diff --git a/azurerm/internal/clients/client.go b/azurerm/internal/clients/client.go index 0d7e6c005896..091e8abbbe14 100644 --- a/azurerm/internal/clients/client.go +++ b/azurerm/internal/clients/client.go @@ -66,6 +66,7 @@ import ( resource "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/resource/client" search "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/search/client" securityCenter "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/securitycenter/client" + sentinel "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel/client" serviceBus "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus/client" serviceFabric "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicefabric/client" signalr "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/signalr/client" @@ -144,6 +145,7 @@ type Client struct { Resource *resource.Client Search *search.Client SecurityCenter *securityCenter.Client + Sentinel *sentinel.Client ServiceBus *serviceBus.Client ServiceFabric *serviceFabric.Client SignalR *signalr.Client @@ -223,6 +225,7 @@ func (client *Client) Build(ctx context.Context, o *common.ClientOptions) error client.Resource = resource.NewClient(o) client.Search = search.NewClient(o) client.SecurityCenter = securityCenter.NewClient(o) + client.Sentinel = sentinel.NewClient(o) client.ServiceBus = serviceBus.NewClient(o) client.ServiceFabric = serviceFabric.NewClient(o) client.SignalR = signalr.NewClient(o) diff --git a/azurerm/internal/provider/required_resource_providers.go b/azurerm/internal/provider/required_resource_providers.go index a4ea62c40c91..9ef9c682c85e 100644 --- a/azurerm/internal/provider/required_resource_providers.go +++ b/azurerm/internal/provider/required_resource_providers.go @@ -67,6 +67,7 @@ func RequiredResourceProviders() map[string]struct{} { "Microsoft.Resources": {}, "Microsoft.Search": {}, "Microsoft.Security": {}, + "Microsoft.SecurityInsights": {}, "Microsoft.ServiceBus": {}, "Microsoft.ServiceFabric": {}, "Microsoft.Sql": {}, diff --git a/azurerm/internal/provider/services.go b/azurerm/internal/provider/services.go index a98bfb872a98..65e2243ec358 100644 --- a/azurerm/internal/provider/services.go +++ b/azurerm/internal/provider/services.go @@ -62,6 +62,7 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/resource" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/search" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/securitycenter" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicefabric" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/signalr" @@ -137,6 +138,7 @@ func SupportedServices() []common.ServiceRegistration { resource.Registration{}, search.Registration{}, securitycenter.Registration{}, + sentinel.Registration{}, servicebus.Registration{}, servicefabric.Registration{}, signalr.Registration{}, diff --git a/azurerm/internal/services/loganalytics/parse/log_analytics_workspace.go b/azurerm/internal/services/loganalytics/parse/log_analytics_workspace.go new file mode 100644 index 000000000000..d02b8cdd5887 --- /dev/null +++ b/azurerm/internal/services/loganalytics/parse/log_analytics_workspace.go @@ -0,0 +1,33 @@ +package parse + +import ( + "fmt" + + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" +) + +type LogAnalyticsWorkspaceId struct { + ResourceGroup string + Name string +} + +func LogAnalyticsWorkspaceID(input string) (*LogAnalyticsWorkspaceId, error) { + id, err := azure.ParseAzureResourceID(input) + if err != nil { + return nil, fmt.Errorf("parsing Log Analytics Workspace ID %q: %+v", input, err) + } + + server := LogAnalyticsWorkspaceId{ + ResourceGroup: id.ResourceGroup, + } + + if server.Name, err = id.PopSegment("workspaces"); err != nil { + return nil, err + } + + if err := id.ValidateNoEmptySegments(input); err != nil { + return nil, err + } + + return &server, nil +} diff --git a/azurerm/internal/services/loganalytics/parse/log_analytics_workspace_test.go b/azurerm/internal/services/loganalytics/parse/log_analytics_workspace_test.go new file mode 100644 index 000000000000..5e3b113394c9 --- /dev/null +++ b/azurerm/internal/services/loganalytics/parse/log_analytics_workspace_test.go @@ -0,0 +1,70 @@ +package parse + +import ( + "testing" +) + +func TestLogAnalyticsWorkspaceID(t *testing.T) { + testData := []struct { + Name string + Input string + Error bool + Expect *LogAnalyticsWorkspaceId + }{ + { + Name: "Empty", + Input: "", + Error: true, + }, + { + Name: "No Resource Groups Segment", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000", + Error: true, + }, + { + Name: "No Resource Groups Value", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/", + Error: true, + }, + { + Name: "Resource Group ID", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/", + Error: true, + }, + { + Name: "Missing Workspace Value", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces", + Error: true, + }, + { + Name: "Workspace Value", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1", + Error: true, + Expect: &LogAnalyticsWorkspaceId{ + ResourceGroup: "resGroup1", + Name: "workspace1", + }, + }, + } + + for _, v := range testData { + t.Logf("[DEBUG] Testing %q", v.Name) + + actual, err := LogAnalyticsWorkspaceID(v.Input) + if err != nil { + if v.Error { + continue + } + + t.Fatalf("Expected a value but got an error: %s", err) + } + + if actual.ResourceGroup != v.Expect.ResourceGroup { + t.Fatalf("Expected %q but got %q for Resource Group", v.Expect.ResourceGroup, actual.ResourceGroup) + } + + if actual.Name != v.Expect.Name { + t.Fatalf("Expected %q but got %q for Name", v.Expect.Name, actual.Name) + } + } +} diff --git a/azurerm/internal/services/loganalytics/resource_arm_log_analytics_workspace.go b/azurerm/internal/services/loganalytics/resource_arm_log_analytics_workspace.go index 42805b46505e..f790515a4c55 100644 --- a/azurerm/internal/services/loganalytics/resource_arm_log_analytics_workspace.go +++ b/azurerm/internal/services/loganalytics/resource_arm_log_analytics_workspace.go @@ -14,6 +14,7 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/features" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" @@ -167,24 +168,22 @@ func resourceArmLogAnalyticsWorkspaceRead(d *schema.ResourceData, meta interface client := meta.(*clients.Client).LogAnalytics.WorkspacesClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() - id, err := azure.ParseAzureResourceID(d.Id()) + id, err := parse.LogAnalyticsWorkspaceID(d.Id()) if err != nil { return err } - resGroup := id.ResourceGroup - name := id.Path["workspaces"] - resp, err := client.Get(ctx, resGroup, name) + resp, err := client.Get(ctx, id.ResourceGroup, id.Name) if err != nil { if utils.ResponseWasNotFound(resp.Response) { d.SetId("") return nil } - return fmt.Errorf("Error making Read request on AzureRM Log Analytics workspaces '%s': %+v", name, err) + return fmt.Errorf("Error making Read request on AzureRM Log Analytics workspaces '%s': %+v", id.Name, err) } d.Set("name", resp.Name) - d.Set("resource_group_name", resGroup) + d.Set("resource_group_name", id.ResourceGroup) if location := resp.Location; location != nil { d.Set("location", azure.NormalizeLocation(*location)) } @@ -196,9 +195,9 @@ func resourceArmLogAnalyticsWorkspaceRead(d *schema.ResourceData, meta interface } d.Set("retention_in_days", resp.RetentionInDays) - sharedKeys, err := client.GetSharedKeys(ctx, resGroup, name) + sharedKeys, err := client.GetSharedKeys(ctx, id.ResourceGroup, id.Name) if err != nil { - log.Printf("[ERROR] Unable to List Shared keys for Log Analytics workspaces %s: %+v", name, err) + log.Printf("[ERROR] Unable to List Shared keys for Log Analytics workspaces %s: %+v", id.Name, err) } else { d.Set("primary_shared_key", sharedKeys.PrimarySharedKey) d.Set("secondary_shared_key", sharedKeys.SecondarySharedKey) @@ -211,21 +210,18 @@ func resourceArmLogAnalyticsWorkspaceDelete(d *schema.ResourceData, meta interfa client := meta.(*clients.Client).LogAnalytics.WorkspacesClient ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) defer cancel() - id, err := azure.ParseAzureResourceID(d.Id()) + id, err := parse.LogAnalyticsWorkspaceID(d.Id()) if err != nil { return err } - resGroup := id.ResourceGroup - name := id.Path["workspaces"] - - resp, err := client.Delete(ctx, resGroup, name) + resp, err := client.Delete(ctx, id.ResourceGroup, id.Name) if err != nil { if utils.ResponseWasNotFound(resp) { return nil } - return fmt.Errorf("Error issuing AzureRM delete request for Log Analytics Workspaces '%s': %+v", name, err) + return fmt.Errorf("Error issuing AzureRM delete request for Log Analytics Workspaces '%s': %+v", id.Name, err) } return nil diff --git a/azurerm/internal/services/loganalytics/tests/resource_arm_log_analytics_workspace_test.go b/azurerm/internal/services/loganalytics/tests/resource_arm_log_analytics_workspace_test.go index 1ae5bdf52974..88687d1752c6 100644 --- a/azurerm/internal/services/loganalytics/tests/resource_arm_log_analytics_workspace_test.go +++ b/azurerm/internal/services/loganalytics/tests/resource_arm_log_analytics_workspace_test.go @@ -11,6 +11,7 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse" ) func TestAccAzureRmLogAnalyticsWorkspaceName_validation(t *testing.T) { @@ -123,10 +124,12 @@ func testCheckAzureRMLogAnalyticsWorkspaceDestroy(s *terraform.State) error { continue } - name := rs.Primary.Attributes["name"] - resourceGroup := rs.Primary.Attributes["resource_group_name"] + id, err := parse.LogAnalyticsWorkspaceID(rs.Primary.ID) + if err != nil { + return err + } - resp, err := conn.Get(ctx, resourceGroup, name) + resp, err := conn.Get(ctx, id.ResourceGroup, id.Name) if err != nil { return nil @@ -151,19 +154,18 @@ func testCheckAzureRMLogAnalyticsWorkspaceExists(resourceName string) resource.T return fmt.Errorf("Not found: %s", resourceName) } - name := rs.Primary.Attributes["name"] - resourceGroup, hasResourceGroup := rs.Primary.Attributes["resource_group_name"] - if !hasResourceGroup { - return fmt.Errorf("Bad: no resource group found in state for Log Analytics Workspace: '%s'", name) + id, err := parse.LogAnalyticsWorkspaceID(rs.Primary.ID) + if err != nil { + return err } - resp, err := conn.Get(ctx, resourceGroup, name) + resp, err := conn.Get(ctx, id.ResourceGroup, id.Name) if err != nil { return fmt.Errorf("Bad: Get on Log Analytics Workspace Client: %+v", err) } if resp.StatusCode == http.StatusNotFound { - return fmt.Errorf("Bad: Log Analytics Workspace '%s' (resource group: '%s') does not exist", name, resourceGroup) + return fmt.Errorf("Bad: Log Analytics Workspace '%s' (resource group: '%s') does not exist", id.Name, id.ResourceGroup) } return nil diff --git a/azurerm/internal/services/loganalytics/validate/log_analytics_workspace.go b/azurerm/internal/services/loganalytics/validate/log_analytics_workspace.go new file mode 100644 index 000000000000..f40d4b02f424 --- /dev/null +++ b/azurerm/internal/services/loganalytics/validate/log_analytics_workspace.go @@ -0,0 +1,22 @@ +package validate + +import ( + "fmt" + + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse" +) + +func LogAnalyticsWorkspaceID(i interface{}, k string) (warnings []string, errors []error) { + v, ok := i.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected type of %q to be string", k)) + return + } + + if _, err := parse.LogAnalyticsWorkspaceID(v); err != nil { + errors = append(errors, fmt.Errorf("parsing %q as a resource id: %v", k, err)) + return + } + + return warnings, errors +} diff --git a/azurerm/internal/services/sentinel/client/client.go b/azurerm/internal/services/sentinel/client/client.go new file mode 100644 index 000000000000..a5e32da447d1 --- /dev/null +++ b/azurerm/internal/services/sentinel/client/client.go @@ -0,0 +1,19 @@ +package client + +import ( + "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/common" +) + +type Client struct { + AlertRulesClient *securityinsight.AlertRulesClient +} + +func NewClient(o *common.ClientOptions) *Client { + alertRulesClient := securityinsight.NewAlertRulesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) + o.ConfigureClient(&alertRulesClient.Client, o.ResourceManagerAuthorizer) + + return &Client{ + AlertRulesClient: &alertRulesClient, + } +} diff --git a/azurerm/internal/services/sentinel/data_source_sentinel_alert_rule.go b/azurerm/internal/services/sentinel/data_source_sentinel_alert_rule.go new file mode 100644 index 000000000000..601cf986d411 --- /dev/null +++ b/azurerm/internal/services/sentinel/data_source_sentinel_alert_rule.go @@ -0,0 +1,67 @@ +package sentinel + +import ( + "fmt" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/helper/validation" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" + loganalyticsParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse" + loganalyticsValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/validate" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func dataSourceArmSentinelAlertRule() *schema.Resource { + return &schema.Resource{ + Read: dataSourceArmSentinelAlertRuleRead, + + Timeouts: &schema.ResourceTimeout{ + Read: schema.DefaultTimeout(5 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "log_analytics_workspace_id": { + Type: schema.TypeString, + Required: true, + ValidateFunc: loganalyticsValidate.LogAnalyticsWorkspaceID, + }, + }, + } +} + +func dataSourceArmSentinelAlertRuleRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).Sentinel.AlertRulesClient + ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) + defer cancel() + + name := d.Get("name").(string) + workspaceID, err := loganalyticsParse.LogAnalyticsWorkspaceID(d.Get("log_analytics_workspace_id").(string)) + if err != nil { + return err + } + + resp, err := client.Get(ctx, workspaceID.ResourceGroup, workspaceID.Name, name) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return fmt.Errorf("Sentinel Alert Rule %q (Resource Group %q / Workspace: %q) was not found", name, workspaceID.ResourceGroup, workspaceID.Name) + } + + return fmt.Errorf("retrieving Sentinel Alert Rule %q (Resource Group %q / Workspace: %q): %+v", name, workspaceID.ResourceGroup, workspaceID.Name, err) + } + + id := alertRuleID(resp.Value) + if id == nil || *id == "" { + return fmt.Errorf("nil or empty ID of Sentinel Alert Rule %q (Resource Group %q / Workspace: %q)", name, workspaceID.ResourceGroup, workspaceID.Name) + } + d.SetId(*id) + + return nil +} diff --git a/azurerm/internal/services/sentinel/parse/sentinel_alert_rules.go b/azurerm/internal/services/sentinel/parse/sentinel_alert_rules.go new file mode 100644 index 000000000000..adc5b576015b --- /dev/null +++ b/azurerm/internal/services/sentinel/parse/sentinel_alert_rules.go @@ -0,0 +1,34 @@ +package parse + +import ( + "fmt" + "regexp" + + loganalyticsParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse" +) + +type SentinelAlertRuleId struct { + ResourceGroup string + Workspace string + Name string +} + +func SentinelAlertRuleID(input string) (*SentinelAlertRuleId, error) { + // Example ID: /subscriptions//resourceGroups//providers/Microsoft.OperationalInsights/workspaces//providers/Microsoft.SecurityInsights/alertRules/ + groups := regexp.MustCompile(`^(.+)/providers/Microsoft\.SecurityInsights/alertRules/(.