From 2e622dbf5c5f951f8ca6fa92132ee586cceb3f70 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Mon, 29 Jul 2019 07:56:51 +0000 Subject: [PATCH 1/4] Generated from eee3abfb0974b398a83e8c304732163a83314bcc more fixes --- .../mgmt/securityinsight/models/__init__.py | 26 +- .../models/aatp_data_connector.py | 61 ++++ .../models/aatp_data_connector_py3.py | 61 ++++ .../azure/mgmt/securityinsight/models/case.py | 27 +- .../securityinsight/models/case_comment.py | 59 ++++ .../models/case_comment_paged.py | 27 ++ .../models/case_comment_py3.py | 59 ++++ .../models/case_comment_request_body.py | 49 +++ .../models/case_comment_request_body_py3.py | 49 +++ .../mgmt/securityinsight/models/case_py3.py | 29 +- .../securityinsight/models/data_connector.py | 4 +- .../models/data_connector_kind1.py | 3 +- .../models/data_connector_kind1_py3.py | 3 +- .../models/data_connector_py3.py | 4 +- .../models/mcas_data_connector.py | 4 +- .../models/mcas_data_connector_data_types.py | 34 ++ ...ata_connector_data_types_discovery_logs.py | 28 ++ ...connector_data_types_discovery_logs_py3.py | 28 ++ .../mcas_data_connector_data_types_py3.py | 34 ++ .../models/mcas_data_connector_py3.py | 4 +- .../models/mdatp_data_connector.py | 62 ++++ .../models/mdatp_data_connector_py3.py | 62 ++++ .../models/security_insights_enums.py | 2 + .../securityinsight/operations/__init__.py | 2 + .../operations/case_comments_operations.py | 293 ++++++++++++++++++ .../operations/cases_operations.py | 23 +- .../mgmt/securityinsight/security_insights.py | 5 + 27 files changed, 1021 insertions(+), 21 deletions(-) create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/aatp_data_connector.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/aatp_data_connector_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_paged.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_discovery_logs.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_discovery_logs_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mdatp_data_connector.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mdatp_data_connector_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/case_comments_operations.py diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py index 48bdeb3a34b1..5ff08f5dffce 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py @@ -16,8 +16,10 @@ from .alert_rule_kind1_py3 import AlertRuleKind1 from .scheduled_alert_rule_py3 import ScheduledAlertRule from .action_py3 import Action - from .user_info_py3 import UserInfo from .case_py3 import Case + from .user_info_py3 import UserInfo + from .case_comment_py3 import CaseComment + from .case_comment_request_body_py3 import CaseCommentRequestBody from .bookmark_py3 import Bookmark from .data_connector_py3 import DataConnector from .data_connector_kind1_py3 import DataConnectorKind1 @@ -36,7 +38,11 @@ from .alerts_data_type_of_data_connector_py3 import AlertsDataTypeOfDataConnector from .aad_data_connector_py3 import AADDataConnector from .asc_data_connector_py3 import ASCDataConnector + from .mcas_data_connector_data_types_discovery_logs_py3 import MCASDataConnectorDataTypesDiscoveryLogs + from .mcas_data_connector_data_types_py3 import MCASDataConnectorDataTypes from .mcas_data_connector_py3 import MCASDataConnector + from .aatp_data_connector_py3 import AATPDataConnector + from .mdatp_data_connector_py3 import MDATPDataConnector from .data_connector_with_alerts_properties_py3 import DataConnectorWithAlertsProperties from .data_connector_data_type_common_py3 import DataConnectorDataTypeCommon from .entity_py3 import Entity @@ -63,8 +69,10 @@ from .alert_rule_kind1 import AlertRuleKind1 from .scheduled_alert_rule import ScheduledAlertRule from .action import Action - from .user_info import UserInfo from .case import Case + from .user_info import UserInfo + from .case_comment import CaseComment + from .case_comment_request_body import CaseCommentRequestBody from .bookmark import Bookmark from .data_connector import DataConnector from .data_connector_kind1 import DataConnectorKind1 @@ -83,7 +91,11 @@ from .alerts_data_type_of_data_connector import AlertsDataTypeOfDataConnector from .aad_data_connector import AADDataConnector from .asc_data_connector import ASCDataConnector + from .mcas_data_connector_data_types_discovery_logs import MCASDataConnectorDataTypesDiscoveryLogs + from .mcas_data_connector_data_types import MCASDataConnectorDataTypes from .mcas_data_connector import MCASDataConnector + from .aatp_data_connector import AATPDataConnector + from .mdatp_data_connector import MDATPDataConnector from .data_connector_with_alerts_properties import DataConnectorWithAlertsProperties from .data_connector_data_type_common import DataConnectorDataTypeCommon from .entity import Entity @@ -107,6 +119,7 @@ from .alert_rule_paged import AlertRulePaged from .action_paged import ActionPaged from .case_paged import CasePaged +from .case_comment_paged import CaseCommentPaged from .bookmark_paged import BookmarkPaged from .data_connector_paged import DataConnectorPaged from .entity_paged import EntityPaged @@ -136,8 +149,10 @@ 'AlertRuleKind1', 'ScheduledAlertRule', 'Action', - 'UserInfo', 'Case', + 'UserInfo', + 'CaseComment', + 'CaseCommentRequestBody', 'Bookmark', 'DataConnector', 'DataConnectorKind1', @@ -156,7 +171,11 @@ 'AlertsDataTypeOfDataConnector', 'AADDataConnector', 'ASCDataConnector', + 'MCASDataConnectorDataTypesDiscoveryLogs', + 'MCASDataConnectorDataTypes', 'MCASDataConnector', + 'AATPDataConnector', + 'MDATPDataConnector', 'DataConnectorWithAlertsProperties', 'DataConnectorDataTypeCommon', 'Entity', @@ -180,6 +199,7 @@ 'AlertRulePaged', 'ActionPaged', 'CasePaged', + 'CaseCommentPaged', 'BookmarkPaged', 'DataConnectorPaged', 'EntityPaged', diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/aatp_data_connector.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/aatp_data_connector.py new file mode 100644 index 000000000000..2257bc49bd38 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/aatp_data_connector.py @@ -0,0 +1,61 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .data_connector import DataConnector + + +class AATPDataConnector(DataConnector): + """Represents AATP (Azure Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the data connector. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, **kwargs): + super(AATPDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + self.kind = 'AzureAdvancedThreatProtection' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/aatp_data_connector_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/aatp_data_connector_py3.py new file mode 100644 index 000000000000..027a8293ce72 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/aatp_data_connector_py3.py @@ -0,0 +1,61 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .data_connector_py3 import DataConnector + + +class AATPDataConnector(DataConnector): + """Represents AATP (Azure Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the data connector. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, *, etag: str=None, tenant_id: str=None, data_types=None, **kwargs) -> None: + super(AATPDataConnector, self).__init__(etag=etag, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + self.kind = 'AzureAdvancedThreatProtection' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py index 33dbf62bae2c..2993b4762279 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py @@ -34,7 +34,7 @@ class Case(Resource): :type created_time_utc: datetime :param end_time_utc: The end time of the case :type end_time_utc: datetime - :param start_time_utc: The start time of the case + :param start_time_utc: Required. The start time of the case :type start_time_utc: datetime :param labels: List of labels relevant to this case :type labels: list[str] @@ -43,7 +43,7 @@ class Case(Resource): :param title: Required. The title of the case :type title: str :param assigned_to: Describes a user that the case is assigned to - :type assigned_to: ~azure.mgmt.securityinsight.models.UserInfo + :type assigned_to: str :param severity: Required. The severity of the case. Possible values include: 'Critical', 'High', 'Medium', 'Low', 'Informational' :type severity: str or ~azure.mgmt.securityinsight.models.CaseSeverity @@ -53,12 +53,23 @@ class Case(Resource): :param close_reason: The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'Other' :type close_reason: str or ~azure.mgmt.securityinsight.models.CloseReason + :param closed_reason_text: the case close reason details + :type closed_reason_text: str + :param related_alert_ids: List of related alert identifiers + :type related_alert_ids: list[str] + :param case_number: a sequential number + :type case_number: int + :param last_comment: the last comment in the case + :type last_comment: str + :param total_comments: the number of total comments in the case + :type total_comments: int """ _validation = { 'id': {'readonly': True}, 'type': {'readonly': True}, 'name': {'readonly': True}, + 'start_time_utc': {'required': True}, 'title': {'required': True}, 'severity': {'required': True}, 'status': {'required': True}, @@ -76,10 +87,15 @@ class Case(Resource): 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'description': {'key': 'properties.description', 'type': 'str'}, 'title': {'key': 'properties.title', 'type': 'str'}, - 'assigned_to': {'key': 'properties.assignedTo', 'type': 'UserInfo'}, + 'assigned_to': {'key': 'properties.assignedTo', 'type': 'str'}, 'severity': {'key': 'properties.severity', 'type': 'str'}, 'status': {'key': 'properties.status', 'type': 'str'}, 'close_reason': {'key': 'properties.closeReason', 'type': 'str'}, + 'closed_reason_text': {'key': 'properties.closedReasonText', 'type': 'str'}, + 'related_alert_ids': {'key': 'properties.relatedAlertIds', 'type': '[str]'}, + 'case_number': {'key': 'properties.caseNumber', 'type': 'int'}, + 'last_comment': {'key': 'properties.lastComment', 'type': 'str'}, + 'total_comments': {'key': 'properties.totalComments', 'type': 'int'}, } def __init__(self, **kwargs): @@ -96,3 +112,8 @@ def __init__(self, **kwargs): self.severity = kwargs.get('severity', None) self.status = kwargs.get('status', None) self.close_reason = kwargs.get('close_reason', None) + self.closed_reason_text = kwargs.get('closed_reason_text', None) + self.related_alert_ids = kwargs.get('related_alert_ids', None) + self.case_number = kwargs.get('case_number', None) + self.last_comment = kwargs.get('last_comment', None) + self.total_comments = kwargs.get('total_comments', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment.py new file mode 100644 index 000000000000..827d6affa841 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment.py @@ -0,0 +1,59 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .resource import Resource + + +class CaseComment(Resource): + """Represents a case comment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param message: Required. The comment message + :type message: str + :param created_time_utc: Required. The time the comment was created + :type created_time_utc: datetime + :param user_info: Required. Describes the user that created the comment + :type user_info: ~azure.mgmt.securityinsight.models.UserInfo + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'message': {'required': True}, + 'created_time_utc': {'required': True}, + 'user_info': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'message': {'key': 'properties.message', 'type': 'str'}, + 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'user_info': {'key': 'properties.userInfo', 'type': 'UserInfo'}, + } + + def __init__(self, **kwargs): + super(CaseComment, self).__init__(**kwargs) + self.message = kwargs.get('message', None) + self.created_time_utc = kwargs.get('created_time_utc', None) + self.user_info = kwargs.get('user_info', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_paged.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_paged.py new file mode 100644 index 000000000000..7e30766c3bdc --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_paged.py @@ -0,0 +1,27 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.paging import Paged + + +class CaseCommentPaged(Paged): + """ + A paging container for iterating over a list of :class:`CaseComment ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[CaseComment]'} + } + + def __init__(self, *args, **kwargs): + + super(CaseCommentPaged, self).__init__(*args, **kwargs) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_py3.py new file mode 100644 index 000000000000..49643e9a4f00 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_py3.py @@ -0,0 +1,59 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .resource_py3 import Resource + + +class CaseComment(Resource): + """Represents a case comment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param message: Required. The comment message + :type message: str + :param created_time_utc: Required. The time the comment was created + :type created_time_utc: datetime + :param user_info: Required. Describes the user that created the comment + :type user_info: ~azure.mgmt.securityinsight.models.UserInfo + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'message': {'required': True}, + 'created_time_utc': {'required': True}, + 'user_info': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'message': {'key': 'properties.message', 'type': 'str'}, + 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'user_info': {'key': 'properties.userInfo', 'type': 'UserInfo'}, + } + + def __init__(self, *, message: str, created_time_utc, user_info, **kwargs) -> None: + super(CaseComment, self).__init__(**kwargs) + self.message = message + self.created_time_utc = created_time_utc + self.user_info = user_info diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body.py new file mode 100644 index 000000000000..47f28c3d4013 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body.py @@ -0,0 +1,49 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .resource import Resource + + +class CaseCommentRequestBody(Resource): + """Represents a case comment request body. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param message: Required. The comment message + :type message: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'message': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'message': {'key': 'properties.message', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CaseCommentRequestBody, self).__init__(**kwargs) + self.message = kwargs.get('message', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body_py3.py new file mode 100644 index 000000000000..f7648541fff3 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body_py3.py @@ -0,0 +1,49 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .resource_py3 import Resource + + +class CaseCommentRequestBody(Resource): + """Represents a case comment request body. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param message: Required. The comment message + :type message: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'message': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'message': {'key': 'properties.message', 'type': 'str'}, + } + + def __init__(self, *, message: str, **kwargs) -> None: + super(CaseCommentRequestBody, self).__init__(**kwargs) + self.message = message diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py index 63c391882905..c507d6b4aba6 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py @@ -34,7 +34,7 @@ class Case(Resource): :type created_time_utc: datetime :param end_time_utc: The end time of the case :type end_time_utc: datetime - :param start_time_utc: The start time of the case + :param start_time_utc: Required. The start time of the case :type start_time_utc: datetime :param labels: List of labels relevant to this case :type labels: list[str] @@ -43,7 +43,7 @@ class Case(Resource): :param title: Required. The title of the case :type title: str :param assigned_to: Describes a user that the case is assigned to - :type assigned_to: ~azure.mgmt.securityinsight.models.UserInfo + :type assigned_to: str :param severity: Required. The severity of the case. Possible values include: 'Critical', 'High', 'Medium', 'Low', 'Informational' :type severity: str or ~azure.mgmt.securityinsight.models.CaseSeverity @@ -53,12 +53,23 @@ class Case(Resource): :param close_reason: The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'Other' :type close_reason: str or ~azure.mgmt.securityinsight.models.CloseReason + :param closed_reason_text: the case close reason details + :type closed_reason_text: str + :param related_alert_ids: List of related alert identifiers + :type related_alert_ids: list[str] + :param case_number: a sequential number + :type case_number: int + :param last_comment: the last comment in the case + :type last_comment: str + :param total_comments: the number of total comments in the case + :type total_comments: int """ _validation = { 'id': {'readonly': True}, 'type': {'readonly': True}, 'name': {'readonly': True}, + 'start_time_utc': {'required': True}, 'title': {'required': True}, 'severity': {'required': True}, 'status': {'required': True}, @@ -76,13 +87,18 @@ class Case(Resource): 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'description': {'key': 'properties.description', 'type': 'str'}, 'title': {'key': 'properties.title', 'type': 'str'}, - 'assigned_to': {'key': 'properties.assignedTo', 'type': 'UserInfo'}, + 'assigned_to': {'key': 'properties.assignedTo', 'type': 'str'}, 'severity': {'key': 'properties.severity', 'type': 'str'}, 'status': {'key': 'properties.status', 'type': 'str'}, 'close_reason': {'key': 'properties.closeReason', 'type': 'str'}, + 'closed_reason_text': {'key': 'properties.closedReasonText', 'type': 'str'}, + 'related_alert_ids': {'key': 'properties.relatedAlertIds', 'type': '[str]'}, + 'case_number': {'key': 'properties.caseNumber', 'type': 'int'}, + 'last_comment': {'key': 'properties.lastComment', 'type': 'str'}, + 'total_comments': {'key': 'properties.totalComments', 'type': 'int'}, } - def __init__(self, *, title: str, severity, status, etag: str=None, last_updated_time_utc=None, created_time_utc=None, end_time_utc=None, start_time_utc=None, labels=None, description: str=None, assigned_to=None, close_reason=None, **kwargs) -> None: + def __init__(self, *, start_time_utc, title: str, severity, status, etag: str=None, last_updated_time_utc=None, created_time_utc=None, end_time_utc=None, labels=None, description: str=None, assigned_to: str=None, close_reason=None, closed_reason_text: str=None, related_alert_ids=None, case_number: int=None, last_comment: str=None, total_comments: int=None, **kwargs) -> None: super(Case, self).__init__(**kwargs) self.etag = etag self.last_updated_time_utc = last_updated_time_utc @@ -96,3 +112,8 @@ def __init__(self, *, title: str, severity, status, etag: str=None, last_updated self.severity = severity self.status = status self.close_reason = close_reason + self.closed_reason_text = closed_reason_text + self.related_alert_ids = related_alert_ids + self.case_number = case_number + self.last_comment = last_comment + self.total_comments = total_comments diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector.py index 274890991e90..10e5684b0ed7 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector.py @@ -18,7 +18,7 @@ class DataConnector(Model): You probably want to use the sub-classes and not this class directly. Known sub-classes are: OfficeDataConnector, TIDataConnector, AwsCloudTrailDataConnector, AADDataConnector, ASCDataConnector, - MCASDataConnector + MCASDataConnector, AATPDataConnector, MDATPDataConnector Variables are only populated by the server, and will be ignored when sending a request. @@ -53,7 +53,7 @@ class DataConnector(Model): } _subtype_map = { - 'kind': {'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector', 'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector'} + 'kind': {'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector', 'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector'} } def __init__(self, **kwargs): diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_kind1.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_kind1.py index 7853c4afee25..b9875672c8c4 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_kind1.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_kind1.py @@ -18,7 +18,8 @@ class DataConnectorKind1(Model): :param kind: The kind of the data connector. Possible values include: 'AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSecurity', 'ThreatIntelligence', 'Office365', - 'AmazonWebServicesCloudTrail' + 'AmazonWebServicesCloudTrail', 'AzureAdvancedThreatProtection', + 'MicrosoftDefenderAdvancedThreatProtection' :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_kind1_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_kind1_py3.py index 234c5d6bac93..fa1b41531db9 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_kind1_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_kind1_py3.py @@ -18,7 +18,8 @@ class DataConnectorKind1(Model): :param kind: The kind of the data connector. Possible values include: 'AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSecurity', 'ThreatIntelligence', 'Office365', - 'AmazonWebServicesCloudTrail' + 'AmazonWebServicesCloudTrail', 'AzureAdvancedThreatProtection', + 'MicrosoftDefenderAdvancedThreatProtection' :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_py3.py index 4db1079b137d..b9ee72c98875 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_py3.py @@ -18,7 +18,7 @@ class DataConnector(Model): You probably want to use the sub-classes and not this class directly. Known sub-classes are: OfficeDataConnector, TIDataConnector, AwsCloudTrailDataConnector, AADDataConnector, ASCDataConnector, - MCASDataConnector + MCASDataConnector, AATPDataConnector, MDATPDataConnector Variables are only populated by the server, and will be ignored when sending a request. @@ -53,7 +53,7 @@ class DataConnector(Model): } _subtype_map = { - 'kind': {'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector', 'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector'} + 'kind': {'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector', 'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector'} } def __init__(self, *, etag: str=None, **kwargs) -> None: diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector.py index e8f33ade4645..3a097bcc2ff0 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector.py @@ -34,7 +34,7 @@ class MCASDataConnector(DataConnector): :type tenant_id: str :param data_types: The available data types for the connector. :type data_types: - ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes """ _validation = { @@ -51,7 +51,7 @@ class MCASDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'MCASDataConnectorDataTypes'}, } def __init__(self, **kwargs): diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types.py new file mode 100644 index 000000000000..169181bd702f --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types.py @@ -0,0 +1,34 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .alerts_data_type_of_data_connector import AlertsDataTypeOfDataConnector + + +class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data + connector. + + :param alerts: Alerts data type connection. + :type alerts: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnectorAlerts + :param discovery_logs: Discovery log data type connection. + :type discovery_logs: + ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypesDiscoveryLogs + """ + + _attribute_map = { + 'alerts': {'key': 'alerts', 'type': 'AlertsDataTypeOfDataConnectorAlerts'}, + 'discovery_logs': {'key': 'discoveryLogs', 'type': 'MCASDataConnectorDataTypesDiscoveryLogs'}, + } + + def __init__(self, **kwargs): + super(MCASDataConnectorDataTypes, self).