all the entity queries.
+type EntityQueryList struct {
+	autorest.Response `json:"-"`
+	// NextLink - READ-ONLY; URL to fetch the next set of entity queries.
+	NextLink *string `json:"nextLink,omitempty"`
+	// Value - Array of entity queries.
+	Value *[]EntityQuery `json:"value,omitempty"`
+}
+
+// EntityQueryListIterator provides access to a complete listing of EntityQuery values.
+type EntityQueryListIterator struct {
+	i    int
+	page EntityQueryListPage
+}
+
+// NextWithContext advances to the next value.  If there was an error making
+// the request the iterator does not advance and the error is returned.
+func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/EntityQueryListIterator.NextWithContext")
+		defer func() {
+			sc := -1
+			if iter.Response().Response.Response != nil {
+				sc = iter.Response().Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	iter.i++
+	if iter.i < len(iter.page.Values()) {
+		return nil
+	}
+	err = iter.page.NextWithContext(ctx)
+	if err != nil {
+		iter.i--
+		return err
+	}
+	iter.i = 0
+	return nil
+}
+
+// Next advances to the next value.  If there was an error making
+// the request the iterator does not advance and the error is returned.
+// Deprecated: Use NextWithContext() instead.
+func (iter *EntityQueryListIterator) Next() error {
+	return iter.NextWithContext(context.Background())
+}
+
+// NotDone returns true if the enumeration should be started or is not yet complete.
+func (iter EntityQueryListIterator) NotDone() bool {
+	return iter.page.NotDone() && iter.i < len(iter.page.Values())
+}
+
+// Response returns the raw server response from the last page request.
+func (iter EntityQueryListIterator) Response() EntityQueryList {
+	return iter.page.Response()
+}
+
+// Value returns the current value or a zero-initialized value if the
+// iterator has advanced beyond the end of the collection.
+func (iter EntityQueryListIterator) Value() EntityQuery {
+	if !iter.page.NotDone() {
+		return EntityQuery{}
+	}
+	return iter.page.Values()[iter.i]
+}
+
+// Creates a new instance of the EntityQueryListIterator type.
+func NewEntityQueryListIterator(page EntityQueryListPage) EntityQueryListIterator {
+	return EntityQueryListIterator{page: page}
+}
+
+// IsEmpty returns true if the ListResult contains no values.
+func (eql EntityQueryList) IsEmpty() bool {
+	return eql.Value == nil || len(*eql.Value) == 0
+}
+
+// entityQueryListPreparer prepares a request to retrieve the next set of results.
+// It returns nil if no more results exist.
+func (eql EntityQueryList) entityQueryListPreparer(ctx context.Context) (*http.Request, error) {
+	if eql.NextLink == nil || len(to.String(eql.NextLink)) < 1 {
+		return nil, nil
+	}
+	return autorest.Prepare((&http.Request{}).WithContext(ctx),
+		autorest.AsJSON(),
+		autorest.AsGet(),
+		autorest.WithBaseURL(to.String(eql.NextLink)))
+}
+
+// EntityQueryListPage contains a page of EntityQuery values.
+type EntityQueryListPage struct {
+	fn  func(context.Context, EntityQueryList) (EntityQueryList, error)
+	eql EntityQueryList
+}
+
+// NextWithContext advances to the next page of values.  If there was an error making
+// the request the page does not advance and the error is returned.
+func (page *EntityQueryListPage) NextWithContext(ctx context.Context) (err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/EntityQueryListPage.NextWithContext")
+		defer func() {
+			sc := -1
+			if page.Response().Response.Response != nil {
+				sc = page.Response().Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	next, err := page.fn(ctx, page.eql)
+	if err != nil {
+		return err
+	}
+	page.eql = next
+	return nil
+}
+
+// Next advances to the next page of values.  If there was an error making
+// the request the page does not advance and the error is returned.
+// Deprecated: Use NextWithContext() instead.
+func (page *EntityQueryListPage) Next() error {
+	return page.NextWithContext(context.Background())
+}
+
+// NotDone returns true if the page enumeration should be started or is not yet complete.
+func (page EntityQueryListPage) NotDone() bool {
+	return !page.eql.IsEmpty()
+}
+
+// Response returns the raw server response from the last page request.
+func (page EntityQueryListPage) Response() EntityQueryList {
+	return page.eql
+}
+
+// Values returns the slice of values for the current page or nil if there are no values.
+func (page EntityQueryListPage) Values() []EntityQuery {
+	if page.eql.IsEmpty() {
+		return nil
+	}
+	return *page.eql.Value
+}
+
+// Creates a new instance of the EntityQueryListPage type.
+func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage {
+	return EntityQueryListPage{fn: getNextPage}
+}
+
+// EntityQueryProperties describes entity query properties
+type EntityQueryProperties struct {
+	// QueryTemplate - The template query string to be parsed and formatted
+	QueryTemplate *string `json:"queryTemplate,omitempty"`
+	// InputEntityType - The type of the query's source entity
+	InputEntityType *string `json:"inputEntityType,omitempty"`
+	// InputFields - List of the fields of the source entity that are required to run the query
+	InputFields *[]string `json:"inputFields,omitempty"`
+	// OutputEntityTypes - List of the desired output types to be constructed from the result
+	OutputEntityTypes *[]string `json:"outputEntityTypes,omitempty"`
+	// DataSources - List of the data sources that are required to run the query
+	DataSources *[]string `json:"dataSources,omitempty"`
+	// DisplayName - The query display name
+	DisplayName *string `json:"displayName,omitempty"`
+}
+
 // FileEntity represents a file entity.
 type FileEntity struct {
 	// FileEntityProperties - File entity properties
@@ -2867,7 +3451,7 @@ type MCASDataConnector struct {
 	Name *string `json:"name,omitempty"`
 	// Etag - Etag of the data connector.
 	Etag *string `json:"etag,omitempty"`
-	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
+	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
 	Kind KindBasicDataConnector `json:"kind,omitempty"`
 }
 