+)$`).FindStringSubmatch(input) + if len(groups) != 3 { + return nil, fmt.Errorf("failed to parse Sentinel Alert Rule ID: %q", input) + } + + workspace, name := groups[1], groups[2] + + workspaceId, err := loganalyticsParse.LogAnalyticsWorkspaceID(workspace) + if err != nil { + return nil, fmt.Errorf("parsing workspace part of Sentinel Alert Rule ID %q: %+v", input, err) + } + return &SentinelAlertRuleId{ + ResourceGroup: workspaceId.ResourceGroup, + Workspace: workspaceId.Name, + Name: name, + }, nil +} diff --git a/azurerm/internal/services/sentinel/parse/sentinel_alert_rules_test.go b/azurerm/internal/services/sentinel/parse/sentinel_alert_rules_test.go new file mode 100644 index 000000000000..eff21877f2f9 --- /dev/null +++ b/azurerm/internal/services/sentinel/parse/sentinel_alert_rules_test.go @@ -0,0 +1,84 @@ +package parse + +import ( + "testing" +) + +func TestSentinelAlertRuleID(t *testing.T) { + testData := []struct { + Name string + Input string + Error bool + Expect *SentinelAlertRuleId + }{ + { + Name: "Empty", + Input: "", + Error: true, + }, + { + Name: "No Resource Groups Segment", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000", + Error: true, + }, + { + Name: "No Resource Groups Value", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/", + Error: true, + }, + { + Name: "No Workspace ID", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights", + Error: true, + }, + { + Name: "No Alert Rule Name", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/space1/providers/Microsoft.SecurityInsights/alertRules/", + Error: true, + }, + { + Name: "Incorrect Provider for Alert Rules", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/space1/providers/Foo.Bar/alertRules/rule1", + Error: true, + }, + { + Name: "Incorrect Caseing", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/space1/providers/Microsoft.SecurityInsights/AlertRules/rule1", + Error: true, + }, + { + Name: "Correct Case", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/space1/providers/Microsoft.SecurityInsights/alertRules/rule1", + Expect: &SentinelAlertRuleId{ + ResourceGroup: "resGroup1", + Workspace: "space1", + Name: "rule1", + }, + }, + } + + for _, v := range testData { + t.Logf("[DEBUG] Testing %q", v.Name) + + actual, err := SentinelAlertRuleID(v.Input) + if err != nil { + if v.Error { + continue + } + + t.Fatalf("Expected a value but got an error: %s", err) + } + + if actual.ResourceGroup != v.Expect.ResourceGroup { + t.Fatalf("Expected %q but got %q for Resource Group", v.Expect.ResourceGroup, actual.ResourceGroup) + } + + if actual.Workspace != v.Expect.Workspace { + t.Fatalf("Expected %q but got %q for Workspace", v.Expect.Name, actual.Name) + } + + if actual.Name != v.Expect.Name { + t.Fatalf("Expected %q but got %q for Name", v.Expect.Name, actual.Name) + } + } +} diff --git a/azurerm/internal/services/sentinel/registration.go b/azurerm/internal/services/sentinel/registration.go new file mode 100644 index 000000000000..9bcdea16837a --- /dev/null +++ b/azurerm/internal/services/sentinel/registration.go @@ -0,0 +1,33 @@ +package sentinel + +import ( + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" +) + +type Registration struct{} + +// Name is the name of this Service +func (r Registration) Name() string { + return "Sentinel" +} + +// WebsiteCategories returns a list of categories which can be used for the sidebar +func (r Registration) WebsiteCategories() []string { + return []string{ + "Sentinel", + } +} + +// SupportedDataSources returns the supported Data Sources supported by this Service +func (r Registration) SupportedDataSources() map[string]*schema.Resource { + return map[string]*schema.Resource{ + "azurerm_sentinel_alert_rule": dataSourceArmSentinelAlertRule(), + } +} + +// SupportedResources returns the supported Resources supported by this Service +func (r Registration) SupportedResources() map[string]*schema.Resource { + return map[string]*schema.Resource{ + "azurerm_sentinel_alert_rule_ms_security_incident": resourceArmSentinelAlertRuleMsSecurityIncident(), + } +} diff --git a/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go b/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go new file mode 100644 index 000000000000..18321eedae10 --- /dev/null +++ b/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go @@ -0,0 +1,273 @@ +package sentinel + +import ( + "fmt" + "log" + "time" + + "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/helper/validation" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" + loganalyticsParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse" + loganalyticsValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/validate" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel/parse" + azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func resourceArmSentinelAlertRuleMsSecurityIncident() *schema.Resource { + return &schema.Resource{ + Create: resourceArmSentinelAlertRuleMsSecurityIncidentCreateUpdate, + Read: resourceArmSentinelAlertRuleMsSecurityIncidentRead, + Update: resourceArmSentinelAlertRuleMsSecurityIncidentCreateUpdate, + Delete: resourceArmSentinelAlertRuleMsSecurityIncidentDelete, + + Importer: azSchema.ValidateResourceIDPriorToImportThen(func(id string) error { + _, err := parse.SentinelAlertRuleID(id) + return err + }, importSentinelAlertRule(securityinsight.MicrosoftSecurityIncidentCreation)), + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(30 * time.Minute), + Read: schema.DefaultTimeout(5 * time.Minute), + Update: schema.DefaultTimeout(30 * time.Minute), + Delete: schema.DefaultTimeout(30 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "log_analytics_workspace_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: loganalyticsValidate.LogAnalyticsWorkspaceID, + }, + + "display_name": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "product_filter": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{ + string(securityinsight.MicrosoftCloudAppSecurity), + string(securityinsight.AzureSecurityCenter), + string(securityinsight.AzureActiveDirectoryIdentityProtection), + string(securityinsight.AzureSecurityCenterforIoT), + string(securityinsight.AzureAdvancedThreatProtection), + }, false), + }, + + "severity_filter": { + Type: schema.TypeSet, + Required: true, + MinItems: 1, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice([]string{ + string(securityinsight.High), + string(securityinsight.Medium), + string(securityinsight.Low), + string(securityinsight.Informational), + }, false), + }, + }, + + "description": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "enabled": { + Type: schema.TypeBool, + Optional: true, + Default: true, + }, + + "text_whitelist": { + Type: schema.TypeSet, + Optional: true, + MinItems: 1, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringIsNotEmpty, + }, + }, + }, + } +} + +func resourceArmSentinelAlertRuleMsSecurityIncidentCreateUpdate(d *schema.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).Sentinel.AlertRulesClient + ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) + defer cancel() + + name := d.Get("name").(string) + workspaceID, err := loganalyticsParse.LogAnalyticsWorkspaceID(d.Get("log_analytics_workspace_id").(string)) + if err != nil { + return err + } + + if d.IsNewResource() { + resp, err := client.Get(ctx, workspaceID.ResourceGroup, workspaceID.Name, name) + if err != nil { + if !utils.ResponseWasNotFound(resp.Response) { + return fmt.Errorf("checking for existing Sentinel Alert Rule Ms Security Incident %q (Resource Group %q): %+v", name, workspaceID.ResourceGroup, err) + } + } + + id := alertRuleID(resp.Value) + if id != nil && *id != "" { + return tf.ImportAsExistsError("azurerm_sentinel_alert_rule_ms_security_incident", *id) + } + } + + param := securityinsight.MicrosoftSecurityIncidentCreationAlertRule{ + Kind: securityinsight.KindMicrosoftSecurityIncidentCreation, + MicrosoftSecurityIncidentCreationAlertRuleProperties: &securityinsight.MicrosoftSecurityIncidentCreationAlertRuleProperties{ + ProductFilter: securityinsight.MicrosoftSecurityProductName(d.Get("product_filter").(string)), + DisplayName: utils.String(d.Get("display_name").(string)), + Description: utils.String(d.Get("description").(string)), + Enabled: utils.Bool(d.Get("enabled").(bool)), + SeveritiesFilter: expandAlertRuleMsSecurityIncidentSeverityFilter(d.Get("severity_filter").(*schema.Set).List()), + }, + } + + if whitelist, ok := d.GetOk("text_whitelist"); ok { + param.DisplayNamesFilter = utils.ExpandStringSlice(whitelist.(*schema.Set).List()) + } + + // Service avoid concurrent update of this resource via checking the "etag" to guarantee it is the same value as last Read. + if !d.IsNewResource() { + resp, err := client.Get(ctx, workspaceID.ResourceGroup, workspaceID.Name, name) + if err != nil { + return fmt.Errorf("retrieving Sentinel Alert Rule Ms Security Incident %q (Resource Group %q / Workspace: %q): %+v", name, workspaceID.ResourceGroup, workspaceID.Name, err) + } + + if err := assertAlertRuleKind(resp.Value, securityinsight.MicrosoftSecurityIncidentCreation); err != nil { + return fmt.Errorf("asserting alert rule of %q (Resource Group %q / Workspace: %q): %+v", name, workspaceID.ResourceGroup, workspaceID.Name, err) + } + param.Etag = resp.Value.(securityinsight.MicrosoftSecurityIncidentCreationAlertRule).Etag + } + + if _, err := client.CreateOrUpdate(ctx, workspaceID.ResourceGroup, workspaceID.Name, name, param); err != nil { + return fmt.Errorf("creating Sentinel Alert Rule Ms Security Incident %q (Resource Group %q / Workspace: %q): %+v", name, workspaceID.ResourceGroup, workspaceID.Name, err) + } + + resp, err := client.Get(ctx, workspaceID.ResourceGroup, workspaceID.Name, name) + if err != nil { + return fmt.Errorf("retrieving Sentinel Alert Rule Ms Security Incident %q (Resource Group %q / Workspace: %q): %+v", name, workspaceID.ResourceGroup, workspaceID.Name, err) + } + id := alertRuleID(resp.Value) + if id == nil || *id == "" { + return fmt.Errorf("empty or nil ID returned for Sentinel Alert Rule Ms Security Incident %q (Resource Group %q / Workspace: %q) ID", name, workspaceID.ResourceGroup, workspaceID.Name) + } + d.SetId(*id) + + return resourceArmSentinelAlertRuleMsSecurityIncidentRead(d, meta) +} + +func resourceArmSentinelAlertRuleMsSecurityIncidentRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).Sentinel.AlertRulesClient + workspaceClient := meta.(*clients.Client).LogAnalytics.WorkspacesClient + ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) + defer cancel() + + id, err := parse.SentinelAlertRuleID(d.Id()) + if err != nil { + return err + } + + resp, err := client.Get(ctx, id.ResourceGroup, id.Workspace, id.Name) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + log.Printf("[DEBUG] Sentinel Alert Rule Ms Security Incident %q was not found in Workspace: %q in Resource Group %q - removing from state!", id.Name, id.Workspace, id.ResourceGroup) + d.SetId("") + return nil + } + + return fmt.Errorf("retrieving Sentinel Alert Rule Ms Security Incident %q (Resource Group %q / Workspace: %q): %+v", id.Name, id.ResourceGroup, id.Workspace, err) + } + + if err := assertAlertRuleKind(resp.Value, securityinsight.MicrosoftSecurityIncidentCreation); err != nil { + return fmt.Errorf("asserting alert rule of %q (Resource Group %q / Workspace: %q): %+v", id.Name, id.ResourceGroup, id.Workspace, err) + } + rule := resp.Value.(securityinsight.MicrosoftSecurityIncidentCreationAlertRule) + + d.Set("name", id.Name) + + workspaceResp, err := workspaceClient.Get(ctx, id.ResourceGroup, id.Workspace) + if err != nil { + return fmt.Errorf("retrieving Log Analytics Workspace %q (Resource Group: %q) where this Alert Rule belongs to: %+v", id.Workspace, id.ResourceGroup, err) + } + d.Set("log_analytics_workspace_id", workspaceResp.ID) + if prop := rule.MicrosoftSecurityIncidentCreationAlertRuleProperties; prop != nil { + d.Set("product_filter", string(prop.ProductFilter)) + d.Set("display_name", prop.DisplayName) + d.Set("description", prop.Description) + d.Set("enabled", prop.Enabled) + + if err := d.Set("text_whitelist", utils.FlattenStringSlice(prop.DisplayNamesFilter)); err != nil { + return fmt.Errorf(`setting "text_whitelist": %+v`, err) + } + if err := d.Set("severity_filter", flattenAlertRuleMsSecurityIncidentSeverityFilter(prop.SeveritiesFilter)); err != nil { + return fmt.Errorf(`setting "severity_filter": %+v`, err) + } + } + + return nil +} + +func resourceArmSentinelAlertRuleMsSecurityIncidentDelete(d *schema.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).Sentinel.AlertRulesClient + ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) + defer cancel() + + id, err := parse.SentinelAlertRuleID(d.Id()) + if err != nil { + return err + } + + if _, err := client.Delete(ctx, id.ResourceGroup, id.Workspace, id.Name); err != nil { + return fmt.Errorf("deleting Sentinel Alert Rule Ms Security Incident %q (Resource Group %q / Workspace: %q): %+v", id.Name, id.ResourceGroup, id.Workspace, err) + } + + return nil +} + +func expandAlertRuleMsSecurityIncidentSeverityFilter(input []interface{}) *[]securityinsight.AlertSeverity { + result := make([]securityinsight.AlertSeverity, 0) + + for _, e := range input { + result = append(result, securityinsight.AlertSeverity(e.(string))) + } + + return &result +} + +func flattenAlertRuleMsSecurityIncidentSeverityFilter(input *[]securityinsight.AlertSeverity) []interface{} { + if input == nil { + return []interface{}{} + } + + output := make([]interface{}, 0) + + for _, e := range *input { + output = append(output, string(e)) + } + + return output +} diff --git a/azurerm/internal/services/sentinel/sentinel_alert_rule.go b/azurerm/internal/services/sentinel/sentinel_alert_rule.go new file mode 100644 index 000000000000..d8b4009e3b75 --- /dev/null +++ b/azurerm/internal/services/sentinel/sentinel_alert_rule.go @@ -0,0 +1,66 @@ +package sentinel + +import ( + "fmt" + + "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel/parse" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" +) + +func alertRuleID(rule securityinsight.BasicAlertRule) *string { + if rule == nil { + return nil + } + switch rule := rule.(type) { + case securityinsight.FusionAlertRule: + return rule.ID + case securityinsight.MicrosoftSecurityIncidentCreationAlertRule: + return rule.ID + case securityinsight.ScheduledAlertRule: + return rule.ID + default: + return nil + } +} + +func importSentinelAlertRule(expectKind securityinsight.AlertRuleKind) func(d *schema.ResourceData, meta interface{}) (data []*schema.ResourceData, err error) { + return func(d *schema.ResourceData, meta interface{}) (data []*schema.ResourceData, err error) { + id, err := parse.SentinelAlertRuleID(d.Id()) + if err != nil { + return nil, err + } + + client := meta.(*clients.Client).Sentinel.AlertRulesClient + ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) + defer cancel() + + resp, err := client.Get(ctx, id.ResourceGroup, id.Workspace, id.Name) + if err != nil { + return nil, fmt.Errorf("retrieving Sentinel Alert Rule %q (Resource Group %q / Workspace: %q): %+v", id.Name, id.ResourceGroup, id.Workspace, err) + } + + if err := assertAlertRuleKind(resp.Value, expectKind); err != nil { + return nil, err + } + return []*schema.ResourceData{d}, nil + } +} + +func assertAlertRuleKind(rule securityinsight.BasicAlertRule, expectKind securityinsight.AlertRuleKind) error { + var kind securityinsight.AlertRuleKind + switch rule.(type) { + case securityinsight.FusionAlertRule: + kind = securityinsight.Fusion + case securityinsight.MicrosoftSecurityIncidentCreationAlertRule: + kind = securityinsight.MicrosoftSecurityIncidentCreation + case securityinsight.ScheduledAlertRule: + kind = securityinsight.Scheduled + } + if expectKind != kind { + return fmt.Errorf("Sentinel Alert Rule has mismatched kind, expected: %q, got %q", expectKind, kind) + } + return nil +} diff --git a/azurerm/internal/services/sentinel/tests/data_source_sentinel_alert_rule_test.go b/azurerm/internal/services/sentinel/tests/data_source_sentinel_alert_rule_test.go new file mode 100644 index 000000000000..db9a1a7d8352 --- /dev/null +++ b/azurerm/internal/services/sentinel/tests/data_source_sentinel_alert_rule_test.go @@ -0,0 +1,38 @@ +package tests + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" +) + +func TestAccDataSourceSentinelAlertRule_basic(t *testing.T) { + data := acceptance.BuildTestData(t, "data.azurerm_sentinel_alert_rule", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceSentinelAlertRule_basic(data), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(data.ResourceName, "id"), + ), + }, + }, + }) +} + +func testAccDataSourceSentinelAlertRule_basic(data acceptance.TestData) string { + config := testAccAzureRMSentinelAlertRuleMsSecurityIncident_basic(data) + return fmt.Sprintf(` +%s + +data "azurerm_sentinel_alert_rule" "test" { + name = azurerm_sentinel_alert_rule_ms_security_incident.test.name + log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id +} +`, config) +} diff --git a/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go b/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go new file mode 100644 index 000000000000..65399066d1c6 --- /dev/null +++ b/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go @@ -0,0 +1,222 @@ +package tests + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel/parse" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func TestAccAzureRMSentinelAlertRuleMsSecurityIncident_basic(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_sentinel_alert_rule_ms_security_incident", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMSentinelAlertRuleMsSecurityIncidentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMSentinelAlertRuleMsSecurityIncident_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSentinelAlertRuleMsSecurityIncidentExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMSentinelAlertRuleMsSecurityIncident_complete(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_sentinel_alert_rule_ms_security_incident", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMSentinelAlertRuleMsSecurityIncidentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMSentinelAlertRuleMsSecurityIncident_complete(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSentinelAlertRuleMsSecurityIncidentExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMSentinelAlertRuleMsSecurityIncident_update(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_sentinel_alert_rule_ms_security_incident", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMSentinelAlertRuleMsSecurityIncidentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMSentinelAlertRuleMsSecurityIncident_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSentinelAlertRuleMsSecurityIncidentExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMSentinelAlertRuleMsSecurityIncident_complete(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSentinelAlertRuleMsSecurityIncidentExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMSentinelAlertRuleMsSecurityIncident_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSentinelAlertRuleMsSecurityIncidentExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMSentinelAlertRuleMsSecurityIncident_requiresImport(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_sentinel_alert_rule_ms_security_incident", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMSentinelAlertRuleMsSecurityIncidentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMSentinelAlertRuleMsSecurityIncident_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSentinelAlertRuleMsSecurityIncidentExists(data.ResourceName), + ), + }, + data.RequiresImportErrorStep(testAccAzureRMSentinelAlertRuleMsSecurityIncident_requiresImport), + }, + }) +} + +func testCheckAzureRMSentinelAlertRuleMsSecurityIncidentExists(resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + client := acceptance.AzureProvider.Meta().