__init__(**kwargs) + self.discovery_logs = kwargs.get('discovery_logs', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_discovery_logs.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_discovery_logs.py new file mode 100644 index 000000000000..bde0a81af95c --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_discovery_logs.py @@ -0,0 +1,28 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .data_connector_data_type_common import DataConnectorDataTypeCommon + + +class MCASDataConnectorDataTypesDiscoveryLogs(DataConnectorDataTypeCommon): + """Discovery log data type connection. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(MCASDataConnectorDataTypesDiscoveryLogs, self).__init__(**kwargs) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_discovery_logs_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_discovery_logs_py3.py new file mode 100644 index 000000000000..7020e2d332ed --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_discovery_logs_py3.py @@ -0,0 +1,28 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .data_connector_data_type_common_py3 import DataConnectorDataTypeCommon + + +class MCASDataConnectorDataTypesDiscoveryLogs(DataConnectorDataTypeCommon): + """Discovery log data type connection. + + :param state: Describe whether this data type connection is enabled or + not. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__(self, *, state=None, **kwargs) -> None: + super(MCASDataConnectorDataTypesDiscoveryLogs, self).__init__(state=state, **kwargs) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_py3.py new file mode 100644 index 000000000000..233ab8ba7cc3 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_data_types_py3.py @@ -0,0 +1,34 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .alerts_data_type_of_data_connector_py3 import AlertsDataTypeOfDataConnector + + +class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data + connector. + + :param alerts: Alerts data type connection. + :type alerts: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnectorAlerts + :param discovery_logs: Discovery log data type connection. + :type discovery_logs: + ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypesDiscoveryLogs + """ + + _attribute_map = { + 'alerts': {'key': 'alerts', 'type': 'AlertsDataTypeOfDataConnectorAlerts'}, + 'discovery_logs': {'key': 'discoveryLogs', 'type': 'MCASDataConnectorDataTypesDiscoveryLogs'}, + } + + def __init__(self, *, alerts=None, discovery_logs=None, **kwargs) -> None: + super(MCASDataConnectorDataTypes, self).__init__(alerts=alerts, **kwargs) + self.discovery_logs = discovery_logs diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_py3.py index 8738d0607686..44c70503cf15 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mcas_data_connector_py3.py @@ -34,7 +34,7 @@ class MCASDataConnector(DataConnector): :type tenant_id: str :param data_types: The available data types for the connector. :type data_types: - ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes """ _validation = { @@ -51,7 +51,7 @@ class MCASDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'MCASDataConnectorDataTypes'}, } def __init__(self, *, etag: str=None, tenant_id: str=None, data_types=None, **kwargs) -> None: diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mdatp_data_connector.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mdatp_data_connector.py new file mode 100644 index 000000000000..dcddd0881083 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mdatp_data_connector.py @@ -0,0 +1,62 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .data_connector import DataConnector + + +class MDATPDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data + connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the data connector. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, **kwargs): + super(MDATPDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + self.kind = 'MicrosoftDefenderAdvancedThreatProtection' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mdatp_data_connector_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mdatp_data_connector_py3.py new file mode 100644 index 000000000000..217e6e6b3830 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/mdatp_data_connector_py3.py @@ -0,0 +1,62 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .data_connector_py3 import DataConnector + + +class MDATPDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data + connector. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the data connector. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: + ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__(self, *, etag: str=None, tenant_id: str=None, data_types=None, **kwargs) -> None: + super(MDATPDataConnector, self).__init__(etag=etag, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + self.kind = 'MicrosoftDefenderAdvancedThreatProtection' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py index 0f2ca338b9ad..4ac727a6f29b 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py @@ -65,6 +65,8 @@ class DataConnectorKind(str, Enum): threat_intelligence = "ThreatIntelligence" office365 = "Office365" amazon_web_services_cloud_trail = "AmazonWebServicesCloudTrail" + azure_advanced_threat_protection = "AzureAdvancedThreatProtection" + microsoft_defender_advanced_threat_protection = "MicrosoftDefenderAdvancedThreatProtection" class DataTypeState(str, Enum): diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py index b11b9b144e0c..1c1093bbfcf6 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py @@ -13,6 +13,7 @@ from .alert_rules_operations import AlertRulesOperations from .actions_operations import ActionsOperations from .cases_operations import CasesOperations +from .case_comments_operations import CaseCommentsOperations from .bookmarks_operations import BookmarksOperations from .data_connectors_operations import DataConnectorsOperations from .entities_operations import EntitiesOperations @@ -26,6 +27,7 @@ 'AlertRulesOperations', 'ActionsOperations', 'CasesOperations', + 'CaseCommentsOperations', 'BookmarksOperations', 'DataConnectorsOperations', 'EntitiesOperations', diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/case_comments_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/case_comments_operations.py new file mode 100644 index 000000000000..a5235445351b --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/case_comments_operations.py @@ -0,0 +1,293 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class CaseCommentsOperations(object): + """CaseCommentsOperations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2019-01-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2019-01-01-preview" + + self.config = config + + def list( + self, resource_group_name, operational_insights_resource_provider, workspace_name, case_id, filter=None, orderby=None, top=None, skip_token=None, custom_headers=None, raw=False, **operation_config): + """Gets all case comments. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param operational_insights_resource_provider: The namespace of + workspaces resource provider- Microsoft.OperationalInsights. + :type operational_insights_resource_provider: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param case_id: Case ID + :type case_id: str + :param filter: Filters the results, based on a Boolean condition. + Optional. + :type filter: str + :param orderby: Sorts the results. Optional. + :type orderby: str + :param top: Returns only the first n results. Optional. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation + returned a partial result. If a previous response contains a nextLink + element, the value of the nextLink element will include a skiptoken + parameter that specifies a starting point to use for subsequent calls. + Optional. + :type skip_token: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of CaseComment + :rtype: + ~azure.mgmt.securityinsight.models.CaseCommentPaged[~azure.mgmt.securityinsight.models.CaseComment] + :raises: :class:`CloudError` + """ + def internal_paging(next_link=None, raw=False): + + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'operationalInsightsResourceProvider': self._serialize.url("operational_insights_resource_provider", operational_insights_resource_provider, 'str'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'caseId': self._serialize.url("case_id", case_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + if orderby is not None: + query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str') + if top is not None: + query_parameters['$top'] = self._serialize.query("top", top, 'int') + if skip_token is not None: + query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + deserialized = models.CaseCommentPaged(internal_paging, self._deserialize.dependencies) + + if raw: + header_dict = {} + client_raw_response = models.CaseCommentPaged(internal_paging, self._deserialize.dependencies, header_dict) + return client_raw_response + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments'} + + def get_comment_by_id( + self, resource_group_name, operational_insights_resource_provider, workspace_name, case_id, case_comment_id, custom_headers=None, raw=False, **operation_config): + """Gets a case comment. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param operational_insights_resource_provider: The namespace of + workspaces resource provider- Microsoft.OperationalInsights. + :type operational_insights_resource_provider: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param case_id: Case ID + :type case_id: str + :param case_comment_id: Case comment ID + :type case_comment_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: CaseComment or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.CaseComment or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get_comment_by_id.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'operationalInsightsResourceProvider': self._serialize.url("operational_insights_resource_provider", operational_insights_resource_provider, 'str'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'caseId': self._serialize.url("case_id", case_id, 'str'), + 'caseCommentId': self._serialize.url("case_comment_id", case_comment_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('CaseComment', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get_comment_by_id.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}'} + + def create_comment( + self, resource_group_name, operational_insights_resource_provider, workspace_name, case_id, case_comment_id, message, custom_headers=None, raw=False, **operation_config): + """Creates the case comment. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param operational_insights_resource_provider: The namespace of + workspaces resource provider- Microsoft.OperationalInsights. + :type operational_insights_resource_provider: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param case_id: Case ID + :type case_id: str + :param case_comment_id: Case comment ID + :type case_comment_id: str + :param message: The comment message + :type message: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: CaseComment or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.CaseComment or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + case_comment_request_body = models.CaseCommentRequestBody(message=message) + + # Construct URL + url = self.create_comment.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'operationalInsightsResourceProvider': self._serialize.url("operational_insights_resource_provider", operational_insights_resource_provider, 'str'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'caseId': self._serialize.url("case_id", case_id, 'str'), + 'caseCommentId': self._serialize.url("case_comment_id", case_comment_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(case_comment_request_body, 'CaseCommentRequestBody') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('CaseComment', response) + if response.status_code == 201: + deserialized = self._deserialize('CaseComment', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_comment.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/cases_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/cases_operations.py index c7ded22b619c..cb8c0b9e5e8b 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/cases_operations.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/cases_operations.py @@ -38,7 +38,7 @@ def __init__(self, client, config, serializer, deserializer): self.config = config def list( - self, resource_group_name, operational_insights_resource_provider, workspace_name, custom_headers=None, raw=False, **operation_config): + self, resource_group_name, operational_insights_resource_provider, workspace_name, filter=None, orderby=None, top=None, skip_token=None, custom_headers=None, raw=False, **operation_config): """Gets all cases. :param resource_group_name: The name of the resource group within the @@ -49,6 +49,19 @@ def list( :type operational_insights_resource_provider: str :param workspace_name: The name of the workspace. :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. + Optional. + :type filter: str + :param orderby: Sorts the results. Optional. + :type orderby: str + :param top: Returns only the first n results. Optional. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation + returned a partial result. If a previous response contains a nextLink + element, the value of the nextLink element will include a skiptoken + parameter that specifies a starting point to use for subsequent calls. + Optional. + :type skip_token: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -75,6 +88,14 @@ def internal_paging(next_link=None, raw=False): # Construct parameters query_parameters = {} query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + if orderby is not None: + query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str') + if top is not None: + query_parameters['$top'] = self._serialize.query("top", top, 'int') + if skip_token is not None: + query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') else: url = next_link diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py index 45f74bbca7ac..9b6abd65d07c 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py @@ -17,6 +17,7 @@ from .operations.alert_rules_operations import AlertRulesOperations from .operations.actions_operations import ActionsOperations from .operations.cases_operations import CasesOperations +from .operations.case_comments_operations import CaseCommentsOperations from .operations.bookmarks_operations import BookmarksOperations from .operations.data_connectors_operations import DataConnectorsOperations from .operations.entities_operations import EntitiesOperations @@ -73,6 +74,8 @@ class SecurityInsights(SDKClient): :vartype actions: azure.mgmt.securityinsight.operations.ActionsOperations :ivar cases: Cases operations :vartype cases: azure.mgmt.securityinsight.operations.CasesOperations + :ivar case_comments: CaseComments operations + :vartype case_comments: azure.mgmt.securityinsight.operations.CaseCommentsOperations :ivar bookmarks: Bookmarks operations :vartype bookmarks: azure.mgmt.securityinsight.operations.BookmarksOperations :ivar data_connectors: DataConnectors operations @@ -115,6 +118,8 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.cases = CasesOperations( self._client, self.config, self._serialize, self._deserialize) + self.case_comments = CaseCommentsOperations( + self._client, self.config, self._serialize, self._deserialize) self.bookmarks = BookmarksOperations( self._client, self.config, self._serialize, self._deserialize) self.data_connectors = DataConnectorsOperations( From a2952b8c4549725f8006ff559bbf59aef59117fa Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Mon, 29 Jul 2019 18:37:59 +0000 Subject: [PATCH 2/4] Generated from 23d7ddc0a994dcad4bcc056d3522942db2211199 some fixes --- .../mgmt/securityinsight/models/__init__.py | 9 +- .../azure/mgmt/securityinsight/models/case.py | 46 +++-- .../securityinsight/models/case_comment.py | 16 +- .../models/case_comment_py3.py | 18 +- .../models/case_comment_request_body.py | 49 ----- .../models/case_comment_request_body_py3.py | 49 ----- .../mgmt/securityinsight/models/case_py3.py | 48 +++-- .../mgmt/securityinsight/models/user_info.py | 25 ++- .../securityinsight/models/user_info_py3.py | 27 ++- .../securityinsight/operations/__init__.py | 2 + .../operations/case_comments_operations.py | 180 +----------------- .../operations/cases_operations.py | 73 +++++++ .../operations/comments_operations.py | 137 +++++++++++++ .../mgmt/securityinsight/security_insights.py | 5 + 14 files changed, 330 insertions(+), 354 deletions(-) delete mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body.py delete mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/comments_operations.py diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py index 5ff08f5dffce..f4f5d666df15 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py @@ -16,10 +16,9 @@ from .alert_rule_kind1_py3 import AlertRuleKind1 from .scheduled_alert_rule_py3 import ScheduledAlertRule from .action_py3 import Action - from .case_py3 import Case from .user_info_py3 import UserInfo + from .case_py3 import Case from .case_comment_py3 import CaseComment - from .case_comment_request_body_py3 import CaseCommentRequestBody from .bookmark_py3 import Bookmark from .data_connector_py3 import DataConnector from .data_connector_kind1_py3 import DataConnectorKind1 @@ -69,10 +68,9 @@ from .alert_rule_kind1 import AlertRuleKind1 from .scheduled_alert_rule import ScheduledAlertRule from .action import Action - from .case import Case from .user_info import UserInfo + from .case import Case from .case_comment import CaseComment - from .case_comment_request_body import CaseCommentRequestBody from .bookmark import Bookmark from .data_connector import DataConnector from .data_connector_kind1 import DataConnectorKind1 @@ -149,10 +147,9 @@ 'AlertRuleKind1', 'ScheduledAlertRule', 'Action', - 'Case', 'UserInfo', + 'Case', 'CaseComment', - 'CaseCommentRequestBody', 'Bookmark', 'DataConnector', 'DataConnectorKind1', diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py index 2993b4762279..e20a0b3f2c5c 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py @@ -28,10 +28,10 @@ class Case(Resource): :vartype name: str :param etag: Etag of the alert rule. :type etag: str - :param last_updated_time_utc: The last time the case was updated - :type last_updated_time_utc: datetime - :param created_time_utc: The time the case was created - :type created_time_utc: datetime + :ivar last_updated_time_utc: The last time the case was updated + :vartype last_updated_time_utc: datetime + :ivar created_time_utc: The time the case was created + :vartype created_time_utc: datetime :param end_time_utc: The end time of the case :type end_time_utc: datetime :param start_time_utc: Required. The start time of the case @@ -43,7 +43,7 @@ class Case(Resource): :param title: Required. The title of the case :type title: str :param assigned_to: Describes a user that the case is assigned to - :type assigned_to: str + :type assigned_to: ~azure.mgmt.securityinsight.models.UserInfo :param severity: Required. The severity of the case. Possible values include: 'Critical', 'High', 'Medium', 'Low', 'Informational' :type severity: str or ~azure.mgmt.securityinsight.models.CaseSeverity @@ -55,24 +55,30 @@ class Case(Resource): :type close_reason: str or ~azure.mgmt.securityinsight.models.CloseReason :param closed_reason_text: the case close reason details :type closed_reason_text: str - :param related_alert_ids: List of related alert identifiers - :type related_alert_ids: list[str] - :param case_number: a sequential number - :type case_number: int - :param last_comment: the last comment in the case - :type last_comment: str - :param total_comments: the number of total comments in the case - :type total_comments: int + :ivar related_alert_ids: List of related alert identifiers + :vartype related_alert_ids: list[str] + :ivar case_number: a sequential number + :vartype case_number: int + :ivar last_comment: the last comment in the case + :vartype last_comment: str + :ivar total_comments: the number of total comments in the case + :vartype total_comments: int """ _validation = { 'id': {'readonly': True}, 'type': {'readonly': True}, 'name': {'readonly': True}, + 'last_updated_time_utc': {'readonly': True}, + 'created_time_utc': {'readonly': True}, 'start_time_utc': {'required': True}, 'title': {'required': True}, 'severity': {'required': True}, 'status': {'required': True}, + 'related_alert_ids': {'readonly': True}, + 'case_number': {'readonly': True}, + 'last_comment': {'readonly': True}, + 'total_comments': {'readonly': True}, } _attribute_map = { @@ -87,7 +93,7 @@ class Case(Resource): 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'description': {'key': 'properties.description', 'type': 'str'}, 'title': {'key': 'properties.title', 'type': 'str'}, - 'assigned_to': {'key': 'properties.assignedTo', 'type': 'str'}, + 'assigned_to': {'key': 'properties.assignedTo', 'type': 'UserInfo'}, 'severity': {'key': 'properties.severity', 'type': 'str'}, 'status': {'key': 'properties.status', 'type': 'str'}, 'close_reason': {'key': 'properties.closeReason', 'type': 'str'}, @@ -101,8 +107,8 @@ class Case(Resource): def __init__(self, **kwargs): super(Case, self).__init__(**kwargs) self.etag = kwargs.get('etag', None) - self.last_updated_time_utc = kwargs.get('last_updated_time_utc', None) - self.created_time_utc = kwargs.get('created_time_utc', None) + self.last_updated_time_utc = None + self.created_time_utc = None self.end_time_utc = kwargs.get('end_time_utc', None) self.start_time_utc = kwargs.get('start_time_utc', None) self.labels = kwargs.get('labels', None) @@ -113,7 +119,7 @@ def __init__(self, **kwargs): self.status = kwargs.get('status', None) self.close_reason = kwargs.get('close_reason', None) self.closed_reason_text = kwargs.get('closed_reason_text', None) - self.related_alert_ids = kwargs.get('related_alert_ids', None) - self.case_number = kwargs.get('case_number', None) - self.last_comment = kwargs.get('last_comment', None) - self.total_comments = kwargs.get('total_comments', None) + self.related_alert_ids = None + self.case_number = None + self.last_comment = None + self.total_comments = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment.py index 827d6affa841..0151294eb9b5 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment.py @@ -28,10 +28,10 @@ class CaseComment(Resource): :vartype name: str :param message: Required. The comment message :type message: str - :param created_time_utc: Required. The time the comment was created - :type created_time_utc: datetime - :param user_info: Required. Describes the user that created the comment - :type user_info: ~azure.mgmt.securityinsight.models.UserInfo + :ivar created_time_utc: The time the comment was created + :vartype created_time_utc: datetime + :ivar user_info: Describes the user that created the comment + :vartype user_info: ~azure.mgmt.securityinsight.models.UserInfo """ _validation = { @@ -39,8 +39,8 @@ class CaseComment(Resource): 'type': {'readonly': True}, 'name': {'readonly': True}, 'message': {'required': True}, - 'created_time_utc': {'required': True}, - 'user_info': {'required': True}, + 'created_time_utc': {'readonly': True}, + 'user_info': {'readonly': True}, } _attribute_map = { @@ -55,5 +55,5 @@ class CaseComment(Resource): def __init__(self, **kwargs): super(CaseComment, self).