@@ -2897,6 +3481,11 @@ func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) {
 	return nil, false
 }
 
+// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector.
+func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) {
+	return nil, false
+}
+
 // AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector.
 func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) {
 	return nil, false
@@ -3238,7 +3827,7 @@ type OfficeDataConnector struct {
 	Name *string `json:"name,omitempty"`
 	// Etag - Etag of the data connector.
 	Etag *string `json:"etag,omitempty"`
-	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
+	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
 	Kind KindBasicDataConnector `json:"kind,omitempty"`
 }
 
@@ -3268,6 +3857,11 @@ func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) {
 	return nil, false
 }
 
+// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
+func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) {
+	return nil, false
+}
+
 // AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
 func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) {
 	return nil, false
@@ -3726,6 +4320,8 @@ type Settings struct {
 	Type *string `json:"type,omitempty"`
 	// Name - READ-ONLY; Azure resource name
 	Name *string `json:"name,omitempty"`
+	// Etag - Etag of the alert rule.
+	Etag *string `json:"etag,omitempty"`
 	// Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings'
 	Kind KindBasicSettings `json:"kind,omitempty"`
 }
@@ -3775,6 +4371,9 @@ func unmarshalBasicSettingsArray(body []byte) ([]BasicSettings, error) {
 func (s Settings) MarshalJSON() ([]byte, error) {
 	s.Kind = KindSettings
 	objectMap := make(map[string]interface{})
+	if s.Etag != nil {
+		objectMap["etag"] = s.Etag
+	}
 	if s.Kind != "" {
 		objectMap["kind"] = s.Kind
 	}
@@ -3836,7 +4435,7 @@ type TIDataConnector struct {
 	Name *string `json:"name,omitempty"`
 	// Etag - Etag of the data connector.
 	Etag *string `json:"etag,omitempty"`
-	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
+	// Kind - Possible values include: 'KindDataConnector', 'KindOffice365', 'KindThreatIntelligence', 'KindAmazonWebServicesCloudTrail', 'KindAzureActiveDirectory', 'KindAzureSecurityCenter', 'KindMicrosoftCloudAppSecurity'
 	Kind KindBasicDataConnector `json:"kind,omitempty"`
 }
 
