diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go index aaacda66d67a..b3dbd8e93239 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/models.go @@ -38,6 +38,8 @@ const ( type AlertRuleKind = original.AlertRuleKind const ( + Filter AlertRuleKind = original.Filter + Fusion AlertRuleKind = original.Fusion Scheduled AlertRuleKind = original.Scheduled ) @@ -60,6 +62,22 @@ const ( AlertStatusUnknown AlertStatus = original.AlertStatusUnknown ) +type AttackTactic = original.AttackTactic + +const ( + Collection AttackTactic = original.Collection + CommandAndControl AttackTactic = original.CommandAndControl + CredentialAccess AttackTactic = original.CredentialAccess + DefenseEvasion AttackTactic = original.DefenseEvasion + Discovery AttackTactic = original.Discovery + Execution AttackTactic = original.Execution + Exfiltration AttackTactic = original.Exfiltration + InitialAccess AttackTactic = original.InitialAccess + LateralMovement AttackTactic = original.LateralMovement + Persistence AttackTactic = original.Persistence + PrivilegeEscalation AttackTactic = original.PrivilegeEscalation +) + type CaseSeverity = original.CaseSeverity const ( @@ -82,9 +100,11 @@ const ( type CloseReason = original.CloseReason const ( - Dismissed CloseReason = original.Dismissed - Other CloseReason = original.Other - Resolved CloseReason = original.Resolved + Dismissed CloseReason = original.Dismissed + FalsePositive CloseReason = original.FalsePositive + Other CloseReason = original.Other + Resolved CloseReason = original.Resolved + TruePositive CloseReason = original.TruePositive ) type ConfidenceLevel = original.ConfidenceLevel @@ -124,6 +144,13 @@ const ( Enabled DataTypeState = original.Enabled ) +type DataTypeStatus = original.DataTypeStatus + +const ( + Exist DataTypeStatus = original.Exist + NotExist DataTypeStatus = original.NotExist +) + type ElevationToken = original.ElevationToken const ( @@ -217,6 +244,15 @@ const ( KindCasesAggregation KindBasicAggregations = original.KindCasesAggregation ) +type KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplate + +const ( + KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindAlertRuleTemplate + KindBasicAlertRuleTemplateKindFilter KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindFilter + KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindFusion + KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = original.KindBasicAlertRuleTemplateKindScheduled +) + type KindBasicDataConnector = original.KindBasicDataConnector const ( @@ -318,6 +354,14 @@ const ( StatusInMcasEnabled StatusInMcas = original.StatusInMcasEnabled ) +type TemplateStatus = original.TemplateStatus + +const ( + Available TemplateStatus = original.Available + Installed TemplateStatus = original.Installed + NotAvailable TemplateStatus = original.NotAvailable +) + type TriggerOperator = original.TriggerOperator const ( @@ -347,6 +391,12 @@ type AggregationsModel = original.AggregationsModel type AlertRule = original.AlertRule type AlertRuleKind1 = original.AlertRuleKind1 type AlertRuleModel = original.AlertRuleModel +type AlertRuleTemplate = original.AlertRuleTemplate +type AlertRuleTemplateModel = original.AlertRuleTemplateModel +type AlertRuleTemplatesClient = original.AlertRuleTemplatesClient +type AlertRuleTemplatesList = original.AlertRuleTemplatesList +type AlertRuleTemplatesListIterator = original.AlertRuleTemplatesListIterator +type AlertRuleTemplatesListPage = original.AlertRuleTemplatesListPage type AlertRulesClient = original.AlertRulesClient type AlertRulesList = original.AlertRulesList type AlertRulesListIterator = original.AlertRulesListIterator @@ -359,9 +409,11 @@ type AwsCloudTrailDataConnectorDataTypesLogs = original.AwsCloudTrailDataConnect type AwsCloudTrailDataConnectorProperties = original.AwsCloudTrailDataConnectorProperties type AzureResourceEntity = original.AzureResourceEntity type AzureResourceEntityProperties = original.AzureResourceEntityProperties +type BaseAlertRuleTemplateProperties = original.BaseAlertRuleTemplateProperties type BaseClient = original.BaseClient type BasicAggregations = original.BasicAggregations type BasicAlertRule = original.BasicAlertRule +type BasicAlertRuleTemplate = original.BasicAlertRuleTemplate type BasicDataConnector = original.BasicDataConnector type BasicEntity = original.BasicEntity type BasicSettings = original.BasicSettings @@ -372,6 +424,12 @@ type BookmarkListPage = original.BookmarkListPage type BookmarkProperties = original.BookmarkProperties type BookmarksClient = original.BookmarksClient type Case = original.Case +type CaseComment = original.CaseComment +type CaseCommentList = original.CaseCommentList +type CaseCommentListIterator = original.CaseCommentListIterator +type CaseCommentListPage = original.CaseCommentListPage +type CaseCommentProperties = original.CaseCommentProperties +type CaseCommentsClient = original.CaseCommentsClient type CaseList = original.CaseList type CaseListIterator = original.CaseListIterator type CaseListPage = original.CaseListPage @@ -386,6 +444,7 @@ type CloudApplicationEntity = original.CloudApplicationEntity type CloudApplicationEntityProperties = original.CloudApplicationEntityProperties type CloudError = original.CloudError type CloudErrorBody = original.CloudErrorBody +type CommentsClient = original.CommentsClient type DNSEntity = original.DNSEntity type DNSEntityProperties = original.DNSEntityProperties type DataConnector = original.DataConnector @@ -395,6 +454,7 @@ type DataConnectorList = original.DataConnectorList type DataConnectorListIterator = original.DataConnectorListIterator type DataConnectorListPage = original.DataConnectorListPage type DataConnectorModel = original.DataConnectorModel +type DataConnectorStatus = original.DataConnectorStatus type DataConnectorTenantID = original.DataConnectorTenantID type DataConnectorWithAlertsProperties = original.DataConnectorWithAlertsProperties type DataConnectorsClient = original.DataConnectorsClient @@ -421,6 +481,12 @@ type FileEntity = original.FileEntity type FileEntityProperties = original.FileEntityProperties type FileHashEntity = original.FileHashEntity type FileHashEntityProperties = original.FileHashEntityProperties +type FilterAlertRuleTemplate = original.FilterAlertRuleTemplate +type FilterAlertRuleTemplateProperties = original.FilterAlertRuleTemplateProperties +type FilterAlertRuleTemplatePropertiesModel = original.FilterAlertRuleTemplatePropertiesModel +type FusionAlertRuleTemplate = original.FusionAlertRuleTemplate +type FusionAlertRuleTemplateProperties = original.FusionAlertRuleTemplateProperties +type FusionAlertRuleTemplatePropertiesModel = original.FusionAlertRuleTemplatePropertiesModel type GeoLocation = original.GeoLocation type HostEntity = original.HostEntity type HostEntityProperties = original.HostEntityProperties @@ -461,6 +527,9 @@ type RegistryValueEntityProperties = original.RegistryValueEntityProperties type Resource = original.Resource type ScheduledAlertRule = original.ScheduledAlertRule type ScheduledAlertRuleProperties = original.ScheduledAlertRuleProperties +type ScheduledAlertRuleTemplate = original.ScheduledAlertRuleTemplate +type ScheduledAlertRuleTemplateProperties = original.ScheduledAlertRuleTemplateProperties +type ScheduledAlertRuleTemplatePropertiesModel = original.ScheduledAlertRuleTemplatePropertiesModel