__init__(**kwargs) self.message = kwargs.get('message', None) - self.created_time_utc = kwargs.get('created_time_utc', None) - self.user_info = kwargs.get('user_info', None) + self.created_time_utc = None + self.user_info = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_py3.py index 49643e9a4f00..3bcb860a2640 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_py3.py @@ -28,10 +28,10 @@ class CaseComment(Resource): :vartype name: str :param message: Required. The comment message :type message: str - :param created_time_utc: Required. The time the comment was created - :type created_time_utc: datetime - :param user_info: Required. Describes the user that created the comment - :type user_info: ~azure.mgmt.securityinsight.models.UserInfo + :ivar created_time_utc: The time the comment was created + :vartype created_time_utc: datetime + :ivar user_info: Describes the user that created the comment + :vartype user_info: ~azure.mgmt.securityinsight.models.UserInfo """ _validation = { @@ -39,8 +39,8 @@ class CaseComment(Resource): 'type': {'readonly': True}, 'name': {'readonly': True}, 'message': {'required': True}, - 'created_time_utc': {'required': True}, - 'user_info': {'required': True}, + 'created_time_utc': {'readonly': True}, + 'user_info': {'readonly': True}, } _attribute_map = { @@ -52,8 +52,8 @@ class CaseComment(Resource): 'user_info': {'key': 'properties.userInfo', 'type': 'UserInfo'}, } - def __init__(self, *, message: str, created_time_utc, user_info, **kwargs) -> None: + def __init__(self, *, message: str, **kwargs) -> None: super(CaseComment, self).__init__(**kwargs) self.message = message - self.created_time_utc = created_time_utc - self.user_info = user_info + self.created_time_utc = None + self.user_info = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body.py deleted file mode 100644 index 47f28c3d4013..000000000000 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body.py +++ /dev/null @@ -1,49 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -from .resource import Resource - - -class CaseCommentRequestBody(Resource): - """Represents a case comment request body. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Azure resource Id - :vartype id: str - :ivar type: Azure resource type - :vartype type: str - :ivar name: Azure resource name - :vartype name: str - :param message: Required. The comment message - :type message: str - """ - - _validation = { - 'id': {'readonly': True}, - 'type': {'readonly': True}, - 'name': {'readonly': True}, - 'message': {'required': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'message': {'key': 'properties.message', 'type': 'str'}, - } - - def __init__(self, **kwargs): - super(CaseCommentRequestBody, self).__init__(**kwargs) - self.message = kwargs.get('message', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body_py3.py deleted file mode 100644 index f7648541fff3..000000000000 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_comment_request_body_py3.py +++ /dev/null @@ -1,49 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -from .resource_py3 import Resource - - -class CaseCommentRequestBody(Resource): - """Represents a case comment request body. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Azure resource Id - :vartype id: str - :ivar type: Azure resource type - :vartype type: str - :ivar name: Azure resource name - :vartype name: str - :param message: Required. The comment message - :type message: str - """ - - _validation = { - 'id': {'readonly': True}, - 'type': {'readonly': True}, - 'name': {'readonly': True}, - 'message': {'required': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'message': {'key': 'properties.message', 'type': 'str'}, - } - - def __init__(self, *, message: str, **kwargs) -> None: - super(CaseCommentRequestBody, self).__init__(**kwargs) - self.message = message diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py index c507d6b4aba6..744be3608686 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py @@ -28,10 +28,10 @@ class Case(Resource): :vartype name: str :param etag: Etag of the alert rule. :type etag: str - :param last_updated_time_utc: The last time the case was updated - :type last_updated_time_utc: datetime - :param created_time_utc: The time the case was created - :type created_time_utc: datetime + :ivar last_updated_time_utc: The last time the case was updated + :vartype last_updated_time_utc: datetime + :ivar created_time_utc: The time the case was created + :vartype created_time_utc: datetime :param end_time_utc: The end time of the case :type end_time_utc: datetime :param start_time_utc: Required. The start time of the case @@ -43,7 +43,7 @@ class Case(Resource): :param title: Required. The title of the case :type title: str :param assigned_to: Describes a user that the case is assigned to - :type assigned_to: str + :type assigned_to: ~azure.mgmt.securityinsight.models.UserInfo :param severity: Required. The severity of the case. Possible values include: 'Critical', 'High', 'Medium', 'Low', 'Informational' :type severity: str or ~azure.mgmt.securityinsight.models.CaseSeverity @@ -55,24 +55,30 @@ class Case(Resource): :type close_reason: str or ~azure.mgmt.securityinsight.models.CloseReason :param closed_reason_text: the case close reason details :type closed_reason_text: str - :param related_alert_ids: List of related alert identifiers - :type related_alert_ids: list[str] - :param case_number: a sequential number - :type case_number: int - :param last_comment: the last comment in the case - :type last_comment: str - :param total_comments: the number of total comments in the case - :type total_comments: int + :ivar related_alert_ids: List of related alert identifiers + :vartype related_alert_ids: list[str] + :ivar case_number: a sequential number + :vartype case_number: int + :ivar last_comment: the last comment in the case + :vartype last_comment: str + :ivar total_comments: the number of total comments in the case + :vartype total_comments: int """ _validation = { 'id': {'readonly': True}, 'type': {'readonly': True}, 'name': {'readonly': True}, + 'last_updated_time_utc': {'readonly': True}, + 'created_time_utc': {'readonly': True}, 'start_time_utc': {'required': True}, 'title': {'required': True}, 'severity': {'required': True}, 'status': {'required': True}, + 'related_alert_ids': {'readonly': True}, + 'case_number': {'readonly': True}, + 'last_comment': {'readonly': True}, + 'total_comments': {'readonly': True}, } _attribute_map = { @@ -87,7 +93,7 @@ class Case(Resource): 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'description': {'key': 'properties.description', 'type': 'str'}, 'title': {'key': 'properties.title', 'type': 'str'}, - 'assigned_to': {'key': 'properties.assignedTo', 'type': 'str'}, + 'assigned_to': {'key': 'properties.assignedTo', 'type': 'UserInfo'}, 'severity': {'key': 'properties.severity', 'type': 'str'}, 'status': {'key': 'properties.status', 'type': 'str'}, 'close_reason': {'key': 'properties.closeReason', 'type': 'str'}, @@ -98,11 +104,11 @@ class Case(Resource): 'total_comments': {'key': 'properties.totalComments', 'type': 'int'}, } - def __init__(self, *, start_time_utc, title: str, severity, status, etag: str=None, last_updated_time_utc=None, created_time_utc=None, end_time_utc=None, labels=None, description: str=None, assigned_to: str=None, close_reason=None, closed_reason_text: str=None, related_alert_ids=None, case_number: int=None, last_comment: str=None, total_comments: int=None, **kwargs) -> None: + def __init__(self, *, start_time_utc, title: str, severity, status, etag: str=None, end_time_utc=None, labels=None, description: str=None, assigned_to=None, close_reason=None, closed_reason_text: str=None, **kwargs) -> None: super(Case, self).__init__(**kwargs) self.etag = etag - self.last_updated_time_utc = last_updated_time_utc - self.created_time_utc = created_time_utc + self.last_updated_time_utc = None + self.created_time_utc = None self.end_time_utc = end_time_utc self.start_time_utc = start_time_utc self.labels = labels @@ -113,7 +119,7 @@ def __init__(self, *, start_time_utc, title: str, severity, status, etag: str=No self.status = status self.close_reason = close_reason self.closed_reason_text = closed_reason_text - self.related_alert_ids = related_alert_ids - self.case_number = case_number - self.last_comment = last_comment - self.total_comments = total_comments + self.related_alert_ids = None + self.case_number = None + self.last_comment = None + self.total_comments = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/user_info.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/user_info.py index 2a3863f81e85..f933ca293974 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/user_info.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/user_info.py @@ -15,14 +15,25 @@ class UserInfo(Model): """User information that made some action. - :param object_id: The object id of the user. + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param object_id: Required. The object id of the user. :type object_id: str - :param email: The email of the user. - :type email: str - :param name: The name of the user. - :type name: str + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str """ + _validation = { + 'object_id': {'required': True}, + 'email': {'readonly': True}, + 'name': {'readonly': True}, + } + _attribute_map = { 'object_id': {'key': 'objectId', 'type': 'str'}, 'email': {'key': 'email', 'type': 'str'}, @@ -32,5 +43,5 @@ class UserInfo(Model): def __init__(self, **kwargs): super(UserInfo, self).__init__(**kwargs) self.object_id = kwargs.get('object_id', None) - self.email = kwargs.get('email', None) - self.name = kwargs.get('name', None) + self.email = None + self.name = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/user_info_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/user_info_py3.py index f69ed5c45e56..124ee21acab5 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/user_info_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/user_info_py3.py @@ -15,22 +15,33 @@ class UserInfo(Model): """User information that made some action. - :param object_id: The object id of the user. + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param object_id: Required. The object id of the user. :type object_id: str - :param email: The email of the user. - :type email: str - :param name: The name of the user. - :type name: str + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str """ + _validation = { + 'object_id': {'required': True}, + 'email': {'readonly': True}, + 'name': {'readonly': True}, + } + _attribute_map = { 'object_id': {'key': 'objectId', 'type': 'str'}, 'email': {'key': 'email', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, } - def __init__(self, *, object_id: str=None, email: str=None, name: str=None, **kwargs) -> None: + def __init__(self, *, object_id: str, **kwargs) -> None: super(UserInfo, self).__init__(**kwargs) self.object_id = object_id - self.email = email - self.name = name + self.email = None + self.name = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py index 1c1093bbfcf6..7916a16b79ac 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py @@ -13,6 +13,7 @@ from .alert_rules_operations import AlertRulesOperations from .actions_operations import ActionsOperations from .cases_operations import CasesOperations +from .comments_operations import CommentsOperations from .case_comments_operations import CaseCommentsOperations from .bookmarks_operations import BookmarksOperations from .data_connectors_operations import DataConnectorsOperations @@ -27,6 +28,7 @@ 'AlertRulesOperations', 'ActionsOperations', 'CasesOperations', + 'CommentsOperations', 'CaseCommentsOperations', 'BookmarksOperations', 'DataConnectorsOperations', diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/case_comments_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/case_comments_operations.py index a5235445351b..162fe3e90171 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/case_comments_operations.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/case_comments_operations.py @@ -37,178 +37,6 @@ def __init__(self, client, config, serializer, deserializer): self.config = config - def list( - self, resource_group_name, operational_insights_resource_provider, workspace_name, case_id, filter=None, orderby=None, top=None, skip_token=None, custom_headers=None, raw=False, **operation_config): - """Gets all case comments. - - :param resource_group_name: The name of the resource group within the - user's subscription. The name is case insensitive. - :type resource_group_name: str - :param operational_insights_resource_provider: The namespace of - workspaces resource provider- Microsoft.OperationalInsights. - :type operational_insights_resource_provider: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param case_id: Case ID - :type case_id: str - :param filter: Filters the results, based on a Boolean condition. - Optional. - :type filter: str - :param orderby: Sorts the results. Optional. - :type orderby: str - :param top: Returns only the first n results. Optional. - :type top: int - :param skip_token: Skiptoken is only used if a previous operation - returned a partial result. If a previous response contains a nextLink - element, the value of the nextLink element will include a skiptoken - parameter that specifies a starting point to use for subsequent calls. - Optional. - :type skip_token: str - :param dict custom_headers: headers that will be added to the request - :param bool raw: returns the direct response alongside the - deserialized response - :param operation_config: :ref:`Operation configuration - overrides`. - :return: An iterator like instance of CaseComment - :rtype: - ~azure.mgmt.securityinsight.models.CaseCommentPaged[~azure.mgmt.securityinsight.models.CaseComment] - :raises: :class:`CloudError` - """ - def internal_paging(next_link=None, raw=False): - - if not next_link: - # Construct URL - url = self.list.metadata['url'] - path_format_arguments = { - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'operationalInsightsResourceProvider': self._serialize.url("operational_insights_resource_provider", operational_insights_resource_provider, 'str'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'caseId': self._serialize.url("case_id", case_id, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - if filter is not None: - query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') - if orderby is not None: - query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str') - if top is not None: - query_parameters['$top'] = self._serialize.query("top", top, 'int') - if skip_token is not None: - query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') - - else: - url = next_link - query_parameters = {} - - # Construct headers - header_parameters = {} - header_parameters['Accept'] = 'application/json' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct and send request - request = self._client.get(url, query_parameters, header_parameters) - response = self._client.send(request, stream=False, **operation_config) - - if response.status_code not in [200]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - return response - - # Deserialize response - deserialized = models.CaseCommentPaged(internal_paging, self._deserialize.dependencies) - - if raw: - header_dict = {} - client_raw_response = models.CaseCommentPaged(internal_paging, self._deserialize.dependencies, header_dict) - return client_raw_response - - return deserialized - list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments'} - - def get_comment_by_id( - self, resource_group_name, operational_insights_resource_provider, workspace_name, case_id, case_comment_id, custom_headers=None, raw=False, **operation_config): - """Gets a case comment. - - :param resource_group_name: The name of the resource group within the - user's subscription. The name is case insensitive. - :type resource_group_name: str - :param operational_insights_resource_provider: The namespace of - workspaces resource provider- Microsoft.OperationalInsights. - :type operational_insights_resource_provider: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param case_id: Case ID - :type case_id: str - :param case_comment_id: Case comment ID - :type case_comment_id: str - :param dict custom_headers: headers that will be added to the request - :param bool raw: returns the direct response alongside the - deserialized response - :param operation_config: :ref:`Operation configuration - overrides`. - :return: CaseComment or ClientRawResponse if raw=true - :rtype: ~azure.mgmt.securityinsight.models.CaseComment or - ~msrest.pipeline.ClientRawResponse - :raises: :class:`CloudError` - """ - # Construct URL - url = self.get_comment_by_id.metadata['url'] - path_format_arguments = { - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'operationalInsightsResourceProvider': self._serialize.url("operational_insights_resource_provider", operational_insights_resource_provider, 'str'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'caseId': self._serialize.url("case_id", case_id, 'str'), - 'caseCommentId': self._serialize.url("case_comment_id", case_comment_id, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - - # Construct headers - header_parameters = {} - header_parameters['Accept'] = 'application/json' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct and send request - request = self._client.get(url, query_parameters, header_parameters) - response = self._client.send(request, stream=False, **operation_config) - - if response.status_code not in [200]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - deserialized = None - - if response.status_code == 200: - deserialized = self._deserialize('CaseComment', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - get_comment_by_id.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}'} - def create_comment( self, resource_group_name, operational_insights_resource_provider, workspace_name, case_id, case_comment_id, message, custom_headers=None, raw=False, **operation_config): """Creates the case comment. @@ -237,7 +65,7 @@ def create_comment( ~msrest.pipeline.ClientRawResponse :raises: :class:`CloudError` """ - case_comment_request_body = models.CaseCommentRequestBody(message=message) + case_comment = models.CaseComment(message=message) # Construct URL url = self.create_comment.metadata['url'] @@ -267,21 +95,19 @@ def create_comment( header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') # Construct body - body_content = self._serialize.body(case_comment_request_body, 'CaseCommentRequestBody') + body_content = self._serialize.body(case_comment, 'CaseComment') # Construct and send request request = self._client.put(url, query_parameters, header_parameters, body_content) response = self._client.send(request, stream=False, **operation_config) - if response.status_code not in [200, 201]: + if response.status_code not in [201]: exp = CloudError(response) exp.request_id = response.headers.get('x-ms-request-id') raise exp deserialized = None - if response.status_code == 200: - deserialized = self._deserialize('CaseComment', response) if response.status_code == 201: deserialized = self._deserialize('CaseComment', response) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/cases_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/cases_operations.py index cb8c0b9e5e8b..985df03e8c42 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/cases_operations.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/cases_operations.py @@ -341,3 +341,76 @@ def delete( client_raw_response = ClientRawResponse(None, response) return client_raw_response delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}'} + + def get_comment( + self, resource_group_name, operational_insights_resource_provider, workspace_name, case_id, case_comment_id, custom_headers=None, raw=False, **operation_config): + """Gets a case comment. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param operational_insights_resource_provider: The namespace of + workspaces resource provider- Microsoft.OperationalInsights. + :type operational_insights_resource_provider: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param case_id: Case ID + :type case_id: str + :param case_comment_id: Case comment ID + :type case_comment_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: CaseComment or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.CaseComment or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get_comment.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'operationalInsightsResourceProvider': self._serialize.url("operational_insights_resource_provider", operational_insights_resource_provider, 'str'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'caseId': self._serialize.url("case_id", case_id, 'str'), + 'caseCommentId': self._serialize.url("case_comment_id", case_comment_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('CaseComment', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get_comment.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/comments_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/comments_operations.py new file mode 100644 index 000000000000..891bbe8ae064 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/comments_operations.py @@ -0,0 +1,137 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class CommentsOperations(object): + """CommentsOperations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2019-01-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2019-01-01-preview" + + self.config = config + + def list_by_case( + self, resource_group_name, operational_insights_resource_provider, workspace_name, case_id, filter=None, orderby=None, top=None, skip_token=None, custom_headers=None, raw=False, **operation_config): + """Gets all case comments. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param operational_insights_resource_provider: The namespace of + workspaces resource provider- Microsoft.OperationalInsights. + :type operational_insights_resource_provider: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param case_id: Case ID + :type case_id: str + :param filter: Filters the results, based on a Boolean condition. + Optional. + :type filter: str + :param orderby: Sorts the results. Optional. + :type orderby: str + :param top: Returns only the first n results. Optional. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation + returned a partial result. If a previous response contains a nextLink + element, the value of the nextLink element will include a skiptoken + parameter that specifies a starting point to use for subsequent calls. + Optional. + :type skip_token: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of CaseComment + :rtype: + ~azure.mgmt.securityinsight.models.CaseCommentPaged[~azure.mgmt.securityinsight.models.CaseComment] + :raises: :class:`CloudError` + """ + def internal_paging(next_link=None, raw=False): + + if not next_link: + # Construct URL + url = self.list_by_case.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'operationalInsightsResourceProvider': self._serialize.url("operational_insights_resource_provider", operational_insights_resource_provider, 'str'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'caseId': self._serialize.url("case_id", case_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + if orderby is not None: + query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str') + if top is not None: + query_parameters['$top'] = self._serialize.query("top", top, 'int') + if skip_token is not None: + query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + deserialized = models.CaseCommentPaged(internal_paging, self._deserialize.dependencies) + + if raw: + header_dict = {} + client_raw_response = models.CaseCommentPaged(internal_paging, self._deserialize.dependencies, header_dict) + return client_raw_response + + return deserialized + list_by_case.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py index 9b6abd65d07c..5b9de58d1381 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py @@ -17,6 +17,7 @@ from .operations.alert_rules_operations import AlertRulesOperations from .operations.actions_operations import ActionsOperations from .operations.cases_operations import CasesOperations +from .operations.comments_operations import CommentsOperations from .operations.case_comments_operations import CaseCommentsOperations from .operations.bookmarks_operations import BookmarksOperations from .operations.data_connectors_operations import DataConnectorsOperations @@ -74,6 +75,8 @@ class SecurityInsights(SDKClient): :vartype actions: azure.mgmt.securityinsight.operations.ActionsOperations :ivar cases: Cases operations :vartype cases: azure.mgmt.securityinsight.operations.CasesOperations + :ivar comments: Comments operations + :vartype comments: azure.mgmt.securityinsight.operations.CommentsOperations :ivar case_comments: CaseComments operations :vartype case_comments: azure.mgmt.securityinsight.operations.CaseCommentsOperations :ivar bookmarks: Bookmarks operations @@ -118,6 +121,8 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.cases = CasesOperations( self._client, self.config, self._serialize, self._deserialize) + self.comments = CommentsOperations( + self._client, self.config, self._serialize, self._deserialize) self.case_comments = CaseCommentsOperations( self._client, self.config, self._serialize, self._deserialize) self.bookmarks = BookmarksOperations( From 9719be73ae521d18581dc77961a447a44e8554d4 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Tue, 30 Jul 2019 10:33:11 +0000 Subject: [PATCH 3/4] Generated from 7349895d27a0fb8fb0eca4736cd03c3c2fd5090d changes assignedTo property name to owner + added more values to closeReason enum --- .../azure/mgmt/securityinsight/models/case.py | 10 +++++----- .../azure/mgmt/securityinsight/models/case_py3.py | 12 ++++++------ .../models/security_insights_enums.py | 2 ++ 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py index e20a0b3f2c5c..6a553b242e49 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case.py @@ -42,8 +42,8 @@ class Case(Resource): :type description: str :param title: Required. The title of the case :type title: str - :param assigned_to: Describes a user that the case is assigned to - :type assigned_to: ~azure.mgmt.securityinsight.models.UserInfo + :param owner: Describes a user that the case is assigned to + :type owner: ~azure.mgmt.securityinsight.models.UserInfo :param severity: Required. The severity of the case. Possible values include: 'Critical', 'High', 'Medium', 'Low', 'Informational' :type severity: str or ~azure.mgmt.securityinsight.models.CaseSeverity @@ -51,7 +51,7 @@ class Case(Resource): 'Draft', 'New', 'InProgress', 'Closed' :type status: str or ~azure.mgmt.securityinsight.models.CaseStatus :param close_reason: The reason the case was closed. Possible values - include: 'Resolved', 'Dismissed', 'Other' + include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' :type close_reason: str or ~azure.mgmt.securityinsight.models.CloseReason :param closed_reason_text: the case close reason details :type closed_reason_text: str @@ -93,7 +93,7 @@ class Case(Resource): 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'description': {'key': 'properties.description', 'type': 'str'}, 'title': {'key': 'properties.title', 'type': 'str'}, - 'assigned_to': {'key': 'properties.assignedTo', 'type': 'UserInfo'}, + 'owner': {'key': 'properties.owner', 'type': 'UserInfo'}, 'severity': {'key': 'properties.severity', 'type': 'str'}, 'status': {'key': 'properties.status', 'type': 'str'}, 'close_reason': {'key': 'properties.closeReason', 'type': 'str'}, @@ -114,7 +114,7 @@ def __init__(self, **kwargs): self.labels = kwargs.get('labels', None) self.description = kwargs.get('description', None) self.title = kwargs.get('title', None) - self.assigned_to = kwargs.get('assigned_to', None) + self.owner = kwargs.get('owner', None) self.severity = kwargs.get('severity', None) self.status = kwargs.get('status', None) self.close_reason = kwargs.get('close_reason', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py index 744be3608686..50d9cc27d636 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/case_py3.py @@ -42,8 +42,8 @@ class Case(Resource): :type description: str :param title: Required. The title of the case :type title: str - :param assigned_to: Describes a user that the case is assigned to - :type assigned_to: ~azure.mgmt.securityinsight.models.UserInfo + :param owner: Describes a user that the case is assigned to + :type owner: ~azure.mgmt.securityinsight.models.UserInfo :param severity: Required. The severity of the case. Possible values include: 'Critical', 'High', 'Medium', 'Low', 'Informational' :type severity: str or ~azure.mgmt.securityinsight.models.CaseSeverity @@ -51,7 +51,7 @@ class Case(Resource): 'Draft', 'New', 'InProgress', 'Closed' :type status: str or ~azure.mgmt.securityinsight.models.CaseStatus :param close_reason: The reason the case was closed. Possible values - include: 'Resolved', 'Dismissed', 'Other' + include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' :type close_reason: str or ~azure.mgmt.securityinsight.models.CloseReason :param closed_reason_text: the case close reason details :type closed_reason_text: str @@ -93,7 +93,7 @@ class Case(Resource): 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'description': {'key': 'properties.description', 'type': 'str'}, 'title': {'key': 'properties.title', 'type': 'str'}, - 'assigned_to': {'key': 'properties.assignedTo', 'type': 'UserInfo'}, + 'owner': {'key': 'properties.owner', 'type': 'UserInfo'}, 'severity': {'key': 'properties.severity', 'type': 'str'}, 'status': {'key': 'properties.status', 'type': 'str'}, 'close_reason': {'key': 'properties.closeReason', 'type': 'str'}, @@ -104,7 +104,7 @@ class Case(Resource): 'total_comments': {'key': 'properties.totalComments', 'type': 'int'}, } - def __init__(self, *, start_time_utc, title: str, severity, status, etag: str=None, end_time_utc=None, labels=None, description: str=None, assigned_to=None, close_reason=None, closed_reason_text: str=None, **kwargs) -> None: + def __init__(self, *, start_time_utc, title: str, severity, status, etag: str=None, end_time_utc=None, labels=None, description: str=None, owner=None, close_reason=None, closed_reason_text: str=None, **kwargs) -> None: super(Case, self).__init__(**kwargs) self.etag = etag self.last_updated_time_utc = None @@ -114,7 +114,7 @@ def __init__(self, *, start_time_utc, title: str, severity, status, etag: str=No self.labels = labels self.description = description self.title = title - self.assigned_to = assigned_to + self.owner = owner self.severity = severity self.status = status self.close_reason = close_reason diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py index 4ac727a6f29b..85cab218a196 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py @@ -54,6 +54,8 @@ class CloseReason(str, Enum): resolved = "Resolved" #: Case was resolved dismissed = "Dismissed" #: Case was dismissed + true_positive = "TruePositive" #: Case was true positive + false_positive = "FalsePositive" #: Case was false positive other = "Other" #: Case was closed for another reason From dc00ec42195edf507c04e99acf0fa264086d87dc Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Wed, 7 Aug 2019 14:34:24 +0000 Subject: [PATCH 4/4] Generated from d3a471b37883a3c181e4a20cdbd6b5ec12fcbe1e set x-nullable to true in UserInfo.objectId --- .../mgmt/securityinsight/models/__init__.py | 81 ++++++++ .../securityinsight/models/account_entity.py | 24 +++ .../models/account_entity_py3.py | 24 +++ .../models/azure_resource_entity.py | 67 +++++++ .../models/azure_resource_entity_py3.py | 67 +++++++ .../models/cloud_application_entity.py | 79 ++++++++ .../models/cloud_application_entity_py3.py | 79 ++++++++ .../mgmt/securityinsight/models/dns_entity.py | 85 ++++++++ .../securityinsight/models/dns_entity_py3.py | 85 ++++++++ .../mgmt/securityinsight/models/entity.py | 7 +- .../models/entity_common_properties.py | 43 ++++ .../models/entity_common_properties_py3.py | 43 ++++ .../models/entity_expand_parameters.py | 38 ++++ .../models/entity_expand_parameters_py3.py | 38 ++++ .../models/entity_expand_response.py | 33 ++++ .../models/entity_expand_response_py3.py | 33 ++++ .../models/entity_expand_response_value.py | 28 +++ .../entity_expand_response_value_py3.py | 28 +++ .../securityinsight/models/entity_kind1.py | 6 +- .../models/entity_kind1_py3.py | 6 +- .../mgmt/securityinsight/models/entity_py3.py | 7 +- .../securityinsight/models/entity_query.py | 12 +- .../models/entity_query_py3.py | 14 +- .../models/expansion_result_aggregation.py | 53 +++++ .../expansion_result_aggregation_py3.py | 53 +++++ .../models/expansion_results_metadata.py | 30 +++ .../models/expansion_results_metadata_py3.py | 30 +++ .../securityinsight/models/file_entity.py | 24 +++ .../securityinsight/models/file_entity_py3.py | 24 +++ .../models/file_hash_entity.py | 74 +++++++ .../models/file_hash_entity_py3.py | 74 +++++++ .../securityinsight/models/geo_location.py | 72 +++++++ .../models/geo_location_py3.py | 72 +++++++ .../securityinsight/models/host_entity.py | 13 ++ .../securityinsight/models/host_entity_py3.py | 13 ++ .../mgmt/securityinsight/models/ip_entity.py | 79 ++++++++ .../securityinsight/models/ip_entity_py3.py | 79 ++++++++ .../securityinsight/models/malware_entity.py | 84 ++++++++ .../models/malware_entity_py3.py | 84 ++++++++ .../securityinsight/models/process_entity.py | 109 ++++++++++ .../models/process_entity_py3.py | 109 ++++++++++ .../models/registry_key_entity.py | 76 +++++++ .../models/registry_key_entity_py3.py | 76 +++++++ .../models/registry_value_entity.py | 86 ++++++++ .../models/registry_value_entity_py3.py | 86 ++++++++ .../securityinsight/models/security_alert.py | 186 ++++++++++++++++++ ...lert_properties_confidence_reasons_item.py | 40 ++++ ..._properties_confidence_reasons_item_py3.py | 40 ++++ .../models/security_alert_py3.py | 186 ++++++++++++++++++ .../models/security_group_entity.py | 79 ++++++++ .../models/security_group_entity_py3.py | 79 ++++++++ .../models/security_insights_enums.py | 117 +++++++++++ .../models/threat_intelligence.py | 61 ++++++ .../models/threat_intelligence_py3.py | 61 ++++++ .../mgmt/securityinsight/models/url_entity.py | 67 +++++++ .../securityinsight/models/url_entity_py3.py | 67 +++++++ .../operations/entities_operations.py | 78 ++++++++ 57 files changed, 3373 insertions(+), 15 deletions(-) create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/azure_resource_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/azure_resource_entity_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/cloud_application_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/cloud_application_entity_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/dns_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/dns_entity_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_common_properties.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_common_properties_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_parameters.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_parameters_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_value.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_value_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_result_aggregation.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_result_aggregation_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_results_metadata.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_results_metadata_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_hash_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_hash_entity_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/geo_location.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/geo_location_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/ip_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/ip_entity_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/malware_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/malware_entity_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/process_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/process_entity_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_key_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_key_entity_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_value_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_value_entity_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_properties_confidence_reasons_item.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_properties_confidence_reasons_item_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_group_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_group_entity_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/threat_intelligence.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/threat_intelligence_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/url_entity.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/url_entity_py3.py diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py index f4f5d666df15..131796556f8c 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py @@ -46,9 +46,30 @@ from .data_connector_data_type_common_py3 import DataConnectorDataTypeCommon from .entity_py3 import Entity from .entity_kind1_py3 import EntityKind1 + from .entity_common_properties_py3 import EntityCommonProperties from .account_entity_py3 import AccountEntity from .host_entity_py3 import HostEntity from .file_entity_py3 import FileEntity + from .security_alert_properties_confidence_reasons_item_py3 import SecurityAlertPropertiesConfidenceReasonsItem + from .security_alert_py3 import SecurityAlert + from .file_hash_entity_py3 import FileHashEntity + from .malware_entity_py3 import MalwareEntity + from .security_group_entity_py3 import SecurityGroupEntity + from .azure_resource_entity_py3 import AzureResourceEntity + from .cloud_application_entity_py3 import CloudApplicationEntity + from .process_entity_py3 import ProcessEntity + from .dns_entity_py3 import DnsEntity + from .geo_location_py3 import GeoLocation + from .threat_intelligence_py3 import ThreatIntelligence + from .ip_entity_py3 import IpEntity + from .registry_key_entity_py3 import RegistryKeyEntity + from .registry_value_entity_py3 import RegistryValueEntity + from .url_entity_py3 import UrlEntity + from .entity_expand_parameters_py3 import EntityExpandParameters + from .entity_expand_response_value_py3 import EntityExpandResponseValue + from .expansion_result_aggregation_py3 import ExpansionResultAggregation + from .expansion_results_metadata_py3 import ExpansionResultsMetadata + from .entity_expand_response_py3 import EntityExpandResponse from .office_consent_py3 import OfficeConsent from .resource_py3 import Resource from .settings_py3 import Settings @@ -98,9 +119,30 @@ from .data_connector_data_type_common import DataConnectorDataTypeCommon from .entity import Entity from .entity_kind1 import EntityKind1 + from .entity_common_properties import EntityCommonProperties from .account_entity import AccountEntity from .host_entity import HostEntity from .file_entity import FileEntity + from .security_alert_properties_confidence_reasons_item import SecurityAlertPropertiesConfidenceReasonsItem + from .security_alert import SecurityAlert + from .file_hash_entity import FileHashEntity + from .malware_entity import MalwareEntity + from .security_group_entity import SecurityGroupEntity + from .azure_resource_entity import AzureResourceEntity + from .cloud_application_entity import CloudApplicationEntity + from .process_entity import ProcessEntity + from .dns_entity import DnsEntity + from .geo_location import GeoLocation + from .threat_intelligence import ThreatIntelligence + from .ip_entity import IpEntity + from .registry_key_entity import RegistryKeyEntity + from .registry_value_entity import RegistryValueEntity + from .url_entity import UrlEntity + from .entity_expand_parameters import EntityExpandParameters + from .entity_expand_response_value import EntityExpandResponseValue + from .expansion_result_aggregation import ExpansionResultAggregation + from .expansion_results_metadata import ExpansionResultsMetadata + from .entity_expand_response import EntityExpandResponse from .office_consent import OfficeConsent from .resource import Resource from .settings import Settings @@ -134,10 +176,19 @@ DataTypeState, EntityKind, OSFamily, + ConfidenceScoreStatus, + KillChainIntent, + ConfidenceLevel, + AlertStatus, + FileHashAlgorithm, + ElevationToken, + RegistryHive, + RegistryValueKind, SettingKind, StatusInMcas, LicenseStatus, AggregationsKind, + EntityType, ) __all__ = [ @@ -177,9 +228,30 @@ 'DataConnectorDataTypeCommon', 'Entity', 'EntityKind1', + 'EntityCommonProperties', 'AccountEntity', 'HostEntity', 'FileEntity', + 'SecurityAlertPropertiesConfidenceReasonsItem', + 'SecurityAlert', + 'FileHashEntity', + 'MalwareEntity', + 'SecurityGroupEntity', + 'AzureResourceEntity', + 'CloudApplicationEntity', + 'ProcessEntity', + 'DnsEntity', + 'GeoLocation', + 'ThreatIntelligence', + 'IpEntity', + 'RegistryKeyEntity', + 'RegistryValueEntity', + 'UrlEntity', + 'EntityExpandParameters', + 'EntityExpandResponseValue', + 'ExpansionResultAggregation', + 'ExpansionResultsMetadata', + 'EntityExpandResponse', 'OfficeConsent', 'Resource', 'Settings', @@ -212,8 +284,17 @@ 'DataTypeState', 'EntityKind', 'OSFamily', + 'ConfidenceScoreStatus', + 'KillChainIntent', + 'ConfidenceLevel', + 'AlertStatus', + 'FileHashAlgorithm', + 'ElevationToken', + 'RegistryHive', + 'RegistryValueKind', 'SettingKind', 'StatusInMcas', 'LicenseStatus', 'AggregationsKind', + 'EntityType', ] diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/account_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/account_entity.py index e1b09b4fc542..abf0ef434644 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/account_entity.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/account_entity.py @@ -28,6 +28,13 @@ class AccountEntity(Entity): :vartype name: str :param kind: Required. Constant filled by server. :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] :ivar account_name: The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. :vartype account_name: str @@ -47,10 +54,15 @@ class AccountEntity(Entity): :vartype puid: str :ivar is_domain_joined: Determines whether this is a domain account. :vartype is_domain_joined: bool + :ivar display_name: The display name of the account. + :vartype display_name: str :ivar object_guid: The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. :vartype object_guid: str + :ivar host_entity_id: The Host entity id that contains the account in case + it is a local account (not domain joined) + :vartype host_entity_id: str """ _validation = { @@ -58,6 +70,8 @@ class AccountEntity(Entity): 'type': {'readonly': True}, 'name': {'readonly': True}, 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, 'account_name': {'readonly': True}, 'nt_domain': {'readonly': True}, 'upn_suffix': {'readonly': True}, @@ -66,7 +80,9 @@ class AccountEntity(Entity): 'aad_user_id': {'readonly': True}, 'puid': {'readonly': True}, 'is_domain_joined': {'readonly': True}, + 'display_name': {'readonly': True}, 'object_guid': {'readonly': True}, + 'host_entity_id': {'readonly': True}, } _attribute_map = { @@ -74,6 +90,8 @@ class AccountEntity(Entity): 'type': {'key': 'type', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, 'account_name': {'key': 'properties.accountName', 'type': 'str'}, 'nt_domain': {'key': 'properties.ntDomain', 'type': 'str'}, 'upn_suffix': {'key': 'properties.upnSuffix', 'type': 'str'}, @@ -82,11 +100,15 @@ class AccountEntity(Entity): 'aad_user_id': {'key': 'properties.aadUserId', 'type': 'str'}, 'puid': {'key': 'properties.puid', 'type': 'str'}, 'is_domain_joined': {'key': 'properties.isDomainJoined', 'type': 'bool'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, 'object_guid': {'key': 'properties.objectGuid', 'type': 'str'}, + 'host_entity_id': {'key': 'properties.hostEntityId', 'type': 'str'}, } def __init__(self, **kwargs): super(AccountEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None self.account_name = None self.nt_domain = None self.upn_suffix = None @@ -95,5 +117,7 @@ def __init__(self, **kwargs): self.aad_user_id = None self.puid = None self.is_domain_joined = None + self.display_name = None self.object_guid = None + self.host_entity_id = None self.kind = 'Account' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/account_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/account_entity_py3.py index 488716037262..8c5fd40d8c8b 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/account_entity_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/account_entity_py3.py @@ -28,6 +28,13 @@ class AccountEntity(Entity): :vartype name: str :param kind: Required. Constant filled by server. :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] :ivar account_name: The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. :vartype account_name: str @@ -47,10 +54,15 @@ class AccountEntity(Entity): :vartype puid: str :ivar is_domain_joined: Determines whether this is a domain account. :vartype is_domain_joined: bool + :ivar display_name: The display name of the account. + :vartype display_name: str :ivar object_guid: The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. :vartype object_guid: str + :ivar host_entity_id: The Host entity id that contains the account in case + it is a local account (not domain joined) + :vartype host_entity_id: str """ _validation = { @@ -58,6 +70,8 @@ class AccountEntity(Entity): 'type': {'readonly': True}, 'name': {'readonly': True}, 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, 'account_name': {'readonly': True}, 'nt_domain': {'readonly': True}, 'upn_suffix': {'readonly': True}, @@ -66,7 +80,9 @@ class AccountEntity(Entity): 'aad_user_id': {'readonly': True}, 'puid': {'readonly': True}, 