(*clients.Client).Sentinel.AlertRulesClient + ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext + + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Sentinel Alert Rule Ms Security Incident not found: %s", resourceName) + } + + id, err := parse.SentinelAlertRuleID(rs.Primary.ID) + if err != nil { + return err + } + + if resp, err := client.Get(ctx, id.ResourceGroup, id.Workspace, id.Name); err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return fmt.Errorf("Sentinel Alert Rule Ms Security Incident %q (Resource Group %q / Workspace: %q) does not exist", id.Name, id.ResourceGroup, id.Workspace) + } + return fmt.Errorf("Getting on Sentinel.AlertRules: %+v", err) + } + + return nil + } +} + +func testCheckAzureRMSentinelAlertRuleMsSecurityIncidentDestroy(s *terraform.State) error { + client := acceptance.AzureProvider.Meta().(*clients.Client).Sentinel.AlertRulesClient + ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext + + for _, rs := range s.RootModule().Resources { + if rs.Type != "azurerm_sentinel_alert_rule_ms_security_incident" { + continue + } + + id, err := parse.SentinelAlertRuleID(rs.Primary.ID) + if err != nil { + return err + } + + if resp, err := client.Get(ctx, id.ResourceGroup, id.Workspace, id.Name); err != nil { + if !utils.ResponseWasNotFound(resp.Response) { + return fmt.Errorf("Getting on Sentinel.AlertRules: %+v", err) + } + } + + return nil + } + + return nil +} + +func testAccAzureRMSentinelAlertRuleMsSecurityIncident_basic(data acceptance.TestData) string { + template := testAccAzureRMSentinelAlertRuleMsSecurityIncident_template(data) + return fmt.Sprintf(` +%s + +resource "azurerm_sentinel_alert_rule_ms_security_incident" "test" { + name = "acctest-SentinelAlertRule-MSI-%d" + log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id + product_filter = "Microsoft Cloud App Security" + display_name = "some rule" + severity_filter = ["High"] +} +`, template, data.RandomInteger) +} + +func testAccAzureRMSentinelAlertRuleMsSecurityIncident_complete(data acceptance.TestData) string { + template := testAccAzureRMSentinelAlertRuleMsSecurityIncident_template(data) + return fmt.Sprintf(` +%s + +resource "azurerm_sentinel_alert_rule_ms_security_incident" "test" { + name = "acctest-SentinelAlertRule-MSI-%d" + log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id + product_filter = "Azure Security Center" + display_name = "updated rule" + severity_filter = ["High", "Low"] + description = "this is a alert rule" + text_whitelist = ["alert"] +} +`, template, data.RandomInteger) +} + +func testAccAzureRMSentinelAlertRuleMsSecurityIncident_requiresImport(data acceptance.TestData) string { + template := testAccAzureRMSentinelAlertRuleMsSecurityIncident_basic(data) + return fmt.Sprintf(` +%s + +resource "azurerm_sentinel_alert_rule_ms_security_incident" "import" { + name = azurerm_sentinel_alert_rule_ms_security_incident.test.name + log_analytics_workspace_id = azurerm_sentinel_alert_rule_ms_security_incident.test.log_analytics_workspace_id + product_filter = azurerm_sentinel_alert_rule_ms_security_incident.test.product_filter + display_name = azurerm_sentinel_alert_rule_ms_security_incident.test.display_name + severity_filter = azurerm_sentinel_alert_rule_ms_security_incident.test.severity_filter +} +`, template) +} + +func testAccAzureRMSentinelAlertRuleMsSecurityIncident_template(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-sentinel-%d" + location = "%s" +} + +resource "azurerm_log_analytics_workspace" "test" { + name = "acctestLAW-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + sku = "PerGB2018" +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/actions.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/actions.go new file mode 100644 index 000000000000..ab89e65fa199 --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/actions.go @@ -0,0 +1,173 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ActionsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type ActionsClient struct { + BaseClient +} + +// NewActionsClient creates an instance of the ActionsClient client. +func NewActionsClient(subscriptionID string) ActionsClient { + return NewActionsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewActionsClientWithBaseURI creates an instance of the ActionsClient client using a custom endpoint. Use this when +// interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient { + return ActionsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// ListByAlertRule gets all actions of alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result ActionsListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsClient.ListByAlertRule") + defer func() { + sc := -1 + if result.al.Response.Response != nil { + sc = result.al.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ActionsClient", "ListByAlertRule", err.Error()) + } + + result.fn = client.listByAlertRuleNextResults + req, err := client.ListByAlertRulePreparer(ctx, resourceGroupName, workspaceName, ruleID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "ListByAlertRule", nil, "Failure preparing request") + return + } + + resp, err := client.ListByAlertRuleSender(req) + if err != nil { + result.al.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "ListByAlertRule", resp, "Failure sending request") + return + } + + result.al, err = client.ListByAlertRuleResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "ListByAlertRule", resp, "Failure responding to request") + } + + return +} + +// ListByAlertRulePreparer prepares the ListByAlertRule request. +func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListByAlertRuleSender sends the ListByAlertRule request. The method will close the +// http.Response Body if it receives an error. +func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListByAlertRuleResponder handles the response to the ListByAlertRule request. The method always +// closes the http.Response Body. +func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listByAlertRuleNextResults retrieves the next set of results, if any. +func (client ActionsClient) listByAlertRuleNextResults(ctx context.Context, lastResults ActionsList) (result ActionsList, err error) { + req, err := lastResults.actionsListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "listByAlertRuleNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListByAlertRuleSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "listByAlertRuleNextResults", resp, "Failure sending next results request") + } + result, err = client.ListByAlertRuleResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "listByAlertRuleNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListByAlertRuleComplete enumerates all values, automatically crossing page boundaries as required. +func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result ActionsListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsClient.ListByAlertRule") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListByAlertRule(ctx, resourceGroupName, workspaceName, ruleID) + return +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertrules.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertrules.go new file mode 100644 index 000000000000..1d5b29d4d72c --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/alertrules.go @@ -0,0 +1,733 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// AlertRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type AlertRulesClient struct { + BaseClient +} + +// NewAlertRulesClient creates an instance of the AlertRulesClient client. +func NewAlertRulesClient(subscriptionID string) AlertRulesClient { + return NewAlertRulesClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewAlertRulesClientWithBaseURI creates an instance of the AlertRulesClient client using a custom endpoint. Use this +// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient { + return AlertRulesClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdate creates or updates the alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +// alertRule - the alert rule +func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule BasicAlertRule) (result AlertRuleModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.CreateOrUpdate") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "CreateOrUpdate", err.Error()) + } + + req, err := client.CreateOrUpdatePreparer(ctx, resourceGroupName, workspaceName, ruleID, alertRule) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "CreateOrUpdate", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "CreateOrUpdate", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "CreateOrUpdate", resp, "Failure responding to request") + } + + return +} + +// CreateOrUpdatePreparer prepares the CreateOrUpdate request. +func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule BasicAlertRule) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", pathParameters), + autorest.WithJSON(alertRule), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// CreateOrUpdateAction creates or updates the action of alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +// actionID - action ID +// action - the action +func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest) (result ActionResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.CreateOrUpdateAction") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "CreateOrUpdateAction", err.Error()) + } + + req, err := client.CreateOrUpdateActionPreparer(ctx, resourceGroupName, workspaceName, ruleID, actionID, action) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "CreateOrUpdateAction", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateActionSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "CreateOrUpdateAction", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateActionResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "CreateOrUpdateAction", resp, "Failure responding to request") + } + + return +} + +// CreateOrUpdateActionPreparer prepares the CreateOrUpdateAction request. +func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "actionId": autorest.Encode("path", actionID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", pathParameters), + autorest.WithJSON(action), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateActionSender sends the CreateOrUpdateAction request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateOrUpdateActionResponder handles the response to the CreateOrUpdateAction request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete the alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, workspaceName, ruleID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// DeleteAction delete the action of alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +// actionID - action ID +func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.DeleteAction") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "DeleteAction", err.Error()) + } + + req, err := client.DeleteActionPreparer(ctx, resourceGroupName, workspaceName, ruleID, actionID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "DeleteAction", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteActionSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "DeleteAction", resp, "Failure sending request") + return + } + + result, err = client.DeleteActionResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "DeleteAction", resp, "Failure responding to request") + } + + return +} + +// DeleteActionPreparer prepares the DeleteAction request. +func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "actionId": autorest.Encode("path", actionID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteActionSender sends the DeleteAction request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) DeleteActionSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteActionResponder handles the response to the DeleteAction request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets the alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result AlertRuleModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, workspaceName, ruleID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// GetAction gets the action of alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +// actionID - action ID +func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (result ActionResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.GetAction") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "GetAction", err.Error()) + } + + req, err := client.GetActionPreparer(ctx, resourceGroupName, workspaceName, ruleID, actionID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "GetAction", nil, "Failure preparing request") + return + } + + resp, err := client.GetActionSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "GetAction", resp, "Failure sending request") + return + } + + result, err = client.GetActionResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "GetAction", resp, "Failure responding to request") + } + + return +} + +// GetActionPreparer prepares the GetAction request. +func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "actionId": autorest.Encode("path", actionID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetActionSender sends the GetAction request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) GetActionSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetActionResponder handles the response to the GetAction request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all alert rules. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRulesListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.List") + defer func() { + sc := -1 + if result.arl.Response.Response != nil { + sc = result.arl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.arl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "List", resp, "Failure sending request") + return + } + + result.arl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client AlertRulesClient) listNextResults(ctx context.Context, lastResults AlertRulesList) (result AlertRulesList, err error) { + req, err := lastResults.alertRulesListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRulesListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, workspaceName) + return +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/client.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/client.go new file mode 100644 index 000000000000..795d10bb8823 --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/client.go @@ -0,0 +1,52 @@ +// Package securityinsight implements the Azure ARM Securityinsight service API version 2020-01-01. +// +// API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "github.com/Azure/go-autorest/autorest" +) + +const ( + // DefaultBaseURI is the default URI used for the service Securityinsight + DefaultBaseURI = "https://management.azure.com" +) + +// BaseClient is the base client for Securityinsight. +type BaseClient struct { + autorest.Client + BaseURI string + SubscriptionID string +} + +// New creates an instance of the BaseClient client. +func New(subscriptionID string) BaseClient { + return NewWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewWithBaseURI creates an instance of the BaseClient client using a custom endpoint. Use this when interacting with +// an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient { + return BaseClient{ + Client: autorest.NewClientWithUserAgent(UserAgent()), + BaseURI: baseURI, + SubscriptionID: subscriptionID, + } +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/dataconnectors.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/dataconnectors.go new file mode 100644 index 000000000000..254c70e6667b --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/dataconnectors.go @@ -0,0 +1,449 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// DataConnectorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type DataConnectorsClient struct { + BaseClient +} + +// NewDataConnectorsClient creates an instance of the DataConnectorsClient client. +func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient { + return NewDataConnectorsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewDataConnectorsClientWithBaseURI creates an instance of the DataConnectorsClient client using a custom endpoint. +// Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient { + return DataConnectorsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdate creates or updates the data connector. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// dataConnectorID - connector ID +// dataConnector - the data connector +func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (result DataConnectorModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorsClient.CreateOrUpdate") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.DataConnectorsClient", "CreateOrUpdate", err.Error()) + } + + req, err := client.CreateOrUpdatePreparer(ctx, resourceGroupName, workspaceName, dataConnectorID, dataConnector) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "CreateOrUpdate", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "CreateOrUpdate", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "CreateOrUpdate", resp, "Failure responding to request") + } + + return +} + +// CreateOrUpdatePreparer prepares the CreateOrUpdate request. +func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "dataConnectorId": autorest.Encode("path", dataConnectorID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", pathParameters), + autorest.WithJSON(dataConnector), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the +// http.Response Body if it receives an error. +func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always +// closes the http.Response Body. +func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete the data connector. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// dataConnectorID - connector ID +func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorsClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.DataConnectorsClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, workspaceName, dataConnectorID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Delete", resp, "Failure responding to request") + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "dataConnectorId": autorest.Encode("path", dataConnectorID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets a data connector. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// dataConnectorID - connector ID +func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result DataConnectorModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.DataConnectorsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, workspaceName, dataConnectorID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "dataConnectorId": autorest.Encode("path", dataConnectorID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all data connectors. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result DataConnectorListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorsClient.List") + defer func() { + sc := -1 + if result.dcl.Response.Response != nil { + sc = result.dcl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.DataConnectorsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.dcl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "List", resp, "Failure sending request") + return + } + + result.dcl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client DataConnectorsClient) listNextResults(ctx context.Context, lastResults DataConnectorList) (result DataConnectorList, err error) { + req, err := lastResults.dataConnectorListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result DataConnectorListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, workspaceName) + return +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go new file mode 100644 index 000000000000..e1f7a356ed41 --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/models.go @@ -0,0 +1,4450 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "encoding/json" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/date" + "github.com/Azure/go-autorest/autorest/to" + "github.com/Azure/go-autorest/tracing" + "github.com/satori/go.uuid" + "net/http" +) + +// The package's fully qualified name. +const fqdn = "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight" + +// AlertRuleKind enumerates the values for alert rule kind. +type AlertRuleKind string + +const ( + // Fusion ... + Fusion AlertRuleKind = "Fusion" + // MicrosoftSecurityIncidentCreation ... + MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" + // Scheduled ... + Scheduled AlertRuleKind = "Scheduled" +) + +// PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type. +func PossibleAlertRuleKindValues() []AlertRuleKind { + return []AlertRuleKind{Fusion, MicrosoftSecurityIncidentCreation, Scheduled} +} + +// AlertSeverity enumerates the values for alert severity. +type AlertSeverity string + +const ( + // High High severity + High AlertSeverity = "High" + // Informational Informational severity + Informational AlertSeverity = "Informational" + // Low Low severity + Low AlertSeverity = "Low" + // Medium Medium severity + Medium AlertSeverity = "Medium" +) + +// PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type. +func PossibleAlertSeverityValues() []AlertSeverity { + return []AlertSeverity{High, Informational, Low, Medium} +} + +// AttackTactic enumerates the values for attack tactic. +type AttackTactic string + +const ( + // Collection ... + Collection AttackTactic = "Collection" + // CommandAndControl ... + CommandAndControl AttackTactic = "CommandAndControl" + // CredentialAccess ... + CredentialAccess AttackTactic = "CredentialAccess" + // DefenseEvasion ... + DefenseEvasion AttackTactic = "DefenseEvasion" + // Discovery ... + Discovery AttackTactic = "Discovery" + // Execution ... + Execution AttackTactic = "Execution" + // Exfiltration ... + Exfiltration AttackTactic = "Exfiltration" + // Impact ... + Impact AttackTactic = "Impact" + // InitialAccess ... + InitialAccess AttackTactic = "InitialAccess" + // LateralMovement ... + LateralMovement AttackTactic = "LateralMovement" + // Persistence ... + Persistence AttackTactic = "Persistence" + // PrivilegeEscalation ... + PrivilegeEscalation AttackTactic = "PrivilegeEscalation" +) + +// PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. +func PossibleAttackTacticValues() []AttackTactic { + return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} +} + +// DataConnectorKind enumerates the values for data connector kind. +type DataConnectorKind string + +const ( + // DataConnectorKindAmazonWebServicesCloudTrail ... + DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" + // DataConnectorKindAzureActiveDirectory ... + DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" + // DataConnectorKindAzureAdvancedThreatProtection ... + DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" + // DataConnectorKindAzureSecurityCenter ... + DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" + // DataConnectorKindMicrosoftCloudAppSecurity ... + DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" + // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... + DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" + // DataConnectorKindOffice365 ... + DataConnectorKindOffice365 DataConnectorKind = "Office365" + // DataConnectorKindThreatIntelligence ... + DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" +) + +// PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. +func PossibleDataConnectorKindValues() []DataConnectorKind { + return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence} +} + +// DataTypeState enumerates the values for data type state. +type DataTypeState string + +const ( + // Disabled ... + Disabled DataTypeState = "Disabled" + // Enabled ... + Enabled DataTypeState = "Enabled" +) + +// PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type. +func PossibleDataTypeStateValues() []DataTypeState { + return []DataTypeState{Disabled, Enabled} +} + +// IncidentSeverity enumerates the values for incident severity. +type IncidentSeverity string + +const ( + // IncidentSeverityCritical Critical severity + IncidentSeverityCritical IncidentSeverity = "Critical" + // IncidentSeverityHigh High severity + IncidentSeverityHigh IncidentSeverity = "High" + // IncidentSeverityInformational Informational severity + IncidentSeverityInformational IncidentSeverity = "Informational" + // IncidentSeverityLow Low severity + IncidentSeverityLow IncidentSeverity = "Low" + // IncidentSeverityMedium Medium severity + IncidentSeverityMedium IncidentSeverity = "Medium" +) + +// PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type. +func PossibleIncidentSeverityValues() []IncidentSeverity { + return []IncidentSeverity{IncidentSeverityCritical, IncidentSeverityHigh, IncidentSeverityInformational, IncidentSeverityLow, IncidentSeverityMedium} +} + +// Kind enumerates the values for kind. +type Kind string + +const ( + // KindAlertRule ... + KindAlertRule Kind = "AlertRule" + // KindFusion ... + KindFusion Kind = "Fusion" + // KindMicrosoftSecurityIncidentCreation ... + KindMicrosoftSecurityIncidentCreation Kind = "MicrosoftSecurityIncidentCreation" + // KindScheduled ... + KindScheduled Kind = "Scheduled" +) + +// PossibleKindValues returns an array of possible values for the Kind const type. +func PossibleKindValues() []Kind { + return []Kind{KindAlertRule, KindFusion, KindMicrosoftSecurityIncidentCreation, KindScheduled} +} + +// KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. +type KindBasicAlertRuleTemplate string + +const ( + // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... + KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" + // KindBasicAlertRuleTemplateKindFusion ... + KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" + // KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ... + KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation" + // KindBasicAlertRuleTemplateKindScheduled ... + KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" +) + +// PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type. +func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { + return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation, KindBasicAlertRuleTemplateKindScheduled} +} + +// KindBasicDataConnector enumerates the values for kind basic data connector. +type KindBasicDataConnector string + +const ( + // KindAmazonWebServicesCloudTrail ... + KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" + // KindAzureActiveDirectory ... + KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" + // KindAzureAdvancedThreatProtection ... + KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" + // KindAzureSecurityCenter ... + KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" + // KindDataConnector ... + KindDataConnector KindBasicDataConnector = "DataConnector" + // KindMicrosoftCloudAppSecurity ... + KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" + // KindMicrosoftDefenderAdvancedThreatProtection ... + KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" + // KindOffice365 ... + KindOffice365 KindBasicDataConnector = "Office365" + // KindThreatIntelligence ... + KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" +) + +// PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. +func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { + return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence} +} + +// KindBasicSettings enumerates the values for kind basic settings. +type KindBasicSettings string + +const ( + // KindSettings ... + KindSettings KindBasicSettings = "Settings" + // KindToggleSettings ... + KindToggleSettings KindBasicSettings = "ToggleSettings" + // KindUebaSettings ... + KindUebaSettings KindBasicSettings = "UebaSettings" +) + +// PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type. +func PossibleKindBasicSettingsValues() []KindBasicSettings { + return []KindBasicSettings{KindSettings, KindToggleSettings, KindUebaSettings} +} + +// LicenseStatus enumerates the values for license status. +type LicenseStatus string + +const ( + // LicenseStatusDisabled ... + LicenseStatusDisabled LicenseStatus = "Disabled" + // LicenseStatusEnabled ... + LicenseStatusEnabled LicenseStatus = "Enabled" +) + +// PossibleLicenseStatusValues returns an array of possible values for the LicenseStatus const type. +func PossibleLicenseStatusValues() []LicenseStatus { + return []LicenseStatus{LicenseStatusDisabled, LicenseStatusEnabled} +} + +// MicrosoftSecurityProductName enumerates the values for microsoft security product name. +type MicrosoftSecurityProductName string + +const ( + // AzureActiveDirectoryIdentityProtection ... + AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" + // AzureAdvancedThreatProtection ... + AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" + // AzureSecurityCenter ... + AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" + // AzureSecurityCenterforIoT ... + AzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" + // MicrosoftCloudAppSecurity ... + MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" +) + +// PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type. +func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName { + return []MicrosoftSecurityProductName{AzureActiveDirectoryIdentityProtection, AzureAdvancedThreatProtection, AzureSecurityCenter, AzureSecurityCenterforIoT, MicrosoftCloudAppSecurity} +} + +// SettingKind enumerates the values for setting kind. +type SettingKind string + +const ( + // SettingKindToggleSettings ... + SettingKindToggleSettings SettingKind = "ToggleSettings" + // SettingKindUebaSettings ... + SettingKindUebaSettings SettingKind = "UebaSettings" +) + +// PossibleSettingKindValues returns an array of possible values for the SettingKind const type. +func PossibleSettingKindValues() []SettingKind { + return []SettingKind{SettingKindToggleSettings, SettingKindUebaSettings} +} + +// StatusInMcas enumerates the values for status in mcas. +type StatusInMcas string + +const ( + // StatusInMcasDisabled ... + StatusInMcasDisabled StatusInMcas = "Disabled" + // StatusInMcasEnabled ... + StatusInMcasEnabled StatusInMcas = "Enabled" +) + +// PossibleStatusInMcasValues returns an array of possible values for the StatusInMcas const type. +func PossibleStatusInMcasValues() []StatusInMcas { + return []StatusInMcas{StatusInMcasDisabled, StatusInMcasEnabled} +} + +// TemplateStatus enumerates the values for template status. +type TemplateStatus string + +const ( + // Available Alert rule template is available. + Available TemplateStatus = "Available" + // Installed Alert rule template installed. and can not use more then once + Installed TemplateStatus = "Installed" + // NotAvailable Alert rule template is not available + NotAvailable TemplateStatus = "NotAvailable" +) + +// PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type. +func PossibleTemplateStatusValues() []TemplateStatus { + return []TemplateStatus{Available, Installed, NotAvailable} +} + +// TriggerOperator enumerates the values for trigger operator. +type TriggerOperator string + +const ( + // Equal ... + Equal TriggerOperator = "Equal" + // GreaterThan ... + GreaterThan TriggerOperator = "GreaterThan" + // LessThan ... + LessThan TriggerOperator = "LessThan" + // NotEqual ... + NotEqual TriggerOperator = "NotEqual" +) + +// PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type. +func PossibleTriggerOperatorValues() []TriggerOperator { + return []TriggerOperator{Equal, GreaterThan, LessThan, NotEqual} +} + +// AADDataConnector represents AAD (Azure Active Directory) data connector. +type AADDataConnector struct { + // AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties. + *AADDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for AADDataConnector. +func (adc AADDataConnector) MarshalJSON() ([]byte, error) { + adc.Kind = KindAzureActiveDirectory + objectMap := make(map[string]interface{}) + if adc.AADDataConnectorProperties != nil { + objectMap["properties"] = adc.AADDataConnectorProperties + } + if adc.Etag != nil { + objectMap["etag"] = adc.Etag + } + if adc.Kind != "" { + objectMap["kind"] = adc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return &adc, true +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &adc, true +} + +// UnmarshalJSON is the custom unmarshaler for AADDataConnector struct. +func (adc *AADDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var aADDataConnectorProperties AADDataConnectorProperties + err = json.Unmarshal(*v, &aADDataConnectorProperties) + if err != nil { + return err + } + adc.AADDataConnectorProperties = &aADDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + adc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + adc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + adc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + adc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + adc.Kind = kind + } + } + } + + return nil +} + +// AADDataConnectorProperties AAD (Azure Active Directory) data connector properties. +type AADDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector. +type AATPDataConnector struct { + // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties. + *AATPDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for AATPDataConnector. +func (adc AATPDataConnector) MarshalJSON() ([]byte, error) { + adc.Kind = KindAzureAdvancedThreatProtection + objectMap := make(map[string]interface{}) + if adc.AATPDataConnectorProperties != nil { + objectMap["properties"] = adc.AATPDataConnectorProperties + } + if adc.Etag != nil { + objectMap["etag"] = adc.Etag + } + if adc.Kind != "" { + objectMap["kind"] = adc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return &adc, true +} + +// AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &adc, true +} + +// UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct. +func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var aATPDataConnectorProperties AATPDataConnectorProperties + err = json.Unmarshal(*v, &aATPDataConnectorProperties) + if err != nil { + return err + } + adc.AATPDataConnectorProperties = &aATPDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + adc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + adc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + adc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + adc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + adc.Kind = kind + } + } + } + + return nil +} + +// AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties. +type AATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// ActionPropertiesBase action property bag base. +type ActionPropertiesBase struct { + // LogicAppResourceID - Logic App Resource Id, providers/Microsoft.Logic/workflows/{WorkflowID}. + LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` +} + +// ActionRequest action for alert rule. +type ActionRequest struct { + // ActionRequestProperties - Action properties for put request + *ActionRequestProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for ActionRequest. +func (ar ActionRequest) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ar.ActionRequestProperties != nil { + objectMap["properties"] = ar.ActionRequestProperties + } + if ar.Etag != nil { + objectMap["etag"] = ar.Etag + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for ActionRequest struct. +func (ar *ActionRequest) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var actionRequestProperties ActionRequestProperties + err = json.Unmarshal(*v, &actionRequestProperties) + if err != nil { + return err + } + ar.ActionRequestProperties = &actionRequestProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ar.