type SecurityAlert = original.SecurityAlert type SecurityAlertProperties = original.SecurityAlertProperties type SecurityAlertPropertiesConfidenceReasonsItem = original.SecurityAlertPropertiesConfidenceReasonsItem @@ -497,6 +566,18 @@ func NewActionsListIterator(page ActionsListPage) ActionsListIterator { func NewActionsListPage(getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage { return original.NewActionsListPage(getNextPage) } +func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient { + return original.NewAlertRuleTemplatesClient(subscriptionID) +} +func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient { + return original.NewAlertRuleTemplatesClientWithBaseURI(baseURI, subscriptionID) +} +func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator { + return original.NewAlertRuleTemplatesListIterator(page) +} +func NewAlertRuleTemplatesListPage(getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage { + return original.NewAlertRuleTemplatesListPage(getNextPage) +} func NewAlertRulesClient(subscriptionID string) AlertRulesClient { return original.NewAlertRulesClient(subscriptionID) } @@ -521,6 +602,18 @@ func NewBookmarksClient(subscriptionID string) BookmarksClient { func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient { return original.NewBookmarksClientWithBaseURI(baseURI, subscriptionID) } +func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator { + return original.NewCaseCommentListIterator(page) +} +func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage { + return original.NewCaseCommentListPage(getNextPage) +} +func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient { + return original.NewCaseCommentsClient(subscriptionID) +} +func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient { + return original.NewCaseCommentsClientWithBaseURI(baseURI, subscriptionID) +} func NewCaseListIterator(page CaseListPage) CaseListIterator { return original.NewCaseListIterator(page) } @@ -539,6 +632,12 @@ func NewCasesClient(subscriptionID string) CasesClient { func NewCasesClientWithBaseURI(baseURI string, subscriptionID string) CasesClient { return original.NewCasesClientWithBaseURI(baseURI, subscriptionID) } +func NewCommentsClient(subscriptionID string) CommentsClient { + return original.NewCommentsClient(subscriptionID) +} +func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient { + return original.NewCommentsClientWithBaseURI(baseURI, subscriptionID) +} func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator { return original.NewDataConnectorListIterator(page) } @@ -620,6 +719,9 @@ func PossibleAlertSeverityValues() []AlertSeverity { func PossibleAlertStatusValues() []AlertStatus { return original.PossibleAlertStatusValues() } +func PossibleAttackTacticValues() []AttackTactic { + return original.PossibleAttackTacticValues() +} func PossibleCaseSeverityValues() []CaseSeverity { return original.PossibleCaseSeverityValues() } @@ -641,6 +743,9 @@ func PossibleDataConnectorKindValues() []DataConnectorKind { func PossibleDataTypeStateValues() []DataTypeState { return original.PossibleDataTypeStateValues() } +func PossibleDataTypeStatusValues() []DataTypeStatus { + return original.PossibleDataTypeStatusValues() +} func PossibleElevationTokenValues() []ElevationToken { return original.PossibleElevationTokenValues() } @@ -659,6 +764,9 @@ func PossibleKillChainIntentValues() []KillChainIntent { func PossibleKindBasicAggregationsValues() []KindBasicAggregations { return original.PossibleKindBasicAggregationsValues() } +func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { + return original.PossibleKindBasicAlertRuleTemplateValues() +} func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { return original.PossibleKindBasicDataConnectorValues() } @@ -689,6 +797,9 @@ func PossibleSettingKindValues() []SettingKind { func PossibleStatusInMcasValues() []StatusInMcas { return original.PossibleStatusInMcasValues() } +func PossibleTemplateStatusValues() []TemplateStatus { + return original.PossibleTemplateStatusValues() +} func PossibleTriggerOperatorValues() []TriggerOperator { return original.PossibleTriggerOperatorValues() } diff --git a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go index 9bd2fc7dc959..8ab6cea80eac 100644 --- a/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go +++ b/profiles/preview/preview/securityinsight/mgmt/securityinsight/securityinsightapi/models.go @@ -22,10 +22,13 @@ package securityinsightapi import original "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi" type ActionsClientAPI = original.ActionsClientAPI +type AlertRuleTemplatesClientAPI = original.AlertRuleTemplatesClientAPI type AlertRulesClientAPI = original.AlertRulesClientAPI type BookmarksClientAPI = original.BookmarksClientAPI +type CaseCommentsClientAPI = original.CaseCommentsClientAPI type CasesAggregationsClientAPI = original.CasesAggregationsClientAPI type CasesClientAPI = original.CasesClientAPI +type CommentsClientAPI = original.CommentsClientAPI type DataConnectorsClientAPI = original.DataConnectorsClientAPI type EntitiesClientAPI = original.EntitiesClientAPI type EntityQueriesClientAPI = original.EntityQueriesClientAPI diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertruletemplates.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertruletemplates.go new file mode 100644 index 000000000000..c9d00301a65b --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertruletemplates.go @@ -0,0 +1,270 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type AlertRuleTemplatesClient struct { + BaseClient +} + +// NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client. +func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient { + return NewAlertRuleTemplatesClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client. +func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient { + return AlertRuleTemplatesClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Get gets the alert rule template. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// alertRuleTemplateID - alert rule template ID +func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRuleTemplatesClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, alertRuleTemplateID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "alertRuleTemplateId": autorest.Encode("path", alertRuleTemplateID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all alert rule templates. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.List") + defer func() { + sc := -1 + if result.artl.Response.Response != nil { + sc = result.artl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRuleTemplatesClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.artl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", resp, "Failure sending request") + return + } + + result.artl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client AlertRuleTemplatesClient) listNextResults(ctx context.Context, lastResults AlertRuleTemplatesList) (result AlertRuleTemplatesList, err error) { + req, err := lastResults.alertRuleTemplatesListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go index 6b2677e3e20f..d324696ba926 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/bookmarks.go @@ -74,6 +74,10 @@ func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupN {TargetValue: bookmark, Constraints: []validation.Constraint{{Target: "bookmark.BookmarkProperties", Name: validation.Null, Rule: false, Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "bookmark.BookmarkProperties.CreatedBy", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + {Target: "bookmark.BookmarkProperties.UpdatedBy", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.UpdatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, {Target: "bookmark.BookmarkProperties.Query", Name: validation.Null, Rule: true, Chain: nil}, }}}}}); err != nil { return result, validation.NewError("securityinsight.BookmarksClient", "CreateOrUpdate", err.Error()) diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/casecomments.