@@ -3866,6 +4465,11 @@ func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) {
 	return &tdc, true
 }
 
+// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector.
+func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) {
+	return nil, false
+}
+
 // AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector.
 func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) {
 	return nil, false
@@ -3990,6 +4594,8 @@ type ToggleSettings struct {
 	Type *string `json:"type,omitempty"`
 	// Name - READ-ONLY; Azure resource name
 	Name *string `json:"name,omitempty"`
+	// Etag - Etag of the alert rule.
+	Etag *string `json:"etag,omitempty"`
 	// Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings'
 	Kind KindBasicSettings `json:"kind,omitempty"`
 }
@@ -4001,6 +4607,9 @@ func (ts ToggleSettings) MarshalJSON() ([]byte, error) {
 	if ts.ToggleSettingsProperties != nil {
 		objectMap["properties"] = ts.ToggleSettingsProperties
 	}
+	if ts.Etag != nil {
+		objectMap["etag"] = ts.Etag
+	}
 	if ts.Kind != "" {
 		objectMap["kind"] = ts.Kind
 	}
@@ -4072,6 +4681,15 @@ func (ts *ToggleSettings) UnmarshalJSON(body []byte) error {
 				}
 				ts.Name = &name
 			}
+		case "etag":
+			if v != nil {
+				var etag string
+				err = json.Unmarshal(*v, &etag)
+				if err != nil {
+					return err
+				}
+				ts.Etag = &etag
+			}
 		case "kind":
 			if v != nil {
 				var kind KindBasicSettings
@@ -4103,6 +4721,8 @@ type UebaSettings struct {
 	Type *string `json:"type,omitempty"`
 	// Name - READ-ONLY; Azure resource name
 	Name *string `json:"name,omitempty"`
+	// Etag - Etag of the alert rule.
+	Etag *string `json:"etag,omitempty"`
 	// Kind - Possible values include: 'KindSettings', 'KindUebaSettings', 'KindToggleSettings'
 	Kind KindBasicSettings `json:"kind,omitempty"`
 }
@@ -4114,6 +4734,9 @@ func (us UebaSettings) MarshalJSON() ([]byte, error) {
 	if us.UebaSettingsProperties != nil {
 		objectMap["properties"] = us.UebaSettingsProperties
 	}
+	if us.Etag != nil {
+		objectMap["etag"] = us.Etag
+	}
 	if us.Kind != "" {
 		objectMap["kind"] = us.Kind
 	}
@@ -4185,6 +4808,15 @@ func (us *UebaSettings) UnmarshalJSON(body []byte) error {
 				}
 				us.Name = &name
 			}
+		case "etag":
+			if v != nil {
+				var etag string
+				err = json.Unmarshal(*v, &etag)
+				if err != nil {
+					return err
+				}
+				us.Etag = &etag
+			}
 		case "kind":
 			if v != nil {
 				var kind KindBasicSettings
@@ -4206,8 +4838,8 @@ type UebaSettingsProperties struct {
 	IsEnabled *bool `json:"isEnabled,omitempty"`
 	// StatusInMcas - READ-ONLY; Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: 'StatusInMcasEnabled', 'StatusInMcasDisabled'
 	StatusInMcas StatusInMcas `json:"statusInMcas,omitempty"`
-	// AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license.
-	AtpLicenseStatus *bool `json:"atpLicenseStatus,omitempty"`
+	// AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled'
+	AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"`
 }
 
 // UserInfo user information that made some action
diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go
index db0717a1bd3d..80cadcd82ce4 100644
--- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go
+++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go
@@ -111,3 +111,11 @@ type CasesAggregationsClientAPI interface {
 }
 
 var _ CasesAggregationsClientAPI = (*securityinsight.CasesAggregationsClient)(nil)
+
+// EntityQueriesClientAPI contains the set of methods on the EntityQueriesClient type.
+type EntityQueriesClientAPI interface {
+	Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (result securityinsight.EntityQuery, err error)
+	List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.EntityQueryListPage, err error)
+}
+
+var _ EntityQueriesClientAPI = (*securityinsight.EntityQueriesClient)(nil)