'is_domain_joined': {'readonly': True}, + 'display_name': {'readonly': True}, 'object_guid': {'readonly': True}, + 'host_entity_id': {'readonly': True}, } _attribute_map = { @@ -74,6 +90,8 @@ class AccountEntity(Entity): 'type': {'key': 'type', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, 'account_name': {'key': 'properties.accountName', 'type': 'str'}, 'nt_domain': {'key': 'properties.ntDomain', 'type': 'str'}, 'upn_suffix': {'key': 'properties.upnSuffix', 'type': 'str'}, @@ -82,11 +100,15 @@ class AccountEntity(Entity): 'aad_user_id': {'key': 'properties.aadUserId', 'type': 'str'}, 'puid': {'key': 'properties.puid', 'type': 'str'}, 'is_domain_joined': {'key': 'properties.isDomainJoined', 'type': 'bool'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, 'object_guid': {'key': 'properties.objectGuid', 'type': 'str'}, + 'host_entity_id': {'key': 'properties.hostEntityId', 'type': 'str'}, } def __init__(self, **kwargs) -> None: super(AccountEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None self.account_name = None self.nt_domain = None self.upn_suffix = None @@ -95,5 +117,7 @@ def __init__(self, **kwargs) -> None: self.aad_user_id = None self.puid = None self.is_domain_joined = None + self.display_name = None self.object_guid = None + self.host_entity_id = None self.kind = 'Account' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/azure_resource_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/azure_resource_entity.py new file mode 100644 index 000000000000..8368c798bcc1 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/azure_resource_entity.py @@ -0,0 +1,67 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class AzureResourceEntity(Entity): + """Represents an azure resource entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar resource_id: The azure resource id of the resource + :vartype resource_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'resource_id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'resource_id': {'key': 'properties.resourceId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AzureResourceEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.resource_id = None + self.kind = 'AzureResource' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/azure_resource_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/azure_resource_entity_py3.py new file mode 100644 index 000000000000..235c15d718f1 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/azure_resource_entity_py3.py @@ -0,0 +1,67 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class AzureResourceEntity(Entity): + """Represents an azure resource entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar resource_id: The azure resource id of the resource + :vartype resource_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'resource_id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'resource_id': {'key': 'properties.resourceId', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(AzureResourceEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.resource_id = None + self.kind = 'AzureResource' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/cloud_application_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/cloud_application_entity.py new file mode 100644 index 000000000000..e994fbf427e1 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/cloud_application_entity.py @@ -0,0 +1,79 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class CloudApplicationEntity(Entity): + """Represents a cloud application entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar app_id: The technical identifier of the application. + :vartype app_id: int + :ivar app_name: The name of the related cloud application. + :vartype app_name: str + :ivar instance_name: The user defined instance name of the cloud + application. It is often used to distinguish between several applications + of the same type that a customer has. + :vartype instance_name: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'app_id': {'readonly': True}, + 'app_name': {'readonly': True}, + 'instance_name': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'app_id': {'key': 'properties.appId', 'type': 'int'}, + 'app_name': {'key': 'properties.appName', 'type': 'str'}, + 'instance_name': {'key': 'properties.instanceName', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CloudApplicationEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.app_id = None + self.app_name = None + self.instance_name = None + self.kind = 'CloudApplication' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/cloud_application_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/cloud_application_entity_py3.py new file mode 100644 index 000000000000..56eaa72cac15 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/cloud_application_entity_py3.py @@ -0,0 +1,79 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class CloudApplicationEntity(Entity): + """Represents a cloud application entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar app_id: The technical identifier of the application. + :vartype app_id: int + :ivar app_name: The name of the related cloud application. + :vartype app_name: str + :ivar instance_name: The user defined instance name of the cloud + application. It is often used to distinguish between several applications + of the same type that a customer has. + :vartype instance_name: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'app_id': {'readonly': True}, + 'app_name': {'readonly': True}, + 'instance_name': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'app_id': {'key': 'properties.appId', 'type': 'int'}, + 'app_name': {'key': 'properties.appName', 'type': 'str'}, + 'instance_name': {'key': 'properties.instanceName', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(CloudApplicationEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.app_id = None + self.app_name = None + self.instance_name = None + self.kind = 'CloudApplication' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/dns_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/dns_entity.py new file mode 100644 index 000000000000..0a1022cf3d2f --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/dns_entity.py @@ -0,0 +1,85 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class DnsEntity(Entity): + """Represents a dns entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar domain_name: The name of the dns record associated with the alert + :vartype domain_name: str + :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip + address. + :vartype ip_address_entity_ids: list[str] + :ivar dns_server_ip_entity_id: An ip entity id for the dns server + resolving the request + :vartype dns_server_ip_entity_id: str + :ivar host_ip_address_entity_id: An ip entity id for the dns request + client + :vartype host_ip_address_entity_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'domain_name': {'readonly': True}, + 'ip_address_entity_ids': {'readonly': True}, + 'dns_server_ip_entity_id': {'readonly': True}, + 'host_ip_address_entity_id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'domain_name': {'key': 'properties.domainName', 'type': 'str'}, + 'ip_address_entity_ids': {'key': 'properties.ipAddressEntityIds', 'type': '[str]'}, + 'dns_server_ip_entity_id': {'key': 'properties.dnsServerIpEntityId', 'type': 'str'}, + 'host_ip_address_entity_id': {'key': 'properties.hostIpAddressEntityId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(DnsEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.domain_name = None + self.ip_address_entity_ids = None + self.dns_server_ip_entity_id = None + self.host_ip_address_entity_id = None + self.kind = 'DnsResolution' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/dns_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/dns_entity_py3.py new file mode 100644 index 000000000000..d2026acd79e1 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/dns_entity_py3.py @@ -0,0 +1,85 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class DnsEntity(Entity): + """Represents a dns entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar domain_name: The name of the dns record associated with the alert + :vartype domain_name: str + :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip + address. + :vartype ip_address_entity_ids: list[str] + :ivar dns_server_ip_entity_id: An ip entity id for the dns server + resolving the request + :vartype dns_server_ip_entity_id: str + :ivar host_ip_address_entity_id: An ip entity id for the dns request + client + :vartype host_ip_address_entity_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'domain_name': {'readonly': True}, + 'ip_address_entity_ids': {'readonly': True}, + 'dns_server_ip_entity_id': {'readonly': True}, + 'host_ip_address_entity_id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'domain_name': {'key': 'properties.domainName', 'type': 'str'}, + 'ip_address_entity_ids': {'key': 'properties.ipAddressEntityIds', 'type': '[str]'}, + 'dns_server_ip_entity_id': {'key': 'properties.dnsServerIpEntityId', 'type': 'str'}, + 'host_ip_address_entity_id': {'key': 'properties.hostIpAddressEntityId', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(DnsEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.domain_name = None + self.ip_address_entity_ids = None + self.dns_server_ip_entity_id = None + self.host_ip_address_entity_id = None + self.kind = 'DnsResolution' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity.py index 6ff63f9545c4..b9a2b8ac57c6 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity.py @@ -16,7 +16,10 @@ class Entity(Model): """Specific entity. You probably want to use the sub-classes and not this class directly. Known - sub-classes are: AccountEntity, HostEntity, FileEntity + sub-classes are: AccountEntity, HostEntity, FileEntity, SecurityAlert, + FileHashEntity, MalwareEntity, SecurityGroupEntity, AzureResourceEntity, + CloudApplicationEntity, ProcessEntity, DnsEntity, IpEntity, + RegistryKeyEntity, RegistryValueEntity, UrlEntity Variables are only populated by the server, and will be ignored when sending a request. @@ -48,7 +51,7 @@ class Entity(Model): } _subtype_map = { - 'kind': {'Account': 'AccountEntity', 'Host': 'HostEntity', 'File': 'FileEntity'} + 'kind': {'Account': 'AccountEntity', 'Host': 'HostEntity', 'File': 'FileEntity', 'SecurityAlert': 'SecurityAlert', 'FileHash': 'FileHashEntity', 'Malware': 'MalwareEntity', 'SecurityGroup': 'SecurityGroupEntity', 'AzureResource': 'AzureResourceEntity', 'CloudApplication': 'CloudApplicationEntity', 'Process': 'ProcessEntity', 'DnsResolution': 'DnsEntity', 'Ip': 'IpEntity', 'RegistryKey': 'RegistryKeyEntity', 'RegistryValue': 'RegistryValueEntity', 'Url': 'UrlEntity'} } def __init__(self, **kwargs): diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_common_properties.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_common_properties.py new file mode 100644 index 000000000000..6eef757d200b --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_common_properties.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class EntityCommonProperties(Model): + """Entity common property bag. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + """ + + _validation = { + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + } + + _attribute_map = { + 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'additionalData', 'type': '{object}'}, + } + + def __init__(self, **kwargs): + super(EntityCommonProperties, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_common_properties_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_common_properties_py3.py new file mode 100644 index 000000000000..66b7c34df508 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_common_properties_py3.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class EntityCommonProperties(Model): + """Entity common property bag. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + """ + + _validation = { + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + } + + _attribute_map = { + 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'additionalData', 'type': '{object}'}, + } + + def __init__(self, **kwargs) -> None: + super(EntityCommonProperties, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_parameters.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_parameters.py new file mode 100644 index 000000000000..5e5399b11f83 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_parameters.py @@ -0,0 +1,38 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class EntityExpandParameters(Model): + """The parameters required to execute an expand operation on the given entity. + + :param expansion_id: The Id of the expansion to perform. + :type expansion_id: str + :param start_time: The start date filter, so the only expansion results + returned are after this date. + :type start_time: datetime + :param end_time: The end date filter, so the only expansion results + returned are before this date. + :type end_time: datetime + """ + + _attribute_map = { + 'expansion_id': {'key': 'expansionId', 'type': 'str'}, + 'start_time': {'key': 'startTime', 'type': 'iso-8601'}, + 'end_time': {'key': 'endTime', 'type': 'iso-8601'}, + } + + def __init__(self, **kwargs): + super(EntityExpandParameters, self).__init__(**kwargs) + self.expansion_id = kwargs.get('expansion_id', None) + self.start_time = kwargs.get('start_time', None) + self.end_time = kwargs.get('end_time', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_parameters_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_parameters_py3.py new file mode 100644 index 000000000000..2248b6ddd217 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_parameters_py3.py @@ -0,0 +1,38 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class EntityExpandParameters(Model): + """The parameters required to execute an expand operation on the given entity. + + :param expansion_id: The Id of the expansion to perform. + :type expansion_id: str + :param start_time: The start date filter, so the only expansion results + returned are after this date. + :type start_time: datetime + :param end_time: The end date filter, so the only expansion results + returned are before this date. + :type end_time: datetime + """ + + _attribute_map = { + 'expansion_id': {'key': 'expansionId', 'type': 'str'}, + 'start_time': {'key': 'startTime', 'type': 'iso-8601'}, + 'end_time': {'key': 'endTime', 'type': 'iso-8601'}, + } + + def __init__(self, *, expansion_id: str=None, start_time=None, end_time=None, **kwargs) -> None: + super(EntityExpandParameters, self).__init__(**kwargs) + self.expansion_id = expansion_id + self.start_time = start_time + self.end_time = end_time diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response.py new file mode 100644 index 000000000000..d3e084ddf39b --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response.py @@ -0,0 +1,33 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class EntityExpandResponse(Model): + """The entity expansion result operation response. + + :param value: The expansion result values. + :type value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue + :param meta_data: The metadata from the expansion operation results. + :type meta_data: + ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata + """ + + _attribute_map = { + 'value': {'key': 'value', 'type': 'EntityExpandResponseValue'}, + 'meta_data': {'key': 'metaData', 'type': 'ExpansionResultsMetadata'}, + } + + def __init__(self, **kwargs): + super(EntityExpandResponse, self).__init__(**kwargs) + self.value = kwargs.get('value', None) + self.meta_data = kwargs.get('meta_data', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_py3.py new file mode 100644 index 000000000000..3ccf0d003035 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_py3.py @@ -0,0 +1,33 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class EntityExpandResponse(Model): + """The entity expansion result operation response. + + :param value: The expansion result values. + :type value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue + :param meta_data: The metadata from the expansion operation results. + :type meta_data: + ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata + """ + + _attribute_map = { + 'value': {'key': 'value', 'type': 'EntityExpandResponseValue'}, + 'meta_data': {'key': 'metaData', 'type': 'ExpansionResultsMetadata'}, + } + + def __init__(self, *, value=None, meta_data=None, **kwargs) -> None: + super(EntityExpandResponse, self).__init__(**kwargs) + self.value = value + self.meta_data = meta_data diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_value.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_value.py new file mode 100644 index 000000000000..c7114cddbf64 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_value.py @@ -0,0 +1,28 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class EntityExpandResponseValue(Model): + """The expansion result values. + + :param entities: Array of the expansion result entities. + :type entities: list[~azure.mgmt.securityinsight.models.Entity] + """ + + _attribute_map = { + 'entities': {'key': 'entities', 'type': '[Entity]'}, + } + + def __init__(self, **kwargs): + super(EntityExpandResponseValue, self).__init__(**kwargs) + self.entities = kwargs.get('entities', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_value_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_value_py3.py new file mode 100644 index 000000000000..6c08ddd3c527 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_expand_response_value_py3.py @@ -0,0 +1,28 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class EntityExpandResponseValue(Model): + """The expansion result values. + + :param entities: Array of the expansion result entities. + :type entities: list[~azure.mgmt.securityinsight.models.Entity] + """ + + _attribute_map = { + 'entities': {'key': 'entities', 'type': '[Entity]'}, + } + + def __init__(self, *, entities=None, **kwargs) -> None: + super(EntityExpandResponseValue, self).__init__(**kwargs) + self.entities = entities diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_kind1.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_kind1.py index ba90815c9d83..5a090ae17e6f 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_kind1.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_kind1.py @@ -13,10 +13,12 @@ class EntityKind1(Model): - """Describes an Azure resource with kind. + """Describes an entity with kind. :param kind: The kind of the entity. Possible values include: 'Account', - 'Host', 'File' + 'Host', 'File', 'AzureResource', 'CloudApplication', 'DnsResolution', + 'FileHash', 'Ip', 'Malware', 'Process', 'RegistryKey', 'RegistryValue', + 'SecurityGroup', 'Url', 'SecurityAlert', 'Bookmark' :type kind: str or ~azure.mgmt.securityinsight.models.EntityKind """ diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_kind1_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_kind1_py3.py index f318be914961..baa858bbd278 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_kind1_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_kind1_py3.py @@ -13,10 +13,12 @@ class EntityKind1(Model): - """Describes an Azure resource with kind. + """Describes an entity with kind. :param kind: The kind of the entity. Possible values include: 'Account', - 'Host', 'File' + 'Host', 'File', 'AzureResource', 'CloudApplication', 'DnsResolution', + 'FileHash', 'Ip', 'Malware', 'Process', 'RegistryKey', 'RegistryValue', + 'SecurityGroup', 'Url', 'SecurityAlert', 'Bookmark' :type kind: str or ~azure.mgmt.securityinsight.models.EntityKind """ diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_py3.py index a3dae2ccad17..0359c1a58dfb 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_py3.py @@ -16,7 +16,10 @@ class Entity(Model): """Specific entity. You probably want to use the sub-classes and not this class directly. Known - sub-classes are: AccountEntity, HostEntity, FileEntity + sub-classes are: AccountEntity, HostEntity, FileEntity, SecurityAlert, + FileHashEntity, MalwareEntity, SecurityGroupEntity, AzureResourceEntity, + CloudApplicationEntity, ProcessEntity, DnsEntity, IpEntity, + RegistryKeyEntity, RegistryValueEntity, UrlEntity Variables are only populated by the server, and will be ignored when sending a request. @@ -48,7 +51,7 @@ class Entity(Model): } _subtype_map = { - 'kind': {'Account': 'AccountEntity', 'Host': 'HostEntity', 'File': 'FileEntity'} + 'kind': {'Account': 'AccountEntity', 'Host': 'HostEntity', 'File': 'FileEntity', 'SecurityAlert': 'SecurityAlert', 'FileHash': 'FileHashEntity', 'Malware': 'MalwareEntity', 'SecurityGroup': 'SecurityGroupEntity', 'AzureResource': 'AzureResourceEntity', 'CloudApplication': 'CloudApplicationEntity', 'Process': 'ProcessEntity', 'DnsResolution': 'DnsEntity', 'Ip': 'IpEntity', 'RegistryKey': 'RegistryKeyEntity', 'RegistryValue': 'RegistryValueEntity', 'Url': 'UrlEntity'} } def __init__(self, **kwargs) -> None: diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_query.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_query.py index e13b5f2cdf91..2ba892b51540 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_query.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_query.py @@ -27,14 +27,20 @@ class EntityQuery(Resource): :param query_template: The template query string to be parsed and formatted :type query_template: str - :param input_entity_type: The type of the query's source entity - :type input_entity_type: str + :param input_entity_type: The type of the query's source entity. Possible + values include: 'Account', 'Host', 'File', 'AzureResource', + 'CloudApplication', 'DNS', 'FileHash', 'IP', 'Malware', 'Process', + 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'SecurityAlert', + 'HuntingBookmark' + :type input_entity_type: str or + ~azure.mgmt.securityinsight.models.EntityType :param input_fields: List of the fields of the source entity that are required to run the query :type input_fields: list[str] :param output_entity_types: List of the desired output types to be constructed from the result - :type output_entity_types: list[str] + :type output_entity_types: list[str or + ~azure.mgmt.securityinsight.models.EntityType] :param data_sources: List of the data sources that are required to run the query :type data_sources: list[str] diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_query_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_query_py3.py index 554129764249..db98e82c1803 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_query_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/entity_query_py3.py @@ -27,14 +27,20 @@ class EntityQuery(Resource): :param query_template: The template query string to be parsed and formatted :type query_template: str - :param input_entity_type: The type of the query's source entity - :type input_entity_type: str + :param input_entity_type: The type of the query's source entity. Possible + values include: 'Account', 'Host', 'File', 'AzureResource', + 'CloudApplication', 'DNS', 'FileHash', 'IP', 'Malware', 'Process', + 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'SecurityAlert', + 'HuntingBookmark' + :type input_entity_type: str or + ~azure.mgmt.securityinsight.models.EntityType :param input_fields: List of the fields of the source entity that are required to run the query :type input_fields: list[str] :param output_entity_types: List of the desired output types to be constructed from the result - :type output_entity_types: list[str] + :type output_entity_types: list[str or + ~azure.mgmt.securityinsight.models.EntityType] :param data_sources: List of the data sources that are required to run the query :type data_sources: list[str] @@ -60,7 +66,7 @@ class EntityQuery(Resource): 'display_name': {'key': 'properties.displayName', 'type': 'str'}, } - def __init__(self, *, query_template: str=None, input_entity_type: str=None, input_fields=None, output_entity_types=None, data_sources=None, display_name: str=None, **kwargs) -> None: + def __init__(self, *, query_template: str=None, input_entity_type=None, input_fields=None, output_entity_types=None, data_sources=None, display_name: str=None, **kwargs) -> None: super(EntityQuery, self).