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/casecomments.go new file mode 100644 index 000000000000..897d9d02fa33 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/casecomments.go @@ -0,0 +1,149 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// CaseCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type CaseCommentsClient struct { + BaseClient +} + +// NewCaseCommentsClient creates an instance of the CaseCommentsClient client. +func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient { + return NewCaseCommentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewCaseCommentsClientWithBaseURI creates an instance of the CaseCommentsClient client. +func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient { + return CaseCommentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateComment creates the case comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// caseCommentID - case comment ID +// caseComment - the case comment +func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (result CaseComment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseCommentsClient.CreateComment") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: caseComment, + Constraints: []validation.Constraint{{Target: "caseComment.CaseCommentProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseComment.CaseCommentProperties.Message", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "caseComment.CaseCommentProperties.UserInfo", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseComment.CaseCommentProperties.UserInfo.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + }}}}}); err != nil { + return result, validation.NewError("securityinsight.CaseCommentsClient", "CreateComment", err.Error()) + } + + req, err := client.CreateCommentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, caseCommentID, caseComment) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseCommentsClient", "CreateComment", nil, "Failure preparing request") + return + } + + resp, err := client.CreateCommentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CaseCommentsClient", "CreateComment", resp, "Failure sending request") + return + } + + result, err = client.CreateCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CaseCommentsClient", "CreateComment", resp, "Failure responding to request") + } + + return +} + +// CreateCommentPreparer prepares the CreateComment request. +func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseCommentId": autorest.Encode("path", caseCommentID), + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}", pathParameters), + autorest.WithJSON(caseComment), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateCommentSender sends the CreateComment request. The method will close the +// http.Response Body if it receives an error. +func (client CaseCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// CreateCommentResponder handles the response to the CreateComment request. The method always +// closes the http.Response Body. +func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go index 9a4eb0d79790..5f4bc4d1c106 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/cases.go @@ -73,7 +73,11 @@ func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, {TargetValue: caseParameter, Constraints: []validation.Constraint{{Target: "caseParameter.CaseProperties", Name: validation.Null, Rule: false, - Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.StartTimeUtc", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "caseParameter.CaseProperties.Title", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "caseParameter.CaseProperties.Owner", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "caseParameter.CaseProperties.Owner.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + }}}}}); err != nil { return result, validation.NewError("securityinsight.CasesClient", "CreateOrUpdate", err.Error()) } @@ -334,6 +338,104 @@ func (client CasesClient) GetResponder(resp *http.Response) (result Case, err er return } +// GetComment gets a case comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// caseCommentID - case comment ID +func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result CaseComment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CasesClient.GetComment") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.CasesClient", "GetComment", err.Error()) + } + + req, err := client.GetCommentPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, caseCommentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "GetComment", nil, "Failure preparing request") + return + } + + resp, err := client.GetCommentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "GetComment", resp, "Failure sending request") + return + } + + result, err = client.GetCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "GetComment", resp, "Failure responding to request") + } + + return +} + +// GetCommentPreparer prepares the GetComment request. +func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseCommentId": autorest.Encode("path", caseCommentID), + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetCommentSender sends the GetComment request. The method will close the +// http.Response Body if it receives an error. +func (client CasesClient) GetCommentSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetCommentResponder handles the response to the GetComment request. The method always +// closes the http.Response Body. +func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + // List gets all cases. // Parameters: // resourceGroupName - the name of the resource group within the user's subscription. The name is case @@ -341,7 +443,13 @@ func (client CasesClient) GetResponder(resp *http.Response) (result Case, err er // operationalInsightsResourceProvider - the namespace of workspaces resource provider- // Microsoft.OperationalInsights. // workspaceName - the name of the workspace. -func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result CaseListPage, err error) { +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListPage, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/CasesClient.List") defer func() { @@ -366,7 +474,7 @@ func (client CasesClient) List(ctx context.Context, resourceGroupName string, op } result.fn = client.listNextResults - req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + req, err := client.ListPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) if err != nil { err = autorest.NewErrorWithError(err, "securityinsight.CasesClient", "List", nil, "Failure preparing request") return @@ -388,7 +496,7 @@ func (client CasesClient) List(ctx context.Context, resourceGroupName string, op } // ListPreparer prepares the List request. -func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error) { +func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { pathParameters := map[string]interface{}{ "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), "resourceGroupName": autorest.Encode("path", resourceGroupName), @@ -400,6 +508,18 @@ func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName st queryParameters := map[string]interface{}{ "api-version": APIVersion, } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } preparer := autorest.CreatePreparer( autorest.AsGet(), @@ -451,7 +571,7 @@ func (client CasesClient) listNextResults(ctx context.Context, lastResults CaseL } // ListComplete enumerates all values, automatically crossing page boundaries as required. -func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result CaseListIterator, err error) { +func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListIterator, err error) { if tracing.IsEnabled() { ctx = tracing.StartSpan(ctx, fqdn+"/CasesClient.List") defer func() { @@ -462,6 +582,6 @@ func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName st tracing.EndSpan(ctx, sc, err) }() } - result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName) + result.page, err = client.List(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, filter, orderby, top, skipToken) return } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/comments.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/comments.go new file mode 100644 index 000000000000..c9d4578f02c0 --- /dev/null +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/comments.go @@ -0,0 +1,194 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// CommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type CommentsClient struct { + BaseClient +} + +// NewCommentsClient creates an instance of the CommentsClient client. +func NewCommentsClient(subscriptionID string) CommentsClient { + return NewCommentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewCommentsClientWithBaseURI creates an instance of the CommentsClient client. +func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient { + return CommentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// ListByCase gets all case comments. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// operationalInsightsResourceProvider - the namespace of workspaces resource provider- +// Microsoft.OperationalInsights. +// workspaceName - the name of the workspace. +// caseID - case ID +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CommentsClient.ListByCase") + defer func() { + sc := -1 + if result.ccl.Response.Response != nil { + sc = result.ccl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.CommentsClient", "ListByCase", err.Error()) + } + + result.fn = client.listByCaseNextResults + req, err := client.ListByCasePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "ListByCase", nil, "Failure preparing request") + return + } + + resp, err := client.ListByCaseSender(req) + if err != nil { + result.ccl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "ListByCase", resp, "Failure sending request") + return + } + + result.ccl, err = client.ListByCaseResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "ListByCase", resp, "Failure responding to request") + } + + return +} + +// ListByCasePreparer prepares the ListByCase request. +func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "caseId": autorest.Encode("path", caseID), + "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListByCaseSender sends the ListByCase request. The method will close the +// http.Response Body if it receives an error. +func (client CommentsClient) ListByCaseSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), azure.DoRetryWithRegistration(client.Client)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListByCaseResponder handles the response to the ListByCase request. The method always +// closes the http.Response Body. +func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listByCaseNextResults retrieves the next set of results, if any. +func (client CommentsClient) listByCaseNextResults(ctx context.Context, lastResults CaseCommentList) (result CaseCommentList, err error) { + req, err := lastResults.caseCommentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "listByCaseNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListByCaseSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "listByCaseNextResults", resp, "Failure sending next results request") + } + result, err = client.ListByCaseResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.CommentsClient", "listByCaseNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListByCaseComplete enumerates all values, automatically crossing page boundaries as required. +func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CommentsClient.ListByCase") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListByCase(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, caseID, filter, orderby, top, skipToken) + return +} diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go index 7f24440b5600..a36a38b88823 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -48,13 +48,17 @@ func PossibleAggregationsKindValues() []AggregationsKind { type AlertRuleKind string const ( + // Filter ... + Filter AlertRuleKind = "Filter" + // Fusion ... + Fusion AlertRuleKind = "Fusion" // Scheduled ... Scheduled AlertRuleKind = "Scheduled" ) // PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type. func PossibleAlertRuleKindValues() []AlertRuleKind { - return []AlertRuleKind{Scheduled} + return []AlertRuleKind{Filter, Fusion, Scheduled} } // AlertSeverity enumerates the values for alert severity. @@ -97,6 +101,39 @@ func PossibleAlertStatusValues() []AlertStatus { return []AlertStatus{AlertStatusDismissed, AlertStatusInProgress, AlertStatusNew, AlertStatusResolved, AlertStatusUnknown} } +// AttackTactic enumerates the values for attack tactic. +type AttackTactic string + +const ( + // Collection ... + Collection AttackTactic = "Collection" + // CommandAndControl ... + CommandAndControl AttackTactic = "CommandAndControl" + // CredentialAccess ... + CredentialAccess AttackTactic = "CredentialAccess" + // DefenseEvasion ... + DefenseEvasion AttackTactic = "DefenseEvasion" + // Discovery ... + Discovery AttackTactic = "Discovery" + // Execution ... + Execution AttackTactic = "Execution" + // Exfiltration ... + Exfiltration AttackTactic = "Exfiltration" + // InitialAccess ... + InitialAccess AttackTactic = "InitialAccess" + // LateralMovement ... + LateralMovement AttackTactic = "LateralMovement" + // Persistence ... + Persistence AttackTactic = "Persistence" + // PrivilegeEscalation ... + PrivilegeEscalation AttackTactic = "PrivilegeEscalation" +) + +// PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. +func PossibleAttackTacticValues() []AttackTactic { + return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} +} + // CaseSeverity enumerates the values for case severity. type CaseSeverity string @@ -143,15 +180,19 @@ type CloseReason string const ( // Dismissed Case was dismissed Dismissed CloseReason = "Dismissed" + // FalsePositive Case was