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ar.Etag = &etag + } + } + } + + return nil +} + +// ActionRequestProperties action property bag. +type ActionRequestProperties struct { + // TriggerURI - Logic App Callback URL for this specific workflow. + TriggerURI *string `json:"triggerUri,omitempty"` + // LogicAppResourceID - Logic App Resource Id, providers/Microsoft.Logic/workflows/{WorkflowID}. + LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` +} + +// ActionResponse action for alert rule. +type ActionResponse struct { + autorest.Response `json:"-"` + // Etag - Etag of the action. + Etag *string `json:"etag,omitempty"` + // ActionResponseProperties - Action properties for get request + *ActionResponseProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for ActionResponse. +func (ar ActionResponse) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ar.Etag != nil { + objectMap["etag"] = ar.Etag + } + if ar.ActionResponseProperties != nil { + objectMap["properties"] = ar.ActionResponseProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for ActionResponse struct. +func (ar *ActionResponse) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ar.Etag = &etag + } + case "properties": + if v != nil { + var actionResponseProperties ActionResponseProperties + err = json.Unmarshal(*v, &actionResponseProperties) + if err != nil { + return err + } + ar.ActionResponseProperties = &actionResponseProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ar.Type = &typeVar + } + } + } + + return nil +} + +// ActionResponseProperties action property bag. +type ActionResponseProperties struct { + // WorkflowID - The name of the logic app's workflow. + WorkflowID *string `json:"workflowId,omitempty"` + // LogicAppResourceID - Logic App Resource Id, providers/Microsoft.Logic/workflows/{WorkflowID}. + LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` +} + +// ActionsList list all the actions. +type ActionsList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of actions. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of actions. + Value *[]ActionResponse `json:"value,omitempty"` +} + +// ActionsListIterator provides access to a complete listing of ActionResponse values. +type ActionsListIterator struct { + i int + page ActionsListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *ActionsListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter ActionsListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter ActionsListIterator) Response() ActionsList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter ActionsListIterator) Value() ActionResponse { + if !iter.page.NotDone() { + return ActionResponse{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the ActionsListIterator type. +func NewActionsListIterator(page ActionsListPage) ActionsListIterator { + return ActionsListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (al ActionsList) IsEmpty() bool { + return al.Value == nil || len(*al.Value) == 0 +} + +// actionsListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (al ActionsList) actionsListPreparer(ctx context.Context) (*http.Request, error) { + if al.NextLink == nil || len(to.String(al.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(al.NextLink))) +} + +// ActionsListPage contains a page of ActionResponse values. +type ActionsListPage struct { + fn func(context.Context, ActionsList) (ActionsList, error) + al ActionsList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.al) + if err != nil { + return err + } + page.al = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *ActionsListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page ActionsListPage) NotDone() bool { + return !page.al.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page ActionsListPage) Response() ActionsList { + return page.al +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page ActionsListPage) Values() []ActionResponse { + if page.al.IsEmpty() { + return nil + } + return *page.al.Value +} + +// Creates a new instance of the ActionsListPage type. +func NewActionsListPage(getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage { + return ActionsListPage{fn: getNextPage} +} + +// BasicAlertRule alert rule. +type BasicAlertRule interface { + AsFusionAlertRule() (*FusionAlertRule, bool) + AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) + AsScheduledAlertRule() (*ScheduledAlertRule, bool) + AsAlertRule() (*AlertRule, bool) +} + +// AlertRule alert rule. +type AlertRule struct { + autorest.Response `json:"-"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` +} + +func unmarshalBasicAlertRule(body []byte) (BasicAlertRule, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindFusion): + var far FusionAlertRule + err := json.Unmarshal(body, &far) + return far, err + case string(KindMicrosoftSecurityIncidentCreation): + var msicar MicrosoftSecurityIncidentCreationAlertRule + err := json.Unmarshal(body, &msicar) + return msicar, err + case string(KindScheduled): + var sar ScheduledAlertRule + err := json.Unmarshal(body, &sar) + return sar, err + default: + var ar AlertRule + err := json.Unmarshal(body, &ar) + return ar, err + } +} +func unmarshalBasicAlertRuleArray(body []byte) ([]BasicAlertRule, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + arArray := make([]BasicAlertRule, len(rawMessages)) + + for index, rawMessage := range rawMessages { + ar, err := unmarshalBasicAlertRule(*rawMessage) + if err != nil { + return nil, err + } + arArray[index] = ar + } + return arArray, nil +} + +// MarshalJSON is the custom marshaler for AlertRule. +func (ar AlertRule) MarshalJSON() ([]byte, error) { + ar.Kind = KindAlertRule + objectMap := make(map[string]interface{}) + if ar.Etag != nil { + objectMap["etag"] = ar.Etag + } + if ar.Kind != "" { + objectMap["kind"] = ar.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return nil, false +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return nil, false +} + +// AsAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsAlertRule() (*AlertRule, bool) { + return &ar, true +} + +// AsBasicAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &ar, true +} + +// AlertRuleKind1 describes an Azure resource with kind. +type AlertRuleKind1 struct { + // Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion' + Kind AlertRuleKind `json:"kind,omitempty"` +} + +// AlertRuleModel ... +type AlertRuleModel struct { + autorest.Response `json:"-"` + Value BasicAlertRule `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for AlertRuleModel struct. +func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error { + ar, err := unmarshalBasicAlertRule(body) + if err != nil { + return err + } + arm.Value = ar + + return nil +} + +// AlertRulesList list all the alert rules. +type AlertRulesList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of alert rules. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of alert rules. + Value *[]BasicAlertRule `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for AlertRulesList struct. +func (arl *AlertRulesList) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "nextLink": + if v != nil { + var nextLink string + err = json.Unmarshal(*v, &nextLink) + if err != nil { + return err + } + arl.NextLink = &nextLink + } + case "value": + if v != nil { + value, err := unmarshalBasicAlertRuleArray(*v) + if err != nil { + return err + } + arl.Value = &value + } + } + } + + return nil +} + +// AlertRulesListIterator provides access to a complete listing of AlertRule values. +type AlertRulesListIterator struct { + i int + page AlertRulesListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *AlertRulesListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter AlertRulesListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter AlertRulesListIterator) Response() AlertRulesList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter AlertRulesListIterator) Value() BasicAlertRule { + if !iter.page.NotDone() { + return AlertRule{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the AlertRulesListIterator type. +func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator { + return AlertRulesListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (arl AlertRulesList) IsEmpty() bool { + return arl.Value == nil || len(*arl.Value) == 0 +} + +// alertRulesListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (arl AlertRulesList) alertRulesListPreparer(ctx context.Context) (*http.Request, error) { + if arl.NextLink == nil || len(to.String(arl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(arl.NextLink))) +} + +// AlertRulesListPage contains a page of BasicAlertRule values. +type AlertRulesListPage struct { + fn func(context.Context, AlertRulesList) (AlertRulesList, error) + arl AlertRulesList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.arl) + if err != nil { + return err + } + page.arl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *AlertRulesListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page AlertRulesListPage) NotDone() bool { + return !page.arl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page AlertRulesListPage) Response() AlertRulesList { + return page.arl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page AlertRulesListPage) Values() []BasicAlertRule { + if page.arl.IsEmpty() { + return nil + } + return *page.arl.Value +} + +// Creates a new instance of the AlertRulesListPage type. +func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage { + return AlertRulesListPage{fn: getNextPage} +} + +// BasicAlertRuleTemplate alert rule template. +type BasicAlertRuleTemplate interface { + AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) + AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) + AsAlertRuleTemplate() (*AlertRuleTemplate, bool) +} + +// AlertRuleTemplate alert rule template. +type AlertRuleTemplate struct { + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` +} + +func unmarshalBasicAlertRuleTemplate(body []byte) (BasicAlertRuleTemplate, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindBasicAlertRuleTemplateKindFusion): + var fart FusionAlertRuleTemplate + err := json.Unmarshal(body, &fart) + return fart, err + case string(KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation): + var msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate + err := json.Unmarshal(body, &msicart) + return msicart, err + case string(KindBasicAlertRuleTemplateKindScheduled): + var sart ScheduledAlertRuleTemplate + err := json.Unmarshal(body, &sart) + return sart, err + default: + var art AlertRuleTemplate + err := json.Unmarshal(body, &art) + return art, err + } +} +func unmarshalBasicAlertRuleTemplateArray(body []byte) ([]BasicAlertRuleTemplate, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + artArray := make([]BasicAlertRuleTemplate, len(rawMessages)) + + for index, rawMessage := range rawMessages { + art, err := unmarshalBasicAlertRuleTemplate(*rawMessage) + if err != nil { + return nil, err + } + artArray[index] = art + } + return artArray, nil +} + +// MarshalJSON is the custom marshaler for AlertRuleTemplate. +func (art AlertRuleTemplate) MarshalJSON() ([]byte, error) { + art.Kind = KindBasicAlertRuleTemplateKindAlertRuleTemplate + objectMap := make(map[string]interface{}) + if art.Kind != "" { + objectMap["kind"] = art.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { + return nil, false +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return &art, true +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &art, true +} + +// AlertRuleTemplateDataSource alert rule template data sources +type AlertRuleTemplateDataSource struct { + // ConnectorID - The connector id that provides the following data types + ConnectorID *string `json:"connectorId,omitempty"` + // DataTypes - The data types used by the alert rule template + DataTypes *[]string `json:"dataTypes,omitempty"` +} + +// AlertRuleTemplatePropertiesBase base alert rule template property bag. +type AlertRuleTemplatePropertiesBase struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` +} + +// AlertsDataTypeOfDataConnector alerts data type for data connectors. +type AlertsDataTypeOfDataConnector struct { + // Alerts - Alerts data type connection. + Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` +} + +// AlertsDataTypeOfDataConnectorAlerts alerts data type connection. +type AlertsDataTypeOfDataConnectorAlerts struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// ASCDataConnector represents ASC (Azure Security Center) data connector. +type ASCDataConnector struct { + // ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties. + *ASCDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ASCDataConnector. +func (adc ASCDataConnector) MarshalJSON() ([]byte, error) { + adc.Kind = KindAzureSecurityCenter + objectMap := make(map[string]interface{}) + if adc.ASCDataConnectorProperties != nil { + objectMap["properties"] = adc.ASCDataConnectorProperties + } + if adc.Etag != nil { + objectMap["etag"] = adc.Etag + } + if adc.Kind != "" { + objectMap["kind"] = adc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return &adc, true +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &adc, true +} + +// UnmarshalJSON is the custom unmarshaler for ASCDataConnector struct. +func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var aSCDataConnectorProperties ASCDataConnectorProperties + err = json.Unmarshal(*v, &aSCDataConnectorProperties) + if err != nil { + return err + } + adc.ASCDataConnectorProperties = &aSCDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + adc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + adc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + adc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + adc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + adc.Kind = kind + } + } + } + + return nil +} + +// ASCDataConnectorProperties ASC (Azure Security Center) data connector properties. +type ASCDataConnectorProperties struct { + // SubscriptionID - The subscription id to connect to, and get the data from. + SubscriptionID *string `json:"subscriptionId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector. +type AwsCloudTrailDataConnector struct { + // AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties. + *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { + actdc.Kind = KindAmazonWebServicesCloudTrail + objectMap := make(map[string]interface{}) + if actdc.AwsCloudTrailDataConnectorProperties != nil { + objectMap["properties"] = actdc.AwsCloudTrailDataConnectorProperties + } + if actdc.Etag != nil { + objectMap["etag"] = actdc.Etag + } + if actdc.Kind != "" { + objectMap["kind"] = actdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return &actdc, true +} + +// AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &actdc, true +} + +// UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct. +func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var awsCloudTrailDataConnectorProperties AwsCloudTrailDataConnectorProperties + err = json.Unmarshal(*v, &awsCloudTrailDataConnectorProperties) + if err != nil { + return err + } + actdc.AwsCloudTrailDataConnectorProperties = &awsCloudTrailDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + actdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + actdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + actdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + actdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + actdc.Kind = kind + } + } + } + + return nil +} + +// AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data +// connector. +type AwsCloudTrailDataConnectorDataTypes struct { + // Logs - Logs data type. + Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"` +} + +// AwsCloudTrailDataConnectorDataTypesLogs logs data type. +type AwsCloudTrailDataConnectorDataTypesLogs struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties. +type AwsCloudTrailDataConnectorProperties struct { + // AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. + AwsRoleArn *string `json:"awsRoleArn,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` +} + +// CloudError error response structure. +type CloudError struct { + // CloudErrorBody - Error data + *CloudErrorBody `json:"error,omitempty"` +} + +// MarshalJSON is the custom marshaler for CloudError. +func (ce CloudError) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ce.CloudErrorBody != nil { + objectMap["error"] = ce.CloudErrorBody + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for CloudError struct. +func (ce *CloudError) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "error": + if v != nil { + var cloudErrorBody CloudErrorBody + err = json.Unmarshal(*v, &cloudErrorBody) + if err != nil { + return err + } + ce.CloudErrorBody = &cloudErrorBody + } + } + } + + return nil +} + +// CloudErrorBody error details. +type CloudErrorBody struct { + // Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically. + Code *string `json:"code,omitempty"` + // Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface. + Message *string `json:"message,omitempty"` +} + +// BasicDataConnector data connector. +type BasicDataConnector interface { + AsAADDataConnector() (*AADDataConnector, bool) + AsAATPDataConnector() (*AATPDataConnector, bool) + AsASCDataConnector() (*ASCDataConnector, bool) + AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + AsMCASDataConnector() (*MCASDataConnector, bool) + AsMDATPDataConnector() (*MDATPDataConnector, bool) + AsOfficeDataConnector() (*OfficeDataConnector, bool) + AsTIDataConnector() (*TIDataConnector, bool) + AsDataConnector() (*DataConnector, bool) +} + +// DataConnector data connector. +type DataConnector struct { + autorest.Response `json:"-"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindAzureActiveDirectory): + var adc AADDataConnector + err := json.Unmarshal(body, &adc) + return adc, err + case string(KindAzureAdvancedThreatProtection): + var adc AATPDataConnector + err := json.Unmarshal(body, &adc) + return adc, err + case string(KindAzureSecurityCenter): + var adc ASCDataConnector + err := json.Unmarshal(body, &adc) + return adc, err + case string(KindAmazonWebServicesCloudTrail): + var actdc AwsCloudTrailDataConnector + err := json.Unmarshal(body, &actdc) + return actdc, err + case string(KindMicrosoftCloudAppSecurity): + var mdc MCASDataConnector + err := json.Unmarshal(body, &mdc) + return mdc, err + case string(KindMicrosoftDefenderAdvancedThreatProtection): + var mdc MDATPDataConnector + err := json.Unmarshal(body, &mdc) + return mdc, err + case string(KindOffice365): + var odc OfficeDataConnector + err := json.Unmarshal(body, &odc) + return odc, err + case string(KindThreatIntelligence): + var tdc TIDataConnector + err := json.Unmarshal(body, &tdc) + return tdc, err + default: + var dc DataConnector + err := json.Unmarshal(body, &dc) + return dc, err + } +} +func unmarshalBasicDataConnectorArray(body []byte) ([]BasicDataConnector, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + dcArray := make([]BasicDataConnector, len(rawMessages)) + + for index, rawMessage := range rawMessages { + dc, err := unmarshalBasicDataConnector(*rawMessage) + if err != nil { + return nil, err + } + dcArray[index] = dc + } + return dcArray, nil +} + +// MarshalJSON is the custom marshaler for DataConnector. +func (dc DataConnector) MarshalJSON() ([]byte, error) { + dc.Kind = KindDataConnector + objectMap := make(map[string]interface{}) + if dc.Etag != nil { + objectMap["etag"] = dc.Etag + } + if dc.Kind != "" { + objectMap["kind"] = dc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsDataConnector() (*DataConnector, bool) { + return &dc, true +} + +// AsBasicDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &dc, true +} + +// DataConnectorDataTypeCommon common field for data type in data connectors. +type DataConnectorDataTypeCommon struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// DataConnectorKind1 describes an Azure resource with kind. +type DataConnectorKind1 struct { + // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' + Kind DataConnectorKind `json:"kind,omitempty"` +} + +// DataConnectorList list all the data connectors. +type DataConnectorList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of data connectors. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of data connectors. + Value *[]BasicDataConnector `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for DataConnectorList struct. +func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "nextLink": + if v != nil { + var nextLink string + err = json.Unmarshal(*v, &nextLink) + if err != nil { + return err + } + dcl.NextLink = &nextLink + } + case "value": + if v != nil { + value, err := unmarshalBasicDataConnectorArray(*v) + if err != nil { + return err + } + dcl.Value = &value + } + } + } + + return nil +} + +// DataConnectorListIterator provides access to a complete listing of DataConnector values. +type DataConnectorListIterator struct { + i int + page DataConnectorListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *DataConnectorListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter DataConnectorListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter DataConnectorListIterator) Response() DataConnectorList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter DataConnectorListIterator) Value() BasicDataConnector { + if !iter.page.NotDone() { + return DataConnector{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the DataConnectorListIterator type. +func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator { + return DataConnectorListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (dcl DataConnectorList) IsEmpty() bool { + return dcl.Value == nil || len(*dcl.Value) == 0 +} + +// dataConnectorListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (dcl DataConnectorList) dataConnectorListPreparer(ctx context.Context) (*http.Request, error) { + if dcl.NextLink == nil || len(to.String(dcl.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(dcl.NextLink))) +} + +// DataConnectorListPage contains a page of BasicDataConnector values. +type DataConnectorListPage struct { + fn func(context.Context, DataConnectorList) (DataConnectorList, error) + dcl DataConnectorList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.dcl) + if err != nil { + return err + } + page.dcl = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *DataConnectorListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page DataConnectorListPage) NotDone() bool { + return !page.dcl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page DataConnectorListPage) Response() DataConnectorList { + return page.dcl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page DataConnectorListPage) Values() []BasicDataConnector { + if page.dcl.IsEmpty() { + return nil + } + return *page.dcl.Value +} + +// Creates a new instance of the DataConnectorListPage type. +func NewDataConnectorListPage(getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage { + return DataConnectorListPage{fn: getNextPage} +} + +// DataConnectorModel ... +type DataConnectorModel struct { + autorest.Response `json:"-"` + Value BasicDataConnector `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for DataConnectorModel struct. +func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error { + dc, err := unmarshalBasicDataConnector(body) + if err != nil { + return err + } + dcm.Value = dc + + return nil +} + +// DataConnectorTenantID properties data connector on tenant level. +type DataConnectorTenantID struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// DataConnectorWithAlertsProperties data connector properties. +type DataConnectorWithAlertsProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// FusionAlertRule represents Fusion alert rule. +type FusionAlertRule struct { + // FusionAlertRuleProperties - Fusion alert rule properties + *FusionAlertRuleProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for FusionAlertRule. +func (far FusionAlertRule) MarshalJSON() ([]byte, error) { + far.Kind = KindFusion + objectMap := make(map[string]interface{}) + if far.FusionAlertRuleProperties != nil { + objectMap["properties"] = far.FusionAlertRuleProperties + } + if far.Etag != nil { + objectMap["etag"] = far.Etag + } + if far.Kind != "" { + objectMap["kind"] = far.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return &far, true +} + +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return nil, false +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return nil, false +} + +// AsAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool) { + return nil, false +} + +// AsBasicAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &far, true +} + +// UnmarshalJSON is the custom unmarshaler for FusionAlertRule struct. +func (far *FusionAlertRule) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var fusionAlertRuleProperties FusionAlertRuleProperties + err = json.Unmarshal(*v, &fusionAlertRuleProperties) + if err != nil { + return err + } + far.FusionAlertRuleProperties = &fusionAlertRuleProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + far.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + far.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + far.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + far.Etag = &etag + } + case "kind": + if v != nil { + var kind Kind + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + far.Kind = kind + } + } + } + + return nil +} + +// FusionAlertRuleProperties fusion alert rule base property bag. +type FusionAlertRuleProperties struct { + // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + // Description - READ-ONLY; The description of the alert rule. + Description *string `json:"description,omitempty"` + // DisplayName - READ-ONLY; The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` + // Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Tactics - READ-ONLY; The tactics of the alert rule + Tactics *[]AttackTactic `json:"tactics,omitempty"` +} + +// FusionAlertRuleTemplate represents Fusion alert rule template. +type FusionAlertRuleTemplate struct { + // FusionAlertRuleTemplateProperties - Fusion alert rule template properties + *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { + fart.Kind = KindBasicAlertRuleTemplateKindFusion + objectMap := make(map[string]interface{}) + if fart.FusionAlertRuleTemplateProperties != nil { + objectMap["properties"] = fart.FusionAlertRuleTemplateProperties + } + if fart.Kind != "" { + objectMap["kind"] = fart.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return &fart, true +} + +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { + return nil, false +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &fart, true +} + +// UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct. +func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var fusionAlertRuleTemplateProperties FusionAlertRuleTemplateProperties + err = json.Unmarshal(*v, &fusionAlertRuleTemplateProperties) + if err != nil { + return err + } + fart.FusionAlertRuleTemplateProperties = &fusionAlertRuleTemplateProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + fart.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + fart.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + fart.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + fart.Kind = kind + } + } + } + + return nil +} + +// FusionAlertRuleTemplateProperties fusion alert rule template properties +type FusionAlertRuleTemplateProperties struct { + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` +} + +// IncidentInfo describes related incident information for the bookmark +type IncidentInfo struct { + // IncidentID - Incident Id + IncidentID *string `json:"incidentId,omitempty"` + // Severity - The severity of the incident. Possible values include: 'IncidentSeverityCritical', 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational' + Severity IncidentSeverity `json:"severity,omitempty"` + // Title - The title of the incident + Title *string `json:"title,omitempty"` + // RelationName - Relation Name + RelationName *string `json:"relationName,omitempty"` +} + +// MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. +type MCASDataConnector struct { + // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. + *MCASDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for MCASDataConnector. +func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftCloudAppSecurity + objectMap := make(map[string]interface{}) + if mdc.MCASDataConnectorProperties != nil { + objectMap["properties"] = mdc.MCASDataConnectorProperties + } + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag + } + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return &mdc, true +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true +} + +// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. +func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var mCASDataConnectorProperties MCASDataConnectorProperties + err = json.Unmarshal(*v, &mCASDataConnectorProperties) + if err != nil { + return err + } + mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + mdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + mdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + mdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind + } + } + } + + return nil +} + +// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data +// connector. +type MCASDataConnectorDataTypes struct { + // DiscoveryLogs - Discovery log data type connection. + DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` + // Alerts - Alerts data type connection. + Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` +} + +// MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection. +type MCASDataConnectorDataTypesDiscoveryLogs struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. +type MCASDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. +type MDATPDataConnector struct { + // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + *MDATPDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for MDATPDataConnector. +func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftDefenderAdvancedThreatProtection + objectMap := make(map[string]interface{}) + if mdc.MDATPDataConnectorProperties != nil { + objectMap["properties"] = mdc.MDATPDataConnectorProperties + } + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag + } + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return &mdc, true +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true +} + +// UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct. +func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var mDATPDataConnectorProperties MDATPDataConnectorProperties + err = json.Unmarshal(*v, &mDATPDataConnectorProperties) + if err != nil { + return err + } + mdc.MDATPDataConnectorProperties = &mDATPDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + mdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + mdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + mdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind + } + } + } + + return nil +} + +// MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector +// properties. +type MDATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// MicrosoftSecurityIncidentCreationAlertRule represents MicrosoftSecurityIncidentCreation rule. +type MicrosoftSecurityIncidentCreationAlertRule struct { + // MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule properties + *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) { + msicar.Kind = KindMicrosoftSecurityIncidentCreation + objectMap := make(map[string]interface{}) + if msicar.MicrosoftSecurityIncidentCreationAlertRuleProperties != nil { + objectMap["properties"] = msicar.MicrosoftSecurityIncidentCreationAlertRuleProperties + } + if msicar.Etag != nil { + objectMap["etag"] = msicar.Etag + } + if msicar.Kind != "" { + objectMap["kind"] = msicar.