__init__(**kwargs) self.query_template = query_template self.input_entity_type = input_entity_type diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_result_aggregation.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_result_aggregation.py new file mode 100644 index 000000000000..738de3c6a96d --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_result_aggregation.py @@ -0,0 +1,53 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class ExpansionResultAggregation(Model): + """Information of a specific aggregation in the expansion result. + + All required parameters must be populated in order to send to Azure. + + :param entity_kind: Required. The kind of the aggregated entity. Possible + values include: 'Account', 'Host', 'File', 'AzureResource', + 'CloudApplication', 'DnsResolution', 'FileHash', 'Ip', 'Malware', + 'Process', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'Url', + 'SecurityAlert', 'Bookmark' + :type entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :param count: Required. Total number of aggregations of the given kind + (and aggregationType if given) in the expansion result. + :type count: int + :param aggregation_type: The common type of the aggregation. (for e.g. + entity field name) + :type aggregation_type: str + :param display_name: The display name of the aggregation by type. + :type display_name: str + """ + + _validation = { + 'entity_kind': {'required': True}, + 'count': {'required': True}, + } + + _attribute_map = { + 'entity_kind': {'key': 'entityKind', 'type': 'str'}, + 'count': {'key': 'count', 'type': 'int'}, + 'aggregation_type': {'key': 'aggregationType', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ExpansionResultAggregation, self).__init__(**kwargs) + self.entity_kind = kwargs.get('entity_kind', None) + self.count = kwargs.get('count', None) + self.aggregation_type = kwargs.get('aggregation_type', None) + self.display_name = kwargs.get('display_name', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_result_aggregation_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_result_aggregation_py3.py new file mode 100644 index 000000000000..1f5eeddc0ae5 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_result_aggregation_py3.py @@ -0,0 +1,53 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class ExpansionResultAggregation(Model): + """Information of a specific aggregation in the expansion result. + + All required parameters must be populated in order to send to Azure. + + :param entity_kind: Required. The kind of the aggregated entity. Possible + values include: 'Account', 'Host', 'File', 'AzureResource', + 'CloudApplication', 'DnsResolution', 'FileHash', 'Ip', 'Malware', + 'Process', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'Url', + 'SecurityAlert', 'Bookmark' + :type entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :param count: Required. Total number of aggregations of the given kind + (and aggregationType if given) in the expansion result. + :type count: int + :param aggregation_type: The common type of the aggregation. (for e.g. + entity field name) + :type aggregation_type: str + :param display_name: The display name of the aggregation by type. + :type display_name: str + """ + + _validation = { + 'entity_kind': {'required': True}, + 'count': {'required': True}, + } + + _attribute_map = { + 'entity_kind': {'key': 'entityKind', 'type': 'str'}, + 'count': {'key': 'count', 'type': 'int'}, + 'aggregation_type': {'key': 'aggregationType', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + } + + def __init__(self, *, entity_kind, count: int, aggregation_type: str=None, display_name: str=None, **kwargs) -> None: + super(ExpansionResultAggregation, self).__init__(**kwargs) + self.entity_kind = entity_kind + self.count = count + self.aggregation_type = aggregation_type + self.display_name = display_name diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_results_metadata.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_results_metadata.py new file mode 100644 index 000000000000..bf844b843a6b --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_results_metadata.py @@ -0,0 +1,30 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class ExpansionResultsMetadata(Model): + """Expansion result metadata. + + :param aggregations: Information of the aggregated nodes in the expansion + result. + :type aggregations: + list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] + """ + + _attribute_map = { + 'aggregations': {'key': 'aggregations', 'type': '[ExpansionResultAggregation]'}, + } + + def __init__(self, **kwargs): + super(ExpansionResultsMetadata, self).__init__(**kwargs) + self.aggregations = kwargs.get('aggregations', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_results_metadata_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_results_metadata_py3.py new file mode 100644 index 000000000000..07318fa8ea45 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/expansion_results_metadata_py3.py @@ -0,0 +1,30 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class ExpansionResultsMetadata(Model): + """Expansion result metadata. + + :param aggregations: Information of the aggregated nodes in the expansion + result. + :type aggregations: + list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] + """ + + _attribute_map = { + 'aggregations': {'key': 'aggregations', 'type': '[ExpansionResultAggregation]'}, + } + + def __init__(self, *, aggregations=None, **kwargs) -> None: + super(ExpansionResultsMetadata, self).__init__(**kwargs) + self.aggregations = aggregations diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_entity.py index a05b2798f09e..6580399f92b2 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_entity.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_entity.py @@ -28,11 +28,23 @@ class FileEntity(Entity): :vartype name: str :param kind: Required. Constant filled by server. :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] :ivar directory: The full path to the file. :vartype directory: str :ivar file_name: The file name without path (some alerts might not include path). :vartype file_name: str + :ivar host_entity_id: The Host entity id which the file belongs to + :vartype host_entity_id: str + :ivar file_hash_entity_ids: The file hash entity identifiers associated + with this file + :vartype file_hash_entity_ids: list[str] """ _validation = { @@ -40,8 +52,12 @@ class FileEntity(Entity): 'type': {'readonly': True}, 'name': {'readonly': True}, 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, 'directory': {'readonly': True}, 'file_name': {'readonly': True}, + 'host_entity_id': {'readonly': True}, + 'file_hash_entity_ids': {'readonly': True}, } _attribute_map = { @@ -49,12 +65,20 @@ class FileEntity(Entity): 'type': {'key': 'type', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, 'directory': {'key': 'properties.directory', 'type': 'str'}, 'file_name': {'key': 'properties.fileName', 'type': 'str'}, + 'host_entity_id': {'key': 'properties.hostEntityId', 'type': 'str'}, + 'file_hash_entity_ids': {'key': 'properties.fileHashEntityIds', 'type': '[str]'}, } def __init__(self, **kwargs): super(FileEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None self.directory = None self.file_name = None + self.host_entity_id = None + self.file_hash_entity_ids = None self.kind = 'File' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_entity_py3.py index c60c5da36071..4857d4505ad1 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_entity_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_entity_py3.py @@ -28,11 +28,23 @@ class FileEntity(Entity): :vartype name: str :param kind: Required. Constant filled by server. :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] :ivar directory: The full path to the file. :vartype directory: str :ivar file_name: The file name without path (some alerts might not include path). :vartype file_name: str + :ivar host_entity_id: The Host entity id which the file belongs to + :vartype host_entity_id: str + :ivar file_hash_entity_ids: The file hash entity identifiers associated + with this file + :vartype file_hash_entity_ids: list[str] """ _validation = { @@ -40,8 +52,12 @@ class FileEntity(Entity): 'type': {'readonly': True}, 'name': {'readonly': True}, 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, 'directory': {'readonly': True}, 'file_name': {'readonly': True}, + 'host_entity_id': {'readonly': True}, + 'file_hash_entity_ids': {'readonly': True}, } _attribute_map = { @@ -49,12 +65,20 @@ class FileEntity(Entity): 'type': {'key': 'type', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, 'directory': {'key': 'properties.directory', 'type': 'str'}, 'file_name': {'key': 'properties.fileName', 'type': 'str'}, + 'host_entity_id': {'key': 'properties.hostEntityId', 'type': 'str'}, + 'file_hash_entity_ids': {'key': 'properties.fileHashEntityIds', 'type': '[str]'}, } def __init__(self, **kwargs) -> None: super(FileEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None self.directory = None self.file_name = None + self.host_entity_id = None + self.file_hash_entity_ids = None self.kind = 'File' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_hash_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_hash_entity.py new file mode 100644 index 000000000000..4a076a9db3dd --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_hash_entity.py @@ -0,0 +1,74 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class FileHashEntity(Entity): + """Represents a file hash entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar hash_value: The file hash value. + :vartype hash_value: str + :ivar algorithm: The hash algorithm type. Possible values include: + 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' + :vartype algorithm: str or + ~azure.mgmt.securityinsight.models.FileHashAlgorithm + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'hash_value': {'readonly': True}, + 'algorithm': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'hash_value': {'key': 'properties.hashValue', 'type': 'str'}, + 'algorithm': {'key': 'properties.algorithm', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(FileHashEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.hash_value = None + self.algorithm = None + self.kind = 'FileHash' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_hash_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_hash_entity_py3.py new file mode 100644 index 000000000000..08de4c74915c --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/file_hash_entity_py3.py @@ -0,0 +1,74 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class FileHashEntity(Entity): + """Represents a file hash entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar hash_value: The file hash value. + :vartype hash_value: str + :ivar algorithm: The hash algorithm type. Possible values include: + 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' + :vartype algorithm: str or + ~azure.mgmt.securityinsight.models.FileHashAlgorithm + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'hash_value': {'readonly': True}, + 'algorithm': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'hash_value': {'key': 'properties.hashValue', 'type': 'str'}, + 'algorithm': {'key': 'properties.algorithm', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(FileHashEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.hash_value = None + self.algorithm = None + self.kind = 'FileHash' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/geo_location.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/geo_location.py new file mode 100644 index 000000000000..2ebe65485e0c --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/geo_location.py @@ -0,0 +1,72 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class GeoLocation(Model): + """The geo-location context attached to the ip entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar country_code: The country code according to ISO 3166 format + :vartype country_code: str + :ivar country_name: Country name according to ISO 3166 Alpha 2: the + lowercase of the English Short Name + :vartype country_name: str + :ivar state: State name + :vartype state: str + :ivar city: City name + :vartype city: str + :ivar longitude: The latitude of the identified location, expressed as a + floating point number with range of - 90 to 90, with positive numbers + representing North and negative numbers representing South. Latitude and + longitude are derived from the city or postal code. + :vartype longitude: float + :ivar latitude: The longitude of the identified location, expressed as a + floating point number with range of -180 to 180, with positive numbers + representing East and negative numbers representing West. Latitude and + longitude are derived from the city or postal code. + :vartype latitude: float + :ivar asn: Autonomous System Number + :vartype asn: int + """ + + _validation = { + 'country_code': {'readonly': True}, + 'country_name': {'readonly': True}, + 'state': {'readonly': True}, + 'city': {'readonly': True}, + 'longitude': {'readonly': True}, + 'latitude': {'readonly': True}, + 'asn': {'readonly': True}, + } + + _attribute_map = { + 'country_code': {'key': 'countryCode', 'type': 'str'}, + 'country_name': {'key': 'countryName', 'type': 'str'}, + 'state': {'key': 'state', 'type': 'str'}, + 'city': {'key': 'city', 'type': 'str'}, + 'longitude': {'key': 'longitude', 'type': 'float'}, + 'latitude': {'key': 'latitude', 'type': 'float'}, + 'asn': {'key': 'asn', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(GeoLocation, self).__init__(**kwargs) + self.country_code = None + self.country_name = None + self.state = None + self.city = None + self.longitude = None + self.latitude = None + self.asn = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/geo_location_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/geo_location_py3.py new file mode 100644 index 000000000000..3697acda5323 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/geo_location_py3.py @@ -0,0 +1,72 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class GeoLocation(Model): + """The geo-location context attached to the ip entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar country_code: The country code according to ISO 3166 format + :vartype country_code: str + :ivar country_name: Country name according to ISO 3166 Alpha 2: the + lowercase of the English Short Name + :vartype country_name: str + :ivar state: State name + :vartype state: str + :ivar city: City name + :vartype city: str + :ivar longitude: The latitude of the identified location, expressed as a + floating point number with range of - 90 to 90, with positive numbers + representing North and negative numbers representing South. Latitude and + longitude are derived from the city or postal code. + :vartype longitude: float + :ivar latitude: The longitude of the identified location, expressed as a + floating point number with range of -180 to 180, with positive numbers + representing East and negative numbers representing West. Latitude and + longitude are derived from the city or postal code. + :vartype latitude: float + :ivar asn: Autonomous System Number + :vartype asn: int + """ + + _validation = { + 'country_code': {'readonly': True}, + 'country_name': {'readonly': True}, + 'state': {'readonly': True}, + 'city': {'readonly': True}, + 'longitude': {'readonly': True}, + 'latitude': {'readonly': True}, + 'asn': {'readonly': True}, + } + + _attribute_map = { + 'country_code': {'key': 'countryCode', 'type': 'str'}, + 'country_name': {'key': 'countryName', 'type': 'str'}, + 'state': {'key': 'state', 'type': 'str'}, + 'city': {'key': 'city', 'type': 'str'}, + 'longitude': {'key': 'longitude', 'type': 'float'}, + 'latitude': {'key': 'latitude', 'type': 'float'}, + 'asn': {'key': 'asn', 'type': 'int'}, + } + + def __init__(self, **kwargs) -> None: + super(GeoLocation, self).__init__(**kwargs) + self.country_code = None + self.country_name = None + self.state = None + self.city = None + self.longitude = None + self.latitude = None + self.asn = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/host_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/host_entity.py index eca078070880..60c9b6101f66 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/host_entity.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/host_entity.py @@ -28,6 +28,13 @@ class HostEntity(Entity): :vartype name: str :param kind: Required. Constant filled by server. :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain :vartype dns_domain: str @@ -57,6 +64,8 @@ class HostEntity(Entity): 'type': {'readonly': True}, 'name': {'readonly': True}, 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, 'dns_domain': {'readonly': True}, 'nt_domain': {'readonly': True}, 'host_name': {'readonly': True}, @@ -72,6 +81,8 @@ class HostEntity(Entity): 'type': {'key': 'type', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, 'dns_domain': {'key': 'properties.dnsDomain', 'type': 'str'}, 'nt_domain': {'key': 'properties.ntDomain', 'type': 'str'}, 'host_name': {'key': 'properties.hostName', 'type': 'str'}, @@ -85,6 +96,8 @@ class HostEntity(Entity): def __init__(self, **kwargs): super(HostEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None self.dns_domain = None self.nt_domain = None self.host_name = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/host_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/host_entity_py3.py index 0590bd25f509..97bff4c9d970 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/host_entity_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/host_entity_py3.py @@ -28,6 +28,13 @@ class HostEntity(Entity): :vartype name: str :param kind: Required. Constant filled by server. :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain :vartype dns_domain: str @@ -57,6 +64,8 @@ class HostEntity(Entity): 'type': {'readonly': True}, 'name': {'readonly': True}, 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, 'dns_domain': {'readonly': True}, 'nt_domain': {'readonly': True}, 'host_name': {'readonly': True}, @@ -72,6 +81,8 @@ class HostEntity(Entity): 'type': {'key': 'type', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, 'dns_domain': {'key': 'properties.dnsDomain', 'type': 'str'}, 'nt_domain': {'key': 'properties.ntDomain', 'type': 'str'}, 'host_name': {'key': 'properties.hostName', 'type': 'str'}, @@ -85,6 +96,8 @@ class HostEntity(Entity): def __init__(self, *, os_family=None, **kwargs) -> None: super(HostEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None self.dns_domain = None self.nt_domain = None self.host_name = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/ip_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/ip_entity.py new file mode 100644 index 000000000000..297b0d0a8c7a --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/ip_entity.py @@ -0,0 +1,79 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class IpEntity(Entity): + """Represents an ip entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or + Ipv6) + :vartype address: str + :param location: The geo-location context attached to the ip entity + :type location: ~azure.mgmt.securityinsight.models.GeoLocation + :ivar threat_intelligence: A list of TI contexts attached to the ip + entity. + :vartype threat_intelligence: + list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'address': {'readonly': True}, + 'threat_intelligence': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'address': {'key': 'properties.address', 'type': 'str'}, + 'location': {'key': 'properties.location', 'type': 'GeoLocation'}, + 'threat_intelligence': {'key': 'properties.threatIntelligence', 'type': '[ThreatIntelligence]'}, + } + + def __init__(self, **kwargs): + super(IpEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.address = None + self.location = kwargs.get('location', None) + self.threat_intelligence = None + self.kind = 'Ip' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/ip_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/ip_entity_py3.py new file mode 100644 index 000000000000..68e02aeac7dc --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/ip_entity_py3.py @@ -0,0 +1,79 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class IpEntity(Entity): + """Represents an ip entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or + Ipv6) + :vartype address: str + :param location: The geo-location context attached to the ip entity + :type location: ~azure.mgmt.securityinsight.models.GeoLocation + :ivar threat_intelligence: A list of TI contexts attached to the ip + entity. + :vartype threat_intelligence: + list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'address': {'readonly': True}, + 'threat_intelligence': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'address': {'key': 'properties.address', 'type': 'str'}, + 'location': {'key': 'properties.location', 'type': 'GeoLocation'}, + 'threat_intelligence': {'key': 'properties.threatIntelligence', 'type': '[ThreatIntelligence]'}, + } + + def __init__(self, *, location=None, **kwargs) -> None: + super(IpEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.address = None + self.location = location + self.threat_intelligence = None + self.kind = 'Ip' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/malware_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/malware_entity.py new file mode 100644 index 000000000000..3c286b1020b3 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/malware_entity.py @@ -0,0 +1,84 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class MalwareEntity(Entity): + """Represents a malware entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn + :vartype malware_name: str + :ivar category: The malware category by the vendor, e.g. Trojan + :vartype category: str + :ivar file_entity_ids: List of linked file entity identifiers on which the + malware was found + :vartype file_entity_ids: list[str] + :ivar process_entity_ids: List of linked process entity identifiers on + which the malware was found. + :vartype process_entity_ids: list[str] + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'malware_name': {'readonly': True}, + 'category': {'readonly': True}, + 'file_entity_ids': {'readonly': True}, + 'process_entity_ids': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'malware_name': {'key': 'properties.malwareName', 'type': 'str'}, + 'category': {'key': 'properties.category', 'type': 'str'}, + 'file_entity_ids': {'key': 'properties.fileEntityIds', 'type': '[str]'}, + 