false positive + FalsePositive CloseReason = "FalsePositive" // Other Case was closed for another reason Other CloseReason = "Other" // Resolved Case was resolved Resolved CloseReason = "Resolved" + // TruePositive Case was true positive + TruePositive CloseReason = "TruePositive" ) // PossibleCloseReasonValues returns an array of possible values for the CloseReason const type. func PossibleCloseReasonValues() []CloseReason { - return []CloseReason{Dismissed, Other, Resolved} + return []CloseReason{Dismissed, FalsePositive, Other, Resolved, TruePositive} } // ConfidenceLevel enumerates the values for confidence level. @@ -234,6 +275,21 @@ func PossibleDataTypeStateValues() []DataTypeState { return []DataTypeState{Disabled, Enabled} } +// DataTypeStatus enumerates the values for data type status. +type DataTypeStatus string + +const ( + // Exist ... + Exist DataTypeStatus = "Exist" + // NotExist ... + NotExist DataTypeStatus = "NotExist" +) + +// PossibleDataTypeStatusValues returns an array of possible values for the DataTypeStatus const type. +func PossibleDataTypeStatusValues() []DataTypeStatus { + return []DataTypeStatus{Exist, NotExist} +} + // ElevationToken enumerates the values for elevation token. type ElevationToken string @@ -466,6 +522,25 @@ func PossibleKindBasicAggregationsValues() []KindBasicAggregations { return []KindBasicAggregations{KindAggregations, KindCasesAggregation} } +// KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. +type KindBasicAlertRuleTemplate string + +const ( + // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... + KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" + // KindBasicAlertRuleTemplateKindFilter ... + KindBasicAlertRuleTemplateKindFilter KindBasicAlertRuleTemplate = "Filter" + // KindBasicAlertRuleTemplateKindFusion ... + KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" + // KindBasicAlertRuleTemplateKindScheduled ... + KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" +) + +// PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type. +func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { + return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFilter, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindScheduled} +} + // KindBasicDataConnector enumerates the values for kind basic data connector. type KindBasicDataConnector string @@ -677,6 +752,23 @@ func PossibleStatusInMcasValues() []StatusInMcas { return []StatusInMcas{StatusInMcasDisabled, StatusInMcasEnabled} } +// TemplateStatus enumerates the values for template status. +type TemplateStatus string + +const ( + // Available Alert rule template is available. + Available TemplateStatus = "Available" + // Installed Alert rule template installed. and can not use more then once + Installed TemplateStatus = "Installed" + // NotAvailable Alert rule template is not available + NotAvailable TemplateStatus = "NotAvailable" +) + +// PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type. +func PossibleTemplateStatusValues() []TemplateStatus { + return []TemplateStatus{Available, Installed, NotAvailable} +} + // TriggerOperator enumerates the values for trigger operator. type TriggerOperator string @@ -1653,7 +1745,7 @@ func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { // AlertRuleKind1 describes an Azure resource with kind. type AlertRuleKind1 struct { - // Kind - The kind of the alert rule. Possible values include: 'Scheduled' + // Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'Filter', 'Fusion' Kind AlertRuleKind `json:"kind,omitempty"` } @@ -1852,6 +1944,307 @@ func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (Al return AlertRulesListPage{fn: getNextPage} } +// BasicAlertRuleTemplate alert rule template. +type BasicAlertRuleTemplate interface { + AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) + AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) + AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + AsAlertRuleTemplate() (*AlertRuleTemplate, bool) +} + +// AlertRuleTemplate alert rule template. +type AlertRuleTemplate struct { + autorest.Response `json:"-"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` +} + +func unmarshalBasicAlertRuleTemplate(body []byte) (BasicAlertRuleTemplate, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindBasicAlertRuleTemplateKindScheduled): + var sart ScheduledAlertRuleTemplate + err := json.Unmarshal(body, &sart) + return sart, err + case string(KindBasicAlertRuleTemplateKindFilter): + var fart FilterAlertRuleTemplate + err := json.Unmarshal(body, &fart) + return fart, err + case string(KindBasicAlertRuleTemplateKindFusion): + var fart FusionAlertRuleTemplate + err := json.Unmarshal(body, &fart) + return fart, err + default: + var art AlertRuleTemplate + err := json.Unmarshal(body, &art) + return art, err + } +} +func unmarshalBasicAlertRuleTemplateArray(body []byte) ([]BasicAlertRuleTemplate, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + artArray := make([]BasicAlertRuleTemplate, len(rawMessages)) + + for index, rawMessage := range rawMessages { + art, err := unmarshalBasicAlertRuleTemplate(*rawMessage) + if err != nil { + return nil, err + } + artArray[index] = art + } + return artArray, nil +} + +// MarshalJSON is the custom marshaler for AlertRuleTemplate. +func (art AlertRuleTemplate) MarshalJSON() ([]byte, error) { + art.Kind = KindBasicAlertRuleTemplateKindAlertRuleTemplate + objectMap := make(map[string]interface{}) + if art.Etag != nil { + objectMap["etag"] = art.Etag + } + if art.Kind != "" { + objectMap["kind"] = art.Kind + } + return json.Marshal(objectMap) +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { + return nil, false +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return &art, true +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &art, true +} + +// AlertRuleTemplateModel ... +type AlertRuleTemplateModel struct { + autorest.Response `json:"-"` + Value BasicAlertRuleTemplate `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct. +func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error { + art, err := unmarshalBasicAlertRuleTemplate(body) + if err != nil { + return err + } + artm.Value = art + + return nil +} + +// AlertRuleTemplatesList list all the alert rule templates. +type AlertRuleTemplatesList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of alert rule templates. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of alert rule templates. + Value *[]BasicAlertRuleTemplate `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct. +func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "nextLink": + if v != nil { + var nextLink string + err = json.Unmarshal(*v, &nextLink) + if err != nil { + return err + } + artl.NextLink = &nextLink + } + case "value": + if v != nil { + value, err := unmarshalBasicAlertRuleTemplateArray(*v) + if err != nil { + return err + } + artl.Value = &value + } + } + } + + return nil +} + +// AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values. +type AlertRuleTemplatesListIterator struct { + i int + page AlertRuleTemplatesListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *AlertRuleTemplatesListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter AlertRuleTemplatesListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate { + if !iter.page.NotDone() { + return AlertRuleTemplate{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the AlertRuleTemplatesListIterator type. +func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator { + return AlertRuleTemplatesListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (artl AlertRuleTemplatesList) IsEmpty() bool { + return artl.Value == nil || len(*artl.Value) == 0 +} + +// alertRuleTemplatesListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (artl AlertRuleTemplatesList) alertRuleTemplatesListPreparer(ctx context.Context) (*http.Request, error) { + if artl.NextLink == nil || len(to.String(artl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(artl.NextLink))) +} + +// AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values. +type AlertRuleTemplatesListPage struct { + fn func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error) + artl AlertRuleTemplatesList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.artl) + if err != nil { + return err + } + page.artl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *AlertRuleTemplatesListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page AlertRuleTemplatesListPage) NotDone() bool { + return !page.artl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList { + return page.artl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate { + if page.artl.IsEmpty() { + return nil + } + return *page.artl.Value +} + +// Creates a new instance of the AlertRuleTemplatesListPage type. +func NewAlertRuleTemplatesListPage(getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage { + return AlertRuleTemplatesListPage{fn: getNextPage} +} + // AlertsDataTypeOfDataConnector alerts data type for data connectors. type AlertsDataTypeOfDataConnector struct { // Alerts - Alerts data type connection. @@ -2383,6 +2776,24 @@ func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// BaseAlertRuleTemplateProperties base alert rule template property bag. +type BaseAlertRuleTemplateProperties struct { + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` +} + // Bookmark represents a bookmark in Azure Security Insights. type Bookmark struct { autorest.Response `json:"-"` @@ -2620,10 +3031,10 @@ func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (Bookma type BookmarkProperties struct { // DisplayName - The display name of the bookmark DisplayName *string `json:"displayName,omitempty"` - // LastUpdatedTimeUtc - The last time the bookmark was updated - LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` - // CreatedTimeUtc - The time the bookmark was created - CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Updated - The last time the bookmark was updated + Updated *date.Time `json:"updated,omitempty"` + // Created - The time the bookmark was created + Created *date.Time `json:"created,omitempty"` // CreatedBy - Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` // UpdatedBy - Describes a user that updated the bookmark @@ -2634,6 +3045,8 @@ type BookmarkProperties struct { Labels *[]string `json:"labels,omitempty"` // Query - The query of the bookmark. Query *string `json:"query,omitempty"` + // QueryResult - The query result of the bookmark. + QueryResult *string `json:"queryResult,omitempty"` } // Case represents a case in Azure Security Insights. @@ -2723,32 +3136,261 @@ func (c *Case) UnmarshalJSON(body []byte) error { return nil } -// CaseList list all the cases. -type CaseList struct { +// CaseComment represents a case comment +type CaseComment struct { autorest.Response `json:"-"` - // NextLink - READ-ONLY; URL to fetch the next set of cases. - NextLink *string `json:"nextLink,omitempty"` - // Value - Array of cases. - Value *[]Case `json:"value,omitempty"` + // CaseCommentProperties - Case comment properties + *CaseCommentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` } -// CaseListIterator provides access to a complete listing of Case values. -type CaseListIterator struct { - i int - page CaseListPage +// MarshalJSON is the custom marshaler for CaseComment. +func (cc CaseComment) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if cc.CaseCommentProperties != nil { + objectMap["properties"] = cc.CaseCommentProperties + } + return json.Marshal(objectMap) } -// NextWithContext advances to the next value. If there was an error making -// the request the iterator does not advance and the error is returned. -func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error) { - if tracing.IsEnabled() { - ctx = tracing.StartSpan(ctx, fqdn+"/CaseListIterator.NextWithContext") - defer func() { - sc := -1 - if iter.Response().Response.Response != nil { - sc = iter.Response().Response.Response.StatusCode - } - tracing.EndSpan(ctx, sc, err) +// UnmarshalJSON is the custom unmarshaler for CaseComment struct. +func (cc *CaseComment) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var caseCommentProperties CaseCommentProperties + err = json.Unmarshal(*v, &caseCommentProperties) + if err != nil { + return err + } + cc.CaseCommentProperties = &caseCommentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + cc.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + cc.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + cc.Name = &name + } + } + } + + return nil +} + +// CaseCommentList list of case comments. +type CaseCommentList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of comments. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of comments. + Value *[]CaseComment `json:"value,omitempty"` +} + +// CaseCommentListIterator provides access to a complete listing of CaseComment values. +type CaseCommentListIterator struct { + i int + page CaseCommentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseCommentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *CaseCommentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter CaseCommentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter CaseCommentListIterator) Response() CaseCommentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter CaseCommentListIterator) Value() CaseComment { + if !iter.page.NotDone() { + return CaseComment{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the CaseCommentListIterator type. +func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator { + return CaseCommentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (ccl CaseCommentList) IsEmpty() bool { + return ccl.Value == nil || len(*ccl.Value) == 0 +} + +// caseCommentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ccl CaseCommentList) caseCommentListPreparer(ctx context.Context) (*http.Request, error) { + if ccl.NextLink == nil || len(to.String(ccl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ccl.NextLink))) +} + +// CaseCommentListPage contains a page of CaseComment values. +type CaseCommentListPage struct { + fn func(context.Context, CaseCommentList) (CaseCommentList, error) + ccl CaseCommentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *CaseCommentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseCommentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.ccl) + if err != nil { + return err + } + page.ccl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *CaseCommentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page CaseCommentListPage) NotDone() bool { + return !page.ccl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page CaseCommentListPage) Response() CaseCommentList { + return page.ccl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page CaseCommentListPage) Values() []CaseComment { + if page.ccl.IsEmpty() { + return nil + } + return *page.ccl.Value +} + +// Creates a new instance of the CaseCommentListPage type. +func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage { + return CaseCommentListPage{fn: getNextPage} +} + +// CaseCommentProperties case comment property bag. +type CaseCommentProperties struct { + // Message - The comment message + Message *string `json:"message,omitempty"` + // CreatedTimeUtc - READ-ONLY; The time the comment was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // UserInfo - READ-ONLY; Describes the user that created the comment + UserInfo *UserInfo `json:"userInfo,omitempty"` +} + +// CaseList list all the cases. +type CaseList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of cases. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of cases. + Value *[]Case `json:"value,omitempty"` +} + +// CaseListIterator provides access to a complete listing of Case values. +type CaseListIterator struct { + i int + page CaseListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/CaseListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) }() } iter.i++ @@ -2871,9 +3513,9 @@ func NewCaseListPage(getNextPage func(context.Context, CaseList) (CaseList, erro // CaseProperties describes case properties type CaseProperties struct { - // LastUpdatedTimeUtc - The last time the case was updated + // LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` - // CreatedTimeUtc - The time the case was created + // CreatedTimeUtc - READ-ONLY; The time the case was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` // EndTimeUtc - The end time of the case EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` @@ -2885,14 +3527,24 @@ type CaseProperties struct { Description *string `json:"description,omitempty"` // Title - The title of the case Title *string `json:"title,omitempty"` - // AssignedTo - Describes a user that the case is assigned to - AssignedTo *UserInfo `json:"assignedTo,omitempty"` + // Owner - Describes a user that the case is assigned to + Owner *UserInfo `json:"owner,omitempty"` // Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational' Severity CaseSeverity `json:"severity,omitempty"` // Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed' Status CaseStatus `json:"status,omitempty"` - // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'Other' + // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' CloseReason CloseReason `json:"closeReason,omitempty"` + // ClosedReasonText - the case close reason details + ClosedReasonText *string `json:"closedReasonText,omitempty"` + // RelatedAlertIds - READ-ONLY; List of related alert identifiers + RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` + // CaseNumber - READ-ONLY; a sequential number + CaseNumber *int32 `json:"caseNumber,omitempty"` + // LastComment - READ-ONLY; the last comment in the case + LastComment *string `json:"lastComment,omitempty"` + // TotalComments - READ-ONLY; the number of total comments in the case + TotalComments *int32 `json:"totalComments,omitempty"` } // CasesAggregation represents aggregations results for cases. @@ -3633,6 +4285,26 @@ func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error { return nil } +// DataConnectorStatus alert rule template data connector status +type DataConnectorStatus struct { + // ConnectorID - the connector id + ConnectorID *string `json:"connectorId,omitempty"` + // DataTypes - The data types availability map + DataTypes map[string]*DataTypeStatus `json:"dataTypes"` +} + +// MarshalJSON is the custom marshaler for DataConnectorStatus. +func (dcs DataConnectorStatus) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if dcs.ConnectorID != nil { + objectMap["connectorId"] = dcs.ConnectorID + } + if dcs.DataTypes != nil { + objectMap["dataTypes"] = dcs.DataTypes + } + return json.Marshal(objectMap) +} + // DataConnectorTenantID properties data connector on tenant level. type DataConnectorTenantID struct { // TenantID - The tenant id to connect to, and get the data from. @@ -4960,6 +5632,318 @@ func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// FilterAlertRuleTemplate represents filter alert rule template. +type FilterAlertRuleTemplate struct { + // FilterAlertRuleTemplateProperties - Filter alert rule template properties + *FilterAlertRuleTemplateProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) MarshalJSON() ([]byte, error) { + fart.Kind = KindBasicAlertRuleTemplateKindFilter + objectMap := make(map[string]interface{}) + if fart.FilterAlertRuleTemplateProperties != nil { + objectMap["properties"] = fart.FilterAlertRuleTemplateProperties + } + if fart.Etag != nil { + objectMap["etag"] = fart.Etag + } + if fart.Kind != "" { + objectMap["kind"] = fart.Kind + } + return json.Marshal(objectMap) +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { + return &fart, true +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FilterAlertRuleTemplate. +func (fart FilterAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &fart, true +} + +// UnmarshalJSON is the custom unmarshaler for FilterAlertRuleTemplate struct. +func (fart *FilterAlertRuleTemplate) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var filterAlertRuleTemplateProperties FilterAlertRuleTemplateProperties + err = json.Unmarshal(*v, &filterAlertRuleTemplateProperties) + if err != nil { + return err + } + fart.FilterAlertRuleTemplateProperties = &filterAlertRuleTemplateProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + fart.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + fart.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + fart.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + fart.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + fart.Kind = kind + } + } + } + + return nil +} + +// FilterAlertRuleTemplateProperties filter alert rule template properties +type FilterAlertRuleTemplateProperties struct { + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // FilterProduct - The filter product name for this template rule. + FilterProduct *string `json:"filterProduct,omitempty"` + // FilterSeverities - the alert’s severities on which the cases will be generated + FilterSeverities *[]AlertSeverity `json:"filterSeverities,omitempty"` + // FilterTitles - the alert’s titles on which the cases will be generated + FilterTitles *[]string `json:"filterTitles,omitempty"` +} + +// FilterAlertRuleTemplatePropertiesModel filter alert rule template property bag. +type FilterAlertRuleTemplatePropertiesModel struct { + // FilterProduct - The filter product name for this template rule. + FilterProduct *string `json:"filterProduct,omitempty"` + // FilterSeverities - the alert’s severities on which the cases will be generated + FilterSeverities *[]AlertSeverity `json:"filterSeverities,omitempty"` + // FilterTitles - the alert’s titles on which the cases will be generated + FilterTitles *[]string `json:"filterTitles,omitempty"` +} + +// FusionAlertRuleTemplate represents fusion alert rule template. +type FusionAlertRuleTemplate struct { + // FusionAlertRuleTemplateProperties - Fusion alert rule template properties + *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { + fart.Kind = KindBasicAlertRuleTemplateKindFusion + objectMap := make(map[string]interface{}) + if fart.FusionAlertRuleTemplateProperties != nil { + objectMap["properties"] = fart.FusionAlertRuleTemplateProperties + } + if fart.Etag != nil { + objectMap["etag"] = fart.Etag + } + if fart.Kind != "" { + objectMap["kind"] = fart.Kind + } + return json.Marshal(objectMap) +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { + return nil, false +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return &fart, true +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &fart, true +} + +// UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct. +func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var fusionAlertRuleTemplateProperties FusionAlertRuleTemplateProperties + err = json.Unmarshal(*v, &fusionAlertRuleTemplateProperties) + if err != nil { + return err + } + fart.FusionAlertRuleTemplateProperties = &fusionAlertRuleTemplateProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + fart.