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return &msicar, true +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return nil, false +} + +// AsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool) { + return nil, false +} + +// AsBasicAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &msicar, true +} + +// UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRule struct. +func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var microsoftSecurityIncidentCreationAlertRuleProperties MicrosoftSecurityIncidentCreationAlertRuleProperties + err = json.Unmarshal(*v, µsoftSecurityIncidentCreationAlertRuleProperties) + if err != nil { + return err + } + msicar.MicrosoftSecurityIncidentCreationAlertRuleProperties = µsoftSecurityIncidentCreationAlertRuleProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + msicar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + msicar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + msicar.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + msicar.Etag = &etag + } + case "kind": + if v != nil { + var kind Kind + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + msicar.Kind = kind + } + } + } + + return nil +} + +// MicrosoftSecurityIncidentCreationAlertRuleCommonProperties microsoftSecurityIncidentCreation rule common +// property bag. +type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct { + // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated + DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` + // SeveritiesFilter - the alerts' severities on which the cases will be generated + SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` +} + +// MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property +// bag. +type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { + // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + // Description - The description of the alert rule. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` + // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated + DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` + // SeveritiesFilter - the alerts' severities on which the cases will be generated + SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` +} + +// MicrosoftSecurityIncidentCreationAlertRuleTemplate represents MicrosoftSecurityIncidentCreation rule +// template. +type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct { + // MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties + *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error) { + msicart.Kind = KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation + objectMap := make(map[string]interface{}) + if msicart.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties != nil { + objectMap["properties"] = msicart.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties + } + if msicart.Kind != "" { + objectMap["kind"] = msicart.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { + return &msicart, true +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &msicart, true +} + +// UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate struct. +func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var microsoftSecurityIncidentCreationAlertRuleTemplateProperties MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties + err = json.Unmarshal(*v, µsoftSecurityIncidentCreationAlertRuleTemplateProperties) + if err != nil { + return err + } + msicart.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = µsoftSecurityIncidentCreationAlertRuleTemplateProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + msicart.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + msicart.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + msicart.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + msicart.Kind = kind + } + } + } + + return nil +} + +// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule +// template properties +type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated + DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` + // SeveritiesFilter - the alerts' severities on which the cases will be generated + SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` +} + +// OfficeConsent consent for Office365 tenant that already made. +type OfficeConsent struct { + // OfficeConsentProperties - Office consent properties + *OfficeConsentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeConsent. +func (oc OfficeConsent) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if oc.OfficeConsentProperties != nil { + objectMap["properties"] = oc.OfficeConsentProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. +func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeConsentProperties OfficeConsentProperties + err = json.Unmarshal(*v, &officeConsentProperties) + if err != nil { + return err + } + oc.OfficeConsentProperties = &officeConsentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + oc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + oc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + oc.Type = &typeVar + } + } + } + + return nil +} + +// OfficeConsentList list of all the office365 consents. +type OfficeConsentList struct { + // NextLink - READ-ONLY; URL to fetch the next set of office consents. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of the consents. + Value *[]OfficeConsent `json:"value,omitempty"` +} + +// OfficeConsentProperties consent property bag. +type OfficeConsentProperties struct { + // TenantID - The tenantId of the Office365 with the consent. + TenantID *string `json:"tenantId,omitempty"` + // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. + TenantName *string `json:"tenantName,omitempty"` +} + +// OfficeDataConnector represents office data connector. +type OfficeDataConnector struct { + // OfficeDataConnectorProperties - Office data connector properties. + *OfficeDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeDataConnector. +func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { + odc.Kind = KindOffice365 + objectMap := make(map[string]interface{}) + if odc.OfficeDataConnectorProperties != nil { + objectMap["properties"] = odc.OfficeDataConnectorProperties + } + if odc.Etag != nil { + objectMap["etag"] = odc.Etag + } + if odc.Kind != "" { + objectMap["kind"] = odc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return &odc, true +} + +// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &odc, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct. +func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeDataConnectorProperties OfficeDataConnectorProperties + err = json.Unmarshal(*v, &officeDataConnectorProperties) + if err != nil { + return err + } + odc.OfficeDataConnectorProperties = &officeDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + odc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + odc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + odc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + odc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + odc.Kind = kind + } + } + } + + return nil +} + +// OfficeDataConnectorDataTypes the available data types for office data connector. +type OfficeDataConnectorDataTypes struct { + // Exchange - Exchange data type connection. + Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` + // SharePoint - SharePoint data type connection. + SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` +} + +// OfficeDataConnectorDataTypesExchange exchange data type connection. +type OfficeDataConnectorDataTypesExchange struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorDataTypesSharePoint sharePoint data type connection. +type OfficeDataConnectorDataTypesSharePoint struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorProperties office data connector properties. +type OfficeDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// Operation operation provided by provider +type Operation struct { + // Display - Properties of the operation + Display *OperationDisplay `json:"display,omitempty"` + // Name - Name of the operation + Name *string `json:"name,omitempty"` +} + +// OperationDisplay properties of the operation +type OperationDisplay struct { + // Description - Description of the operation + Description *string `json:"description,omitempty"` + // Operation - Operation name + Operation *string `json:"operation,omitempty"` + // Provider - Provider name + Provider *string `json:"provider,omitempty"` + // Resource - Resource name + Resource *string `json:"resource,omitempty"` +} + +// OperationsList lists the operations available in the SecurityInsights RP. +type OperationsList struct { + autorest.Response `json:"-"` + // NextLink - URL to fetch the next set of operations. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of operations + Value *[]Operation `json:"value,omitempty"` +} + +// OperationsListIterator provides access to a complete listing of Operation values. +type OperationsListIterator struct { + i int + page OperationsListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *OperationsListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter OperationsListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter OperationsListIterator) Response() OperationsList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter OperationsListIterator) Value() Operation { + if !iter.page.NotDone() { + return Operation{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the OperationsListIterator type. +func NewOperationsListIterator(page OperationsListPage) OperationsListIterator { + return OperationsListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (ol OperationsList) IsEmpty() bool { + return ol.Value == nil || len(*ol.Value) == 0 +} + +// operationsListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ol OperationsList) operationsListPreparer(ctx context.Context) (*http.Request, error) { + if ol.NextLink == nil || len(to.String(ol.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ol.NextLink))) +} + +// OperationsListPage contains a page of Operation values. +type OperationsListPage struct { + fn func(context.Context, OperationsList) (OperationsList, error) + ol OperationsList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.ol) + if err != nil { + return err + } + page.ol = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *OperationsListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page OperationsListPage) NotDone() bool { + return !page.ol.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page OperationsListPage) Response() OperationsList { + return page.ol +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page OperationsListPage) Values() []Operation { + if page.ol.IsEmpty() { + return nil + } + return *page.ol.Value +} + +// Creates a new instance of the OperationsListPage type. +func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { + return OperationsListPage{fn: getNextPage} +} + +// Resource an azure resource object +type Resource struct { + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// ResourceWithEtag an azure resource object with an Etag property +type ResourceWithEtag struct { + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// ScheduledAlertRule represents scheduled alert rule. +type ScheduledAlertRule struct { + // ScheduledAlertRuleProperties - Scheduled alert rule properties + *ScheduledAlertRuleProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRule. +func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { + sar.Kind = KindScheduled + objectMap := make(map[string]interface{}) + if sar.ScheduledAlertRuleProperties != nil { + objectMap["properties"] = sar.ScheduledAlertRuleProperties + } + if sar.Etag != nil { + objectMap["etag"] = sar.Etag + } + if sar.Kind != "" { + objectMap["kind"] = sar.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return nil, false +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return &sar, true +} + +// AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) { + return nil, false +} + +// AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &sar, true +} + +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct. +func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var scheduledAlertRuleProperties ScheduledAlertRuleProperties + err = json.Unmarshal(*v, &scheduledAlertRuleProperties) + if err != nil { + return err + } + sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sar.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + sar.Etag = &etag + } + case "kind": + if v != nil { + var kind Kind + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + sar.Kind = kind + } + } + } + + return nil +} + +// ScheduledAlertRuleCommonProperties schedule alert rule template property bag. +type ScheduledAlertRuleCommonProperties struct { + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` +} + +// ScheduledAlertRuleProperties scheduled alert rule base property bag. +type ScheduledAlertRuleProperties struct { + // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + // Description - The description of the alert rule. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified. + LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` + // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. + SuppressionDuration *string `json:"suppressionDuration,omitempty"` + // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. + SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` + // Tactics - The tactics of the alert rule + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` +} + +// ScheduledAlertRuleTemplate represents scheduled alert rule template. +type ScheduledAlertRuleTemplate struct { + // ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties + *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { + sart.Kind = KindBasicAlertRuleTemplateKindScheduled + objectMap := make(map[string]interface{}) + if sart.ScheduledAlertRuleTemplateProperties != nil { + objectMap["properties"] = sart.ScheduledAlertRuleTemplateProperties + } + if sart.Kind != "" { + objectMap["kind"] = sart.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { + return nil, false +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return &sart, true +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &sart, true +} + +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct. +func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var scheduledAlertRuleTemplateProperties ScheduledAlertRuleTemplateProperties + err = json.Unmarshal(*v, &scheduledAlertRuleTemplateProperties) + if err != nil { + return err + } + sart.ScheduledAlertRuleTemplateProperties = &scheduledAlertRuleTemplateProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sart.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sart.