'process_entity_ids': {'key': 'properties.processEntityIds', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(MalwareEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.malware_name = None + self.category = None + self.file_entity_ids = None + self.process_entity_ids = None + self.kind = 'Malware' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/malware_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/malware_entity_py3.py new file mode 100644 index 000000000000..ed29c0528393 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/malware_entity_py3.py @@ -0,0 +1,84 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class MalwareEntity(Entity): + """Represents a malware entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn + :vartype malware_name: str + :ivar category: The malware category by the vendor, e.g. Trojan + :vartype category: str + :ivar file_entity_ids: List of linked file entity identifiers on which the + malware was found + :vartype file_entity_ids: list[str] + :ivar process_entity_ids: List of linked process entity identifiers on + which the malware was found. + :vartype process_entity_ids: list[str] + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'malware_name': {'readonly': True}, + 'category': {'readonly': True}, + 'file_entity_ids': {'readonly': True}, + 'process_entity_ids': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'malware_name': {'key': 'properties.malwareName', 'type': 'str'}, + 'category': {'key': 'properties.category', 'type': 'str'}, + 'file_entity_ids': {'key': 'properties.fileEntityIds', 'type': '[str]'}, + 'process_entity_ids': {'key': 'properties.processEntityIds', 'type': '[str]'}, + } + + def __init__(self, **kwargs) -> None: + super(MalwareEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.malware_name = None + self.category = None + self.file_entity_ids = None + self.process_entity_ids = None + self.kind = 'Malware' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/process_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/process_entity.py new file mode 100644 index 000000000000..45f55e8d8184 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/process_entity.py @@ -0,0 +1,109 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class ProcessEntity(Entity): + """Represents a process entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar process_id: The process ID + :vartype process_id: str + :ivar command_line: The command line used to create the process + :vartype command_line: str + :param elevation_token: The elevation token associated with the process. + Possible values include: 'Default', 'Full', 'Limited' + :type elevation_token: str or + ~azure.mgmt.securityinsight.models.ElevationToken + :ivar creation_time_utc: The time when the process started to run + :vartype creation_time_utc: datetime + :ivar image_file_entity_id: Image file entity id + :vartype image_file_entity_id: str + :ivar account_entity_id: The account entity id running the processes. + :vartype account_entity_id: str + :ivar parent_process_entity_id: The parent process entity id. + :vartype parent_process_entity_id: str + :ivar host_entity_id: The host entity id on which the process was running + :vartype host_entity_id: str + :ivar host_logon_session_entity_id: The session entity id in which the + process was running + :vartype host_logon_session_entity_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'process_id': {'readonly': True}, + 'command_line': {'readonly': True}, + 'creation_time_utc': {'readonly': True}, + 'image_file_entity_id': {'readonly': True}, + 'account_entity_id': {'readonly': True}, + 'parent_process_entity_id': {'readonly': True}, + 'host_entity_id': {'readonly': True}, + 'host_logon_session_entity_id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'process_id': {'key': 'properties.processId', 'type': 'str'}, + 'command_line': {'key': 'properties.commandLine', 'type': 'str'}, + 'elevation_token': {'key': 'properties.elevationToken', 'type': 'ElevationToken'}, + 'creation_time_utc': {'key': 'properties.creationTimeUtc', 'type': 'iso-8601'}, + 'image_file_entity_id': {'key': 'properties.imageFileEntityId', 'type': 'str'}, + 'account_entity_id': {'key': 'properties.accountEntityId', 'type': 'str'}, + 'parent_process_entity_id': {'key': 'properties.parentProcessEntityId', 'type': 'str'}, + 'host_entity_id': {'key': 'properties.hostEntityId', 'type': 'str'}, + 'host_logon_session_entity_id': {'key': 'properties.hostLogonSessionEntityId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ProcessEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.process_id = None + self.command_line = None + self.elevation_token = kwargs.get('elevation_token', None) + self.creation_time_utc = None + self.image_file_entity_id = None + self.account_entity_id = None + self.parent_process_entity_id = None + self.host_entity_id = None + self.host_logon_session_entity_id = None + self.kind = 'Process' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/process_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/process_entity_py3.py new file mode 100644 index 000000000000..6428d4f55d5c --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/process_entity_py3.py @@ -0,0 +1,109 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class ProcessEntity(Entity): + """Represents a process entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar process_id: The process ID + :vartype process_id: str + :ivar command_line: The command line used to create the process + :vartype command_line: str + :param elevation_token: The elevation token associated with the process. + Possible values include: 'Default', 'Full', 'Limited' + :type elevation_token: str or + ~azure.mgmt.securityinsight.models.ElevationToken + :ivar creation_time_utc: The time when the process started to run + :vartype creation_time_utc: datetime + :ivar image_file_entity_id: Image file entity id + :vartype image_file_entity_id: str + :ivar account_entity_id: The account entity id running the processes. + :vartype account_entity_id: str + :ivar parent_process_entity_id: The parent process entity id. + :vartype parent_process_entity_id: str + :ivar host_entity_id: The host entity id on which the process was running + :vartype host_entity_id: str + :ivar host_logon_session_entity_id: The session entity id in which the + process was running + :vartype host_logon_session_entity_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'process_id': {'readonly': True}, + 'command_line': {'readonly': True}, + 'creation_time_utc': {'readonly': True}, + 'image_file_entity_id': {'readonly': True}, + 'account_entity_id': {'readonly': True}, + 'parent_process_entity_id': {'readonly': True}, + 'host_entity_id': {'readonly': True}, + 'host_logon_session_entity_id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'process_id': {'key': 'properties.processId', 'type': 'str'}, + 'command_line': {'key': 'properties.commandLine', 'type': 'str'}, + 'elevation_token': {'key': 'properties.elevationToken', 'type': 'ElevationToken'}, + 'creation_time_utc': {'key': 'properties.creationTimeUtc', 'type': 'iso-8601'}, + 'image_file_entity_id': {'key': 'properties.imageFileEntityId', 'type': 'str'}, + 'account_entity_id': {'key': 'properties.accountEntityId', 'type': 'str'}, + 'parent_process_entity_id': {'key': 'properties.parentProcessEntityId', 'type': 'str'}, + 'host_entity_id': {'key': 'properties.hostEntityId', 'type': 'str'}, + 'host_logon_session_entity_id': {'key': 'properties.hostLogonSessionEntityId', 'type': 'str'}, + } + + def __init__(self, *, elevation_token=None, **kwargs) -> None: + super(ProcessEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.process_id = None + self.command_line = None + self.elevation_token = elevation_token + self.creation_time_utc = None + self.image_file_entity_id = None + self.account_entity_id = None + self.parent_process_entity_id = None + self.host_entity_id = None + self.host_logon_session_entity_id = None + self.kind = 'Process' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_key_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_key_entity.py new file mode 100644 index 000000000000..f6d443b0bc1a --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_key_entity.py @@ -0,0 +1,76 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class RegistryKeyEntity(Entity): + """Represents a registry key entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar hive: the hive that holds the registry key. Possible values include: + 'HKEY_LOCAL_MACHINE', 'HKEY_CLASSES_ROOT', 'HKEY_CURRENT_CONFIG', + 'HKEY_USERS', 'HKEY_CURRENT_USER_LOCAL_SETTINGS', 'HKEY_PERFORMANCE_DATA', + 'HKEY_PERFORMANCE_NLSTEXT', 'HKEY_PERFORMANCE_TEXT', 'HKEY_A', + 'HKEY_CURRENT_USER' + :vartype hive: str or ~azure.mgmt.securityinsight.models.RegistryHive + :ivar key: The registry key path. + :vartype key: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'hive': {'readonly': True}, + 'key': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'hive': {'key': 'properties.hive', 'type': 'str'}, + 'key': {'key': 'properties.key', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(RegistryKeyEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.hive = None + self.key = None + self.kind = 'RegistryKey' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_key_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_key_entity_py3.py new file mode 100644 index 000000000000..a2ef3b5d0ba5 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_key_entity_py3.py @@ -0,0 +1,76 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class RegistryKeyEntity(Entity): + """Represents a registry key entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar hive: the hive that holds the registry key. Possible values include: + 'HKEY_LOCAL_MACHINE', 'HKEY_CLASSES_ROOT', 'HKEY_CURRENT_CONFIG', + 'HKEY_USERS', 'HKEY_CURRENT_USER_LOCAL_SETTINGS', 'HKEY_PERFORMANCE_DATA', + 'HKEY_PERFORMANCE_NLSTEXT', 'HKEY_PERFORMANCE_TEXT', 'HKEY_A', + 'HKEY_CURRENT_USER' + :vartype hive: str or ~azure.mgmt.securityinsight.models.RegistryHive + :ivar key: The registry key path. + :vartype key: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'hive': {'readonly': True}, + 'key': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'hive': {'key': 'properties.hive', 'type': 'str'}, + 'key': {'key': 'properties.key', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(RegistryKeyEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.hive = None + self.key = None + self.kind = 'RegistryKey' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_value_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_value_entity.py new file mode 100644 index 000000000000..a9bbb45e0cd6 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_value_entity.py @@ -0,0 +1,86 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class RegistryValueEntity(Entity): + """Represents a registry value entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar value_name: The registry value name. + :vartype value_name: str + :ivar value_data: String formatted representation of the value data. + :vartype value_data: str + :ivar value_type: Specifies the data types to use when storing values in + the registry, or identifies the data type of a value in the registry. + Possible values include: 'None', 'Unknown', 'String', 'ExpandString', + 'Binary', 'DWord', 'MultiString', 'QWord' + :vartype value_type: str or + ~azure.mgmt.securityinsight.models.RegistryValueKind + :ivar key_entity_id: The registry key entity id. + :vartype key_entity_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'value_name': {'readonly': True}, + 'value_data': {'readonly': True}, + 'value_type': {'readonly': True}, + 'key_entity_id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'value_name': {'key': 'properties.valueName', 'type': 'str'}, + 'value_data': {'key': 'properties.valueData', 'type': 'str'}, + 'value_type': {'key': 'properties.valueType', 'type': 'str'}, + 'key_entity_id': {'key': 'properties.keyEntityId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(RegistryValueEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.value_name = None + self.value_data = None + self.value_type = None + self.key_entity_id = None + self.kind = 'RegistryValue' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_value_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_value_entity_py3.py new file mode 100644 index 000000000000..041fdd79b91a --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/registry_value_entity_py3.py @@ -0,0 +1,86 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class RegistryValueEntity(Entity): + """Represents a registry value entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar value_name: The registry value name. + :vartype value_name: str + :ivar value_data: String formatted representation of the value data. + :vartype value_data: str + :ivar value_type: Specifies the data types to use when storing values in + the registry, or identifies the data type of a value in the registry. + Possible values include: 'None', 'Unknown', 'String', 'ExpandString', + 'Binary', 'DWord', 'MultiString', 'QWord' + :vartype value_type: str or + ~azure.mgmt.securityinsight.models.RegistryValueKind + :ivar key_entity_id: The registry key entity id. + :vartype key_entity_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'value_name': {'readonly': True}, + 'value_data': {'readonly': True}, + 'value_type': {'readonly': True}, + 'key_entity_id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'value_name': {'key': 'properties.valueName', 'type': 'str'}, + 'value_data': {'key': 'properties.valueData', 'type': 'str'}, + 'value_type': {'key': 'properties.valueType', 'type': 'str'}, + 'key_entity_id': {'key': 'properties.keyEntityId', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(RegistryValueEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.value_name = None + self.value_data = None + self.value_type = None + self.key_entity_id = None + self.kind = 'RegistryValue' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert.py new file mode 100644 index 000000000000..6512b8cfaf29 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert.py @@ -0,0 +1,186 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class SecurityAlert(Entity): + """Represents a security alert entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar system_alert_id: Holds the product identifier of the alert for the + product. + :vartype system_alert_id: str + :ivar confidence_reasons: The confidence reasons + :vartype confidence_reasons: + list[~azure.mgmt.securityinsight.models.SecurityAlertPropertiesConfidenceReasonsItem] + :ivar confidence_score_status: The confidence score calculation status, + i.e. indicating if score calculation is pending for this alert, not + applicable or final. Possible values include: 'NotApplicable', + 'InProcess', 'NotFinal', 'Final' + :vartype confidence_score_status: str or + ~azure.mgmt.securityinsight.models.ConfidenceScoreStatus + :ivar intent: Holds the alert intent stage(s) mapping for this alert. + Possible values include: 'Unknown', 'Probing', 'Exploitation', + 'Persistence', 'PrivilegeEscalation', 'DefenseEvasion', + 'CredentialAccess', 'Discovery', 'LateralMovement', 'Execution', + 'Collection', 'Exfiltration', 'CommandAndControl', 'Impact' + :vartype intent: str or ~azure.mgmt.securityinsight.models.KillChainIntent + :ivar confidence_score: The confidence score of the alert. + :vartype confidence_score: float + :ivar alert_display_name: The display name of the alert. + :vartype alert_display_name: str + :ivar description: Alert description. + :vartype description: str + :ivar remediation_steps: Manual action items to take to remediate the + alert. + :vartype remediation_steps: list[str] + :ivar confidence_level: The confidence level of this alert. Possible + values include: 'Unknown', 'Low', 'High' + :vartype confidence_level: str or + ~azure.mgmt.securityinsight.models.ConfidenceLevel + :param severity: The severity of the alert. Possible values include: + 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar vendor_name: The name of the vendor that raise the alert. + :vartype vendor_name: str + :ivar product_name: The name of the product which published this alert. + :vartype product_name: str + :ivar product_component_name: The name of a component inside the product + which generated the alert. + :vartype product_component_name: str + :ivar alert_type: The type name of the alert. + :vartype alert_type: str + :ivar product_version: The version of the product generating the alert. + :vartype product_version: str + :ivar processing_end_time: The time the alert was made available for + consumption. + :vartype processing_end_time: datetime + :ivar status: The lifecycle status of the alert. Possible values include: + 'Unknown', 'New', 'Resolved', 'Dismissed', 'InProgress' + :vartype status: str or ~azure.mgmt.securityinsight.models.AlertStatus + :ivar end_time_utc: The impact end time of the alert (the time of the last + event contributing to the alert). + :vartype end_time_utc: datetime + :ivar start_time_utc: The impact start time of the alert (the time of the + first event contributing to the alert). + :vartype start_time_utc: datetime + :ivar time_generated: The time the alert was generated. + :vartype time_generated: datetime + :ivar compromised_entity: Display name of the main entity being reported + on. + :vartype compromised_entity: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'system_alert_id': {'readonly': True}, + 'confidence_reasons': {'readonly': True}, + 'confidence_score_status': {'readonly': True}, + 'intent': {'readonly': True}, + 'confidence_score': {'readonly': True}, + 'alert_display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'remediation_steps': {'readonly': True}, + 'confidence_level': {'readonly': True}, + 'vendor_name': {'readonly': True}, + 'product_name': {'readonly': True}, + 'product_component_name': {'readonly': True}, + 'alert_type': {'readonly': True}, + 'product_version': {'readonly': True}, + 'processing_end_time': {'readonly': True}, + 'status': {'readonly': True}, + 'end_time_utc': {'readonly': True}, + 'start_time_utc': {'readonly': True}, + 'time_generated': {'readonly': True}, + 'compromised_entity': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'system_alert_id': {'key': 'properties.systemAlertId', 'type': 'str'}, + 'confidence_reasons': {'key': 'properties.confidenceReasons', 'type': '[SecurityAlertPropertiesConfidenceReasonsItem]'}, + 'confidence_score_status': {'key': 'properties.confidenceScoreStatus', 'type': 'str'}, + 'intent': {'key': 'properties.intent', 'type': 'str'}, + 'confidence_score': {'key': 'properties.confidenceScore', 'type': 'float'}, + 'alert_display_name': {'key': 'properties.alertDisplayName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'remediation_steps': {'key': 'properties.remediationSteps', 'type': '[str]'}, + 'confidence_level': {'key': 'properties.confidenceLevel', 'type': 'str'}, + 'severity': {'key': 'properties.severity', 'type': 'AlertSeverity'}, + 'vendor_name': {'key': 'properties.vendorName', 'type': 'str'}, + 'product_name': {'key': 'properties.productName', 'type': 'str'}, + 'product_component_name': {'key': 'properties.productComponentName', 'type': 'str'}, + 'alert_type': {'key': 'properties.alertType', 'type': 'str'}, + 'product_version': {'key': 'properties.productVersion', 'type': 'str'}, + 'processing_end_time': {'key': 'properties.processingEndTime', 'type': 'iso-8601'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'end_time_utc': {'key': 'properties.endTimeUtc', 'type': 'iso-8601'}, + 'start_time_utc': {'key': 'properties.startTimeUtc', 'type': 'iso-8601'}, + 'time_generated': {'key': 'properties.timeGenerated', 'type': 'iso-8601'}, + 'compromised_entity': {'key': 'properties.compromisedEntity', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecurityAlert, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.system_alert_id = None + self.confidence_reasons = None + self.confidence_score_status = None + self.intent = None + self.confidence_score = None + self.alert_display_name = None + self.description = None + self.remediation_steps = None + self.confidence_level = None + self.severity = kwargs.get('severity', None) + self.vendor_name = None + self.product_name = None + self.product_component_name = None + self.alert_type = None + self.product_version = None + self.processing_end_time = None + self.status = None + self.end_time_utc = None + self.start_time_utc = None + self.time_generated = None + self.compromised_entity = None + self.kind = 'SecurityAlert' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_properties_confidence_reasons_item.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_properties_confidence_reasons_item.py new file mode 100644 index 000000000000..4c787e95e60e --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_properties_confidence_reasons_item.py @@ -0,0 +1,40 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class SecurityAlertPropertiesConfidenceReasonsItem(Model): + """confidence reason item. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar reason_type: The type (category) of the reason + :vartype reason_type: str + :ivar reason: The reason's description + :vartype reason: str + """ + + _validation = { + 'reason_type': {'readonly': True}, + 'reason': {'readonly': True}, + } + + _attribute_map = { + 'reason_type': {'key': 'reasonType', 'type': 'str'}, + 'reason': {'key': 'reason', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecurityAlertPropertiesConfidenceReasonsItem, self).__init__(**kwargs) + self.reason_type = None + self.reason = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_properties_confidence_reasons_item_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_properties_confidence_reasons_item_py3.py new file mode 100644 index 000000000000..234300fd48cb --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_properties_confidence_reasons_item_py3.py @@ -0,0 +1,40 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class SecurityAlertPropertiesConfidenceReasonsItem(Model): + """confidence reason item. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar reason_type: The type (category) of the reason + :vartype reason_type: str + :ivar reason: The reason's description + :vartype reason: str + """ + + _validation = { + 'reason_type': {'readonly': True}, + 'reason': {'readonly': True}, + } + + _attribute_map = { + 'reason_type': {'key': 'reasonType', 'type': 'str'}, + 'reason': {'key': 'reason', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SecurityAlertPropertiesConfidenceReasonsItem, self).