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + fart.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + fart.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + fart.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + fart.Kind = kind + } + } + } + + return nil +} + +// FusionAlertRuleTemplateProperties fusion alert rule template properties +type FusionAlertRuleTemplateProperties struct { + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` +} + +// FusionAlertRuleTemplatePropertiesModel filter alert rule template property bag. +type FusionAlertRuleTemplatePropertiesModel struct { + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` +} + // GeoLocation the geo-location context attached to the ip entity type GeoLocation struct { // CountryCode - READ-ONLY; The country code according to ISO 3166 format @@ -7225,6 +8209,178 @@ type ScheduledAlertRuleProperties struct { LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` } +// ScheduledAlertRuleTemplate represents scheduled alert rule template. +type ScheduledAlertRuleTemplate struct { + // ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties + *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Etag - Etag of the alert rule. + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindFilter', 'KindBasicAlertRuleTemplateKindFusion' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { + sart.Kind = KindBasicAlertRuleTemplateKindScheduled + objectMap := make(map[string]interface{}) + if sart.ScheduledAlertRuleTemplateProperties != nil { + objectMap["properties"] = sart.ScheduledAlertRuleTemplateProperties + } + if sart.Etag != nil { + objectMap["etag"] = sart.Etag + } + if sart.Kind != "" { + objectMap["kind"] = sart.Kind + } + return json.Marshal(objectMap) +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return &sart, true +} + +// AsFilterAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFilterAlertRuleTemplate() (*FilterAlertRuleTemplate, bool) { + return nil, false +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &sart, true +} + +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct. +func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var scheduledAlertRuleTemplateProperties ScheduledAlertRuleTemplateProperties + err = json.Unmarshal(*v, &scheduledAlertRuleTemplateProperties) + if err != nil { + return err + } + sart.ScheduledAlertRuleTemplateProperties = &scheduledAlertRuleTemplateProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sart.ID = &ID + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sart.Type = &typeVar + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sart.Name = &name + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + sart.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + sart.Kind = kind + } + } + } + + return nil +} + +// ScheduledAlertRuleTemplateProperties scheduled alert rule template properties +type ScheduledAlertRuleTemplateProperties struct { + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *string `json:"createdDateUTC,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` +} + +// ScheduledAlertRuleTemplatePropertiesModel schedule alert rule template property bag. +type ScheduledAlertRuleTemplatePropertiesModel struct { + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` +} + // SecurityAlert represents a security alert entity. type SecurityAlert struct { // SecurityAlertProperties - SecurityAlert entity properties @@ -8412,8 +9568,8 @@ func (uep URLEntityProperties) MarshalJSON() ([]byte, error) { type UserInfo struct { // ObjectID - The object id of the user. ObjectID *uuid.UUID `json:"objectId,omitempty"` - // Email - The email of the user. + // Email - READ-ONLY; The email of the user. Email *string `json:"email,omitempty"` - // Name - The name of the user. + // Name - READ-ONLY; The name of the user. Name *string `json:"name,omitempty"` } diff --git a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go index df4305769a17..854841ce503f 100644 --- a/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go +++ b/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/securityinsightapi/interfaces.go @@ -50,16 +50,39 @@ type ActionsClientAPI interface { var _ ActionsClientAPI = (*securityinsight.ActionsClient)(nil) +// AlertRuleTemplatesClientAPI contains the set of methods on the AlertRuleTemplatesClient type. +type AlertRuleTemplatesClientAPI interface { + Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result securityinsight.AlertRuleTemplateModel, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.AlertRuleTemplatesListPage, err error) +} + +var _ AlertRuleTemplatesClientAPI = (*securityinsight.AlertRuleTemplatesClient)(nil) + // CasesClientAPI contains the set of methods on the CasesClient type. type CasesClientAPI interface { CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter securityinsight.Case) (result securityinsight.Case, err error) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result autorest.Response, err error) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result securityinsight.Case, err error) - List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result securityinsight.CaseListPage, err error) + GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result securityinsight.CaseComment, err error) + List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.CaseListPage, err error) } var _ CasesClientAPI = (*securityinsight.CasesClient)(nil) +// CommentsClientAPI contains the set of methods on the CommentsClient type. +type CommentsClientAPI interface { + ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.CaseCommentListPage, err error) +} + +var _ CommentsClientAPI = (*securityinsight.CommentsClient)(nil) + +// CaseCommentsClientAPI contains the set of methods on the CaseCommentsClient type. +type CaseCommentsClientAPI interface { + CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment securityinsight.CaseComment) (result securityinsight.CaseComment, err error) +} + +var _ CaseCommentsClientAPI = (*securityinsight.CaseCommentsClient)(nil) + // BookmarksClientAPI contains the set of methods on the BookmarksClient type. type BookmarksClientAPI interface { CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark securityinsight.Bookmark) (result securityinsight.Bookmark, err error)