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sart.Type = &typeVar + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + sart.Kind = kind + } + } + } + + return nil +} + +// ScheduledAlertRuleTemplateProperties scheduled alert rule template properties +type ScheduledAlertRuleTemplateProperties struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` +} + +// BasicSettings the Setting. +type BasicSettings interface { + AsToggleSettings() (*ToggleSettings, bool) + AsUebaSettings() (*UebaSettings, bool) + AsSettings() (*Settings, bool) +} + +// Settings the Setting. +type Settings struct { + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' + Kind KindBasicSettings `json:"kind,omitempty"` +} + +func unmarshalBasicSettings(body []byte) (BasicSettings, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindToggleSettings): + var ts ToggleSettings + err := json.Unmarshal(body, &ts) + return ts, err + case string(KindUebaSettings): + var us UebaSettings + err := json.Unmarshal(body, &us) + return us, err + default: + var s Settings + err := json.Unmarshal(body, &s) + return s, err + } +} +func unmarshalBasicSettingsArray(body []byte) ([]BasicSettings, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + sArray := make([]BasicSettings, len(rawMessages)) + + for index, rawMessage := range rawMessages { + s, err := unmarshalBasicSettings(*rawMessage) + if err != nil { + return nil, err + } + sArray[index] = s + } + return sArray, nil +} + +// MarshalJSON is the custom marshaler for Settings. +func (s Settings) MarshalJSON() ([]byte, error) { + s.Kind = KindSettings + objectMap := make(map[string]interface{}) + if s.Etag != nil { + objectMap["etag"] = s.Etag + } + if s.Kind != "" { + objectMap["kind"] = s.Kind + } + return json.Marshal(objectMap) +} + +// AsToggleSettings is the BasicSettings implementation for Settings. +func (s Settings) AsToggleSettings() (*ToggleSettings, bool) { + return nil, false +} + +// AsUebaSettings is the BasicSettings implementation for Settings. +func (s Settings) AsUebaSettings() (*UebaSettings, bool) { + return nil, false +} + +// AsSettings is the BasicSettings implementation for Settings. +func (s Settings) AsSettings() (*Settings, bool) { + return &s, true +} + +// AsBasicSettings is the BasicSettings implementation for Settings. +func (s Settings) AsBasicSettings() (BasicSettings, bool) { + return &s, true +} + +// SettingsKind describes an Azure resource with kind. +type SettingsKind struct { + // Kind - The kind of the setting. Possible values include: 'SettingKindUebaSettings', 'SettingKindToggleSettings' + Kind SettingKind `json:"kind,omitempty"` +} + +// ThreatIntelligence threatIntelligence property bag. +type ThreatIntelligence struct { + // Confidence - READ-ONLY; Confidence (must be between 0 and 1) + Confidence *float64 `json:"confidence,omitempty"` + // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received + ProviderName *string `json:"providerName,omitempty"` + // ReportLink - READ-ONLY; Report link + ReportLink *string `json:"reportLink,omitempty"` + // ThreatDescription - READ-ONLY; Threat description (free text) + ThreatDescription *string `json:"threatDescription,omitempty"` + // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") + ThreatName *string `json:"threatName,omitempty"` + // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") + ThreatType *string `json:"threatType,omitempty"` +} + +// TIDataConnector represents threat intelligence data connector. +type TIDataConnector struct { + // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. + *TIDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for TIDataConnector. +func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { + tdc.Kind = KindThreatIntelligence + objectMap := make(map[string]interface{}) + if tdc.TIDataConnectorProperties != nil { + objectMap["properties"] = tdc.TIDataConnectorProperties + } + if tdc.Etag != nil { + objectMap["etag"] = tdc.Etag + } + if tdc.Kind != "" { + objectMap["kind"] = tdc.Kind + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return &tdc, true +} + +// AsDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &tdc, true +} + +// UnmarshalJSON is the custom unmarshaler for TIDataConnector struct. +func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var tIDataConnectorProperties TIDataConnectorProperties + err = json.Unmarshal(*v, &tIDataConnectorProperties) + if err != nil { + return err + } + tdc.TIDataConnectorProperties = &tIDataConnectorProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + tdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + tdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + tdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + tdc.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + tdc.Kind = kind + } + } + } + + return nil +} + +// TIDataConnectorDataTypes the available data types for TI (Threat Intelligence) data connector. +type TIDataConnectorDataTypes struct { + // Indicators - Data type for indicators connection. + Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` +} + +// TIDataConnectorDataTypesIndicators data type for indicators connection. +type TIDataConnectorDataTypesIndicators struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// TIDataConnectorProperties TI (Threat Intelligence) data connector properties. +type TIDataConnectorProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// ToggleSettings settings with single toggle. +type ToggleSettings struct { + // ToggleSettingsProperties - toggle properties + *ToggleSettingsProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' + Kind KindBasicSettings `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for ToggleSettings. +func (ts ToggleSettings) MarshalJSON() ([]byte, error) { + ts.Kind = KindToggleSettings + objectMap := make(map[string]interface{}) + if ts.ToggleSettingsProperties != nil { + objectMap["properties"] = ts.ToggleSettingsProperties + } + if ts.Etag != nil { + objectMap["etag"] = ts.Etag + } + if ts.Kind != "" { + objectMap["kind"] = ts.Kind + } + return json.Marshal(objectMap) +} + +// AsToggleSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsToggleSettings() (*ToggleSettings, bool) { + return &ts, true +} + +// AsUebaSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool) { + return nil, false +} + +// AsSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsSettings() (*Settings, bool) { + return nil, false +} + +// AsBasicSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsBasicSettings() (BasicSettings, bool) { + return &ts, true +} + +// UnmarshalJSON is the custom unmarshaler for ToggleSettings struct. +func (ts *ToggleSettings) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var toggleSettingsProperties ToggleSettingsProperties + err = json.Unmarshal(*v, &toggleSettingsProperties) + if err != nil { + return err + } + ts.ToggleSettingsProperties = &toggleSettingsProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ts.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ts.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ts.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ts.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicSettings + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ts.Kind = kind + } + } + } + + return nil +} + +// ToggleSettingsProperties toggle property bag. +type ToggleSettingsProperties struct { + // IsEnabled - Determines whether the setting is enable or disabled. + IsEnabled *bool `json:"isEnabled,omitempty"` +} + +// UebaSettings represents settings for User and Entity Behavior Analytics enablement. +type UebaSettings struct { + // UebaSettingsProperties - User and Entity Behavior Analytics settings properties + *UebaSettingsProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' + Kind KindBasicSettings `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for UebaSettings. +func (us UebaSettings) MarshalJSON() ([]byte, error) { + us.Kind = KindUebaSettings + objectMap := make(map[string]interface{}) + if us.UebaSettingsProperties != nil { + objectMap["properties"] = us.UebaSettingsProperties + } + if us.Etag != nil { + objectMap["etag"] = us.Etag + } + if us.Kind != "" { + objectMap["kind"] = us.Kind + } + return json.Marshal(objectMap) +} + +// AsToggleSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsToggleSettings() (*ToggleSettings, bool) { + return nil, false +} + +// AsUebaSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool) { + return &us, true +} + +// AsSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsSettings() (*Settings, bool) { + return nil, false +} + +// AsBasicSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsBasicSettings() (BasicSettings, bool) { + return &us, true +} + +// UnmarshalJSON is the custom unmarshaler for UebaSettings struct. +func (us *UebaSettings) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var uebaSettingsProperties UebaSettingsProperties + err = json.Unmarshal(*v, &uebaSettingsProperties) + if err != nil { + return err + } + us.UebaSettingsProperties = &uebaSettingsProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + us.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + us.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + us.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + us.Etag = &etag + } + case "kind": + if v != nil { + var kind KindBasicSettings + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + us.Kind = kind + } + } + } + + return nil +} + +// UebaSettingsProperties user and Entity Behavior Analytics settings property bag. +type UebaSettingsProperties struct { + // AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled' + AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` + // IsEnabled - Determines whether User and Entity Behavior Analytics is enabled for this workspace. + IsEnabled *bool `json:"isEnabled,omitempty"` + // StatusInMcas - READ-ONLY; Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: 'StatusInMcasEnabled', 'StatusInMcasDisabled' + StatusInMcas StatusInMcas `json:"statusInMcas,omitempty"` +} + +// UserInfo user information that made some action +type UserInfo struct { + // Email - READ-ONLY; The email of the user. + Email *string `json:"email,omitempty"` + // Name - READ-ONLY; The name of the user. + Name *string `json:"name,omitempty"` + // ObjectID - The object id of the user. + ObjectID *uuid.UUID `json:"objectId,omitempty"` +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/operations.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/operations.go new file mode 100644 index 000000000000..39c94464e8ae --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/operations.go @@ -0,0 +1,147 @@ +package securityinsight + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// OperationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type OperationsClient struct { + BaseClient +} + +// NewOperationsClient creates an instance of the OperationsClient client. +func NewOperationsClient(subscriptionID string) OperationsClient { + return NewOperationsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewOperationsClientWithBaseURI creates an instance of the OperationsClient client using a custom endpoint. Use this +// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient { + return OperationsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// List lists all operations available Azure Security Insights Resource Provider. +func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsClient.List") + defer func() { + sc := -1 + if result.ol.Response.Response != nil { + sc = result.ol.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.ol.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "List", resp, "Failure sending request") + return + } + + result.ol, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error) { + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPath("/providers/Microsoft.SecurityInsights/operations"), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client OperationsClient) listNextResults(ctx context.Context, lastResults OperationsList) (result OperationsList, err error) { + req, err := lastResults.operationsListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx) + return +} diff --git a/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/version.go b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/version.go new file mode 100644 index 000000000000..3fb54aeb4f55 --- /dev/null +++ b/vendor/github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight/version.go @@ -0,0 +1,30 @@ +package securityinsight + +import "github.com/Azure/azure-sdk-for-go/version" + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +// UserAgent returns the UserAgent string to use when sending http.Requests. +func UserAgent() string { + return "Azure-SDK-For-Go/" + version.Number + " securityinsight/2020-01-01" +} + +// Version returns the semantic version (see http://semver.org) of the client. +func Version() string { + return version.Number +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 265b3242490b..8fddb0360520 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -68,6 +68,7 @@ github.com/Azure/azure-sdk-for-go/services/preview/operationsmanagement/mgmt/201 github.com/Azure/azure-sdk-for-go/services/preview/portal/mgmt/2019-01-01-preview/portal github.com/Azure/azure-sdk-for-go/services/preview/resources/mgmt/2018-03-01-preview/managementgroups github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v1.0/security +github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2017-08-01-preview/securityinsight github.com/Azure/azure-sdk-for-go/services/preview/servicebus/mgmt/2018-01-01-preview/servicebus github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/v3.0/sql diff --git a/website/allowed-subcategories b/website/allowed-subcategories index 5397d0296508..372d9ef0d5c4 100644 --- a/website/allowed-subcategories +++ b/website/allowed-subcategories @@ -51,6 +51,7 @@ Recovery Services Redis Search Security Center +Sentinel Service Fabric Spring Cloud Storage diff --git a/website/azurerm.erb b/website/azurerm.erb index 2bd263ca1e84..c4102eaac357 100644 --- a/website/azurerm.erb +++ b/website/azurerm.erb @@ -482,6 +482,10 @@ azurerm_route_table +
  • + azurerm_sentinel_alert_rule +
    • +
  • azurerm_servicebus_namespace
    • @@ -2239,6 +2243,15 @@ +
  • + Sentinel Resources + +
    • +
  • Service Fabric Resources
      diff --git a/website/docs/d/sentinel_alert_rule.html.markdown b/website/docs/d/sentinel_alert_rule.html.markdown new file mode 100644 index 000000000000..d30e19c743a0 --- /dev/null +++ b/website/docs/d/sentinel_alert_rule.html.markdown @@ -0,0 +1,53 @@ +--- +subcategory: "Sentinel" +layout: "azurerm" +page_title: "Azure Resource Manager: Data Source: azurerm_sentinel_alert" +description: |- + Gets information about an existing Sentinel Alert Rule. +--- + +# Data Source: azurerm_sentinel_alert_rule + +Use this data source to access information about an existing Sentinel Alert Rule. + +## Example Usage + +```hcl +provider "azurerm" { + features {} +} + +data "azurerm_log_analytics_workspace" "example" { + name = "example" + resource_group_name = "example-resources" +} + +data "azurerm_sentinel_alert_rule" "example" { + name = "existing" + log_analytics_workspace_id = data.azurerm_log_analytics_workspace.example.id +} + +output "id" { + value = data.azurerm_sentinel_alert_rule.example.id +} +``` + +## Arguments Reference + +The following arguments are supported: + +* `name` - (Required) The name which should be used for this Sentinel Alert Rule. + +* `log_analytics_workspace_id` - (Required) The ID of the Log Analytics Workspace this Sentinel Alert Rule belongs to. + +## Attributes Reference + +In addition to the Arguments listed above - the following Attributes are exported: + +* `id` - The ID of the Sentinel Alert Rule. + +## Timeouts + +The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: + +* `read` - (Defaults to 5 minutes) Used when retrieving the Sentinel Alert Rule. diff --git a/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown b/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown new file mode 100644 index 000000000000..a6727975d786 --- /dev/null +++ b/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown @@ -0,0 +1,86 @@ +--- +subcategory: "Sentinel" +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_sentinel_alert_rule_ms_security_incident" +description: |- + Manages a Sentinel MS Security Incident Alert Rule. +--- + +# azurerm_sentinel_alert_rule_ms_security_incident + +Manages a Sentinel MS Security Incident Alert Rule. + +## Example Usage + +```hcl +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} + +resource "azurerm_log_analytics_workspace" "example" { + name = "example-workspace" + location = azurerm_resource_group.example.location + resource_group_name = azurerm_resource_group.example.name + sku = "pergb2018" +} + +resource "azurerm_sentinel_alert_rule_ms_security_incident" "example" { + name = "example-ms-security-incident-alert-rule" + log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id + product_filter = "Microsoft Cloud App Security" + display_name = "example rule" + severity_filter = ["High"] +} +``` + +## Arguments Reference + +The following arguments are supported: + +* `name` - (Required) The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created. + +* `log_analytics_workspace_id` - (Required) The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created. + +* `display_name` - (Required) The friendly name of this Sentinel MS Security Incident Alert Rule. + +* `product_filter` - (Required) The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT` and `Microsoft Cloud App Security`. + +* `severity_filter` - (Required) Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`. + +~> **NOTE** At least one of the severity filters need to be set. + +--- + +* `description` - (Optional) The description of this Sentinel MS Security Incident Alert Rule. + +* `enabled` - (Optional) Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`. + +* `text_whitelist` - (Optional) Only create incidents from alerts when alert name contain text in this list. No filter will happen if this field is absent. + +## Attributes Reference + +In addition to the Arguments listed above - the following Attributes are exported: + +* `id` - The ID of the Sentinel MS Security Incident Alert Rule. + +## Timeouts + +The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: + +* `create` - (Defaults to 30 minutes) Used when creating the Sentinel MS Security Incident Alert Rule. +* `read` - (Defaults to 5 minutes) Used when retrieving the Sentinel MS Security Incident Alert Rule. +* `update` - (Defaults to 30 minutes) Used when updating the Sentinel MS Security Incident Alert Rule. +* `delete` - (Defaults to 30 minutes) Used when deleting the Sentinel MS Security Incident Alert Rule. + +## Import + +Sentinel MS Security Incident Alert Rules can be imported using the `resource id`, e.g. + +```shell +terraform import azurerm_sentinel_alert_rule_ms_security_incident.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1 +```