__init__(**kwargs) + self.reason_type = None + self.reason = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_py3.py new file mode 100644 index 000000000000..0df724a60b95 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_alert_py3.py @@ -0,0 +1,186 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class SecurityAlert(Entity): + """Represents a security alert entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar system_alert_id: Holds the product identifier of the alert for the + product. + :vartype system_alert_id: str + :ivar confidence_reasons: The confidence reasons + :vartype confidence_reasons: + list[~azure.mgmt.securityinsight.models.SecurityAlertPropertiesConfidenceReasonsItem] + :ivar confidence_score_status: The confidence score calculation status, + i.e. indicating if score calculation is pending for this alert, not + applicable or final. Possible values include: 'NotApplicable', + 'InProcess', 'NotFinal', 'Final' + :vartype confidence_score_status: str or + ~azure.mgmt.securityinsight.models.ConfidenceScoreStatus + :ivar intent: Holds the alert intent stage(s) mapping for this alert. + Possible values include: 'Unknown', 'Probing', 'Exploitation', + 'Persistence', 'PrivilegeEscalation', 'DefenseEvasion', + 'CredentialAccess', 'Discovery', 'LateralMovement', 'Execution', + 'Collection', 'Exfiltration', 'CommandAndControl', 'Impact' + :vartype intent: str or ~azure.mgmt.securityinsight.models.KillChainIntent + :ivar confidence_score: The confidence score of the alert. + :vartype confidence_score: float + :ivar alert_display_name: The display name of the alert. + :vartype alert_display_name: str + :ivar description: Alert description. + :vartype description: str + :ivar remediation_steps: Manual action items to take to remediate the + alert. + :vartype remediation_steps: list[str] + :ivar confidence_level: The confidence level of this alert. Possible + values include: 'Unknown', 'Low', 'High' + :vartype confidence_level: str or + ~azure.mgmt.securityinsight.models.ConfidenceLevel + :param severity: The severity of the alert. Possible values include: + 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar vendor_name: The name of the vendor that raise the alert. + :vartype vendor_name: str + :ivar product_name: The name of the product which published this alert. + :vartype product_name: str + :ivar product_component_name: The name of a component inside the product + which generated the alert. + :vartype product_component_name: str + :ivar alert_type: The type name of the alert. + :vartype alert_type: str + :ivar product_version: The version of the product generating the alert. + :vartype product_version: str + :ivar processing_end_time: The time the alert was made available for + consumption. + :vartype processing_end_time: datetime + :ivar status: The lifecycle status of the alert. Possible values include: + 'Unknown', 'New', 'Resolved', 'Dismissed', 'InProgress' + :vartype status: str or ~azure.mgmt.securityinsight.models.AlertStatus + :ivar end_time_utc: The impact end time of the alert (the time of the last + event contributing to the alert). + :vartype end_time_utc: datetime + :ivar start_time_utc: The impact start time of the alert (the time of the + first event contributing to the alert). + :vartype start_time_utc: datetime + :ivar time_generated: The time the alert was generated. + :vartype time_generated: datetime + :ivar compromised_entity: Display name of the main entity being reported + on. + :vartype compromised_entity: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'system_alert_id': {'readonly': True}, + 'confidence_reasons': {'readonly': True}, + 'confidence_score_status': {'readonly': True}, + 'intent': {'readonly': True}, + 'confidence_score': {'readonly': True}, + 'alert_display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'remediation_steps': {'readonly': True}, + 'confidence_level': {'readonly': True}, + 'vendor_name': {'readonly': True}, + 'product_name': {'readonly': True}, + 'product_component_name': {'readonly': True}, + 'alert_type': {'readonly': True}, + 'product_version': {'readonly': True}, + 'processing_end_time': {'readonly': True}, + 'status': {'readonly': True}, + 'end_time_utc': {'readonly': True}, + 'start_time_utc': {'readonly': True}, + 'time_generated': {'readonly': True}, + 'compromised_entity': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'system_alert_id': {'key': 'properties.systemAlertId', 'type': 'str'}, + 'confidence_reasons': {'key': 'properties.confidenceReasons', 'type': '[SecurityAlertPropertiesConfidenceReasonsItem]'}, + 'confidence_score_status': {'key': 'properties.confidenceScoreStatus', 'type': 'str'}, + 'intent': {'key': 'properties.intent', 'type': 'str'}, + 'confidence_score': {'key': 'properties.confidenceScore', 'type': 'float'}, + 'alert_display_name': {'key': 'properties.alertDisplayName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'remediation_steps': {'key': 'properties.remediationSteps', 'type': '[str]'}, + 'confidence_level': {'key': 'properties.confidenceLevel', 'type': 'str'}, + 'severity': {'key': 'properties.severity', 'type': 'AlertSeverity'}, + 'vendor_name': {'key': 'properties.vendorName', 'type': 'str'}, + 'product_name': {'key': 'properties.productName', 'type': 'str'}, + 'product_component_name': {'key': 'properties.productComponentName', 'type': 'str'}, + 'alert_type': {'key': 'properties.alertType', 'type': 'str'}, + 'product_version': {'key': 'properties.productVersion', 'type': 'str'}, + 'processing_end_time': {'key': 'properties.processingEndTime', 'type': 'iso-8601'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'end_time_utc': {'key': 'properties.endTimeUtc', 'type': 'iso-8601'}, + 'start_time_utc': {'key': 'properties.startTimeUtc', 'type': 'iso-8601'}, + 'time_generated': {'key': 'properties.timeGenerated', 'type': 'iso-8601'}, + 'compromised_entity': {'key': 'properties.compromisedEntity', 'type': 'str'}, + } + + def __init__(self, *, severity=None, **kwargs) -> None: + super(SecurityAlert, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.system_alert_id = None + self.confidence_reasons = None + self.confidence_score_status = None + self.intent = None + self.confidence_score = None + self.alert_display_name = None + self.description = None + self.remediation_steps = None + self.confidence_level = None + self.severity = severity + self.vendor_name = None + self.product_name = None + self.product_component_name = None + self.alert_type = None + self.product_version = None + self.processing_end_time = None + self.status = None + self.end_time_utc = None + self.start_time_utc = None + self.time_generated = None + self.compromised_entity = None + self.kind = 'SecurityAlert' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_group_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_group_entity.py new file mode 100644 index 000000000000..32b5718f05f4 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_group_entity.py @@ -0,0 +1,79 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class SecurityGroupEntity(Entity): + """Represents a security group entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar distinguished_name: The group distinguished name + :vartype distinguished_name: str + :ivar sid: The SID attribute is a single-value attribute that specifies + the security identifier (SID) of the group + :vartype sid: str + :ivar object_guid: A single-value attribute that is the unique identifier + for the object, assigned by active directory. + :vartype object_guid: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'distinguished_name': {'readonly': True}, + 'sid': {'readonly': True}, + 'object_guid': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'distinguished_name': {'key': 'properties.distinguishedName', 'type': 'str'}, + 'sid': {'key': 'properties.sid', 'type': 'str'}, + 'object_guid': {'key': 'properties.objectGuid', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecurityGroupEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.distinguished_name = None + self.sid = None + self.object_guid = None + self.kind = 'SecurityGroup' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_group_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_group_entity_py3.py new file mode 100644 index 000000000000..052e7e9dc5f1 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_group_entity_py3.py @@ -0,0 +1,79 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class SecurityGroupEntity(Entity): + """Represents a security group entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar distinguished_name: The group distinguished name + :vartype distinguished_name: str + :ivar sid: The SID attribute is a single-value attribute that specifies + the security identifier (SID) of the group + :vartype sid: str + :ivar object_guid: A single-value attribute that is the unique identifier + for the object, assigned by active directory. + :vartype object_guid: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'distinguished_name': {'readonly': True}, + 'sid': {'readonly': True}, + 'object_guid': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'distinguished_name': {'key': 'properties.distinguishedName', 'type': 'str'}, + 'sid': {'key': 'properties.sid', 'type': 'str'}, + 'object_guid': {'key': 'properties.objectGuid', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SecurityGroupEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.distinguished_name = None + self.sid = None + self.object_guid = None + self.kind = 'SecurityGroup' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py index 85cab218a196..eaba24083e36 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py @@ -82,6 +82,19 @@ class EntityKind(str, Enum): account = "Account" #: Entity represents account in the system. host = "Host" #: Entity represents host in the system. file = "File" #: Entity represents file in the system. + azure_resource = "AzureResource" #: Entity represents azure resource in the system. + cloud_application = "CloudApplication" #: Entity represents cloud application in the system. + dns_resolution = "DnsResolution" #: Entity represents dns resolution in the system. + file_hash = "FileHash" #: Entity represents file hash in the system. + ip = "Ip" #: Entity represents ip in the system. + malware = "Malware" #: Entity represents malware in the system. + process = "Process" #: Entity represents process in the system. + registry_key = "RegistryKey" #: Entity represents registry key in the system. + registry_value = "RegistryValue" #: Entity represents registry value in the system. + security_group = "SecurityGroup" #: Entity represents security group in the system. + url = "Url" #: Entity represents url in the system. + security_alert = "SecurityAlert" #: Entity represents security alert in the system. + bookmark = "Bookmark" #: Entity represents bookmark in the system. class OSFamily(str, Enum): @@ -92,6 +105,90 @@ class OSFamily(str, Enum): ios = "IOS" #: Host with IOS operating system. +class ConfidenceScoreStatus(str, Enum): + + not_applicable = "NotApplicable" #: Score will not be calculated for this alert as it is not supported by virtual analyst + in_process = "InProcess" #: No score was set yet and calculation is in progress + not_final = "NotFinal" #: Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data + final = "Final" #: Final score was calculated and available + + +class KillChainIntent(str, Enum): + + unknown = "Unknown" #: The default value. + probing = "Probing" #: Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in. + exploitation = "Exploitation" #: Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage. + persistence = "Persistence" #: Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access. + privilege_escalation = "PrivilegeEscalation" #: Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege. + defense_evasion = "DefenseEvasion" #: Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. + credential_access = "CredentialAccess" #: Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment. + discovery = "Discovery" #: Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase. + lateral_movement = "LateralMovement" #: Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect. + execution = "Execution" #: The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network. + collection = "Collection" #: Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. + exfiltration = "Exfiltration" #: Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. + command_and_control = "CommandAndControl" #: The command and control tactic represents how adversaries communicate with systems under their control within a target network. + impact = "Impact" #: The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others. + + +class ConfidenceLevel(str, Enum): + + unknown = "Unknown" #: Unknown confidence, the is the default value + low = "Low" #: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack + high = "High" #: High confidence that the alert is true positive malicious + + +class AlertStatus(str, Enum): + + unknown = "Unknown" #: Unknown value + new = "New" #: New alert + resolved = "Resolved" #: Alert closed after handling + dismissed = "Dismissed" #: Alert dismissed as false positive + in_progress = "InProgress" #: Alert is being handled + + +class FileHashAlgorithm(str, Enum): + + unknown = "Unknown" #: Unknown hash algorithm + md5 = "MD5" #: MD5 hash type + sha1 = "SHA1" #: SHA1 hash type + sha256 = "SHA256" #: SHA256 hash type + sha256_ac = "SHA256AC" #: SHA256 Authenticode hash type + + +class ElevationToken(str, Enum): + + default = "Default" #: Default elevation token + full = "Full" #: Full elevation token + limited = "Limited" #: Limited elevation token + + +class RegistryHive(str, Enum): + + hkey_local_machine = "HKEY_LOCAL_MACHINE" #: HKEY_LOCAL_MACHINE + hkey_classes_root = "HKEY_CLASSES_ROOT" #: HKEY_CLASSES_ROOT + hkey_current_config = "HKEY_CURRENT_CONFIG" #: HKEY_CURRENT_CONFIG + hkey_users = "HKEY_USERS" #: HKEY_USERS + hkey_current_user_local_settings = "HKEY_CURRENT_USER_LOCAL_SETTINGS" #: HKEY_CURRENT_USER_LOCAL_SETTINGS + hkey_performance_data = "HKEY_PERFORMANCE_DATA" #: HKEY_PERFORMANCE_DATA + hkey_performance_nlstext = "HKEY_PERFORMANCE_NLSTEXT" #: HKEY_PERFORMANCE_NLSTEXT + hkey_performance_text = "HKEY_PERFORMANCE_TEXT" #: HKEY_PERFORMANCE_TEXT + hkey_a = "HKEY_A" #: HKEY_A + hkey_current_user = "HKEY_CURRENT_USER" #: HKEY_CURRENT_USER + + +class RegistryValueKind(str, Enum): + + none = "None" #: None + unknown = "Unknown" #: Unknown value type + string = "String" #: String value type + expand_string = "ExpandString" #: ExpandString value type + binary = "Binary" #: Binary value type + dword = "DWord" #: DWord value type + multi_string = "MultiString" #: MultiString value type + qword = "QWord" #: QWord value type + + class SettingKind(str, Enum): ueba_settings = "UebaSettings" @@ -113,3 +210,23 @@ class LicenseStatus(str, Enum): class AggregationsKind(str, Enum): cases_aggregation = "CasesAggregation" + + +class EntityType(str, Enum): + + account = "Account" #: Entity represents account in the system. + host = "Host" #: Entity represents host in the system. + file = "File" #: Entity represents file in the system. + azure_resource = "AzureResource" #: Entity represents azure resource in the system. + cloud_application = "CloudApplication" #: Entity represents cloud application in the system. + dns = "DNS" #: Entity represents dns in the system. + file_hash = "FileHash" #: Entity represents file hash in the system. + ip = "IP" #: Entity represents ip in the system. + malware = "Malware" #: Entity represents malware in the system. + process = "Process" #: Entity represents process in the system. + registry_key = "RegistryKey" #: Entity represents registry key in the system. + registry_value = "RegistryValue" #: Entity represents registry value in the system. + security_group = "SecurityGroup" #: Entity represents security group in the system. + url = "URL" #: Entity represents url in the system. + security_alert = "SecurityAlert" #: Entity represents security alert in the system. + hunting_bookmark = "HuntingBookmark" #: Entity represents HuntingBookmark in the system. diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/threat_intelligence.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/threat_intelligence.py new file mode 100644 index 000000000000..c4270a8f2da0 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/threat_intelligence.py @@ -0,0 +1,61 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class ThreatIntelligence(Model): + """ThreatIntelligence property bag. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar provider_name: Name of the provider from whom this Threat + Intelligence information was received + :vartype provider_name: str + :ivar threat_type: Threat type (e.g. "Botnet") + :vartype threat_type: str + :ivar threat_name: Threat name (e.g. "Jedobot malware") + :vartype threat_name: str + :ivar confidence: Confidence (must be between 0 and 1) + :vartype confidence: float + :ivar report_link: Report link + :vartype report_link: str + :ivar threat_description: Threat description (free text) + :vartype threat_description: str + """ + + _validation = { + 'provider_name': {'readonly': True}, + 'threat_type': {'readonly': True}, + 'threat_name': {'readonly': True}, + 'confidence': {'readonly': True}, + 'report_link': {'readonly': True}, + 'threat_description': {'readonly': True}, + } + + _attribute_map = { + 'provider_name': {'key': 'providerName', 'type': 'str'}, + 'threat_type': {'key': 'threatType', 'type': 'str'}, + 'threat_name': {'key': 'threatName', 'type': 'str'}, + 'confidence': {'key': 'confidence', 'type': 'float'}, + 'report_link': {'key': 'reportLink', 'type': 'str'}, + 'threat_description': {'key': 'threatDescription', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ThreatIntelligence, self).__init__(**kwargs) + self.provider_name = None + self.threat_type = None + self.threat_name = None + self.confidence = None + self.report_link = None + self.threat_description = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/threat_intelligence_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/threat_intelligence_py3.py new file mode 100644 index 000000000000..745607fa1485 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/threat_intelligence_py3.py @@ -0,0 +1,61 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class ThreatIntelligence(Model): + """ThreatIntelligence property bag. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar provider_name: Name of the provider from whom this Threat + Intelligence information was received + :vartype provider_name: str + :ivar threat_type: Threat type (e.g. "Botnet") + :vartype threat_type: str + :ivar threat_name: Threat name (e.g. "Jedobot malware") + :vartype threat_name: str + :ivar confidence: Confidence (must be between 0 and 1) + :vartype confidence: float + :ivar report_link: Report link + :vartype report_link: str + :ivar threat_description: Threat description (free text) + :vartype threat_description: str + """ + + _validation = { + 'provider_name': {'readonly': True}, + 'threat_type': {'readonly': True}, + 'threat_name': {'readonly': True}, + 'confidence': {'readonly': True}, + 'report_link': {'readonly': True}, + 'threat_description': {'readonly': True}, + } + + _attribute_map = { + 'provider_name': {'key': 'providerName', 'type': 'str'}, + 'threat_type': {'key': 'threatType', 'type': 'str'}, + 'threat_name': {'key': 'threatName', 'type': 'str'}, + 'confidence': {'key': 'confidence', 'type': 'float'}, + 'report_link': {'key': 'reportLink', 'type': 'str'}, + 'threat_description': {'key': 'threatDescription', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(ThreatIntelligence, self).__init__(**kwargs) + self.provider_name = None + self.threat_type = None + self.threat_name = None + self.confidence = None + self.report_link = None + self.threat_description = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/url_entity.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/url_entity.py new file mode 100644 index 000000000000..b89f6a255813 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/url_entity.py @@ -0,0 +1,67 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity import Entity + + +class UrlEntity(Entity): + """Represents a url entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar url: A full URL the entity points to + :vartype url: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'url': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'url': {'key': 'properties.url', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(UrlEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.url = None + self.kind = 'Url' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/url_entity_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/url_entity_py3.py new file mode 100644 index 000000000000..27abde4ea5db --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/url_entity_py3.py @@ -0,0 +1,67 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .entity_py3 import Entity + + +class UrlEntity(Entity): + """Represents a url entity. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param kind: Required. Constant filled by server. + :type kind: str + :ivar friendly_name: The graph item display name which is a short humanly + readable description of the graph item instance. This property is optional + and might be system generated. + :vartype friendly_name: str + :ivar additional_data: A bag of custom fields that should be part of the + entity and will be presented to the user. + :vartype additional_data: dict[str, object] + :ivar url: A full URL the entity points to + :vartype url: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'friendly_name': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'url': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, + 'url': {'key': 'properties.url', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(UrlEntity, self).__init__(**kwargs) + self.friendly_name = None + self.additional_data = None + self.url = None + self.kind = 'Url' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/entities_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/entities_operations.py index b00353ee2ce2..b1bb9cc48060 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/entities_operations.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/entities_operations.py @@ -181,3 +181,81 @@ def get( return deserialized get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}'} + + def expand( + self, resource_group_name, operational_insights_resource_provider, workspace_name, entity_id, parameters, custom_headers=None, raw=False, **operation_config): + """Expands an entity. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param operational_insights_resource_provider: The namespace of + workspaces resource provider- Microsoft.OperationalInsights. + :type operational_insights_resource_provider: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param entity_id: entity ID + :type entity_id: str + :param parameters: The parameters required to execute an expand + operation on the given entity. + :type parameters: + ~azure.mgmt.securityinsight.models.EntityExpandParameters + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: EntityExpandResponse or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.expand.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'operationalInsightsResourceProvider': self._serialize.url("operational_insights_resource_provider", operational_insights_resource_provider, 'str'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'entityId': self._serialize.url("entity_id", entity_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'EntityExpandParameters') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('EntityExpandResponse', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + expand.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand'}