From d9b5a8177f2c34db047c3824fbb52ca8d2207ba9 Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Sun, 15 Nov 2020 01:34:50 +0000 Subject: [PATCH] CodeGen from PR 11629 in Azure/azure-rest-api-specs update (#11629) --- src/securityinsight/HISTORY.rst | 8 + src/securityinsight/README.md | 184 + .../azext_sentinel/__init__.py | 50 + src/securityinsight/azext_sentinel/action.py | 17 + .../azext_sentinel/azext_metadata.json | 4 + src/securityinsight/azext_sentinel/custom.py | 17 + .../azext_sentinel/generated/__init__.py | 12 + .../generated/_client_factory.py | 44 + .../azext_sentinel/generated/_help.py | 676 ++++ .../azext_sentinel/generated/_params.py | 293 ++ .../azext_sentinel/generated/_validators.py | 9 + .../azext_sentinel/generated/action.py | 427 +++ .../azext_sentinel/generated/commands.py | 100 + .../azext_sentinel/generated/custom.py | 433 +++ .../azext_sentinel/manual/__init__.py | 12 + .../azext_sentinel/tests/__init__.py | 114 + .../azext_sentinel/tests/latest/__init__.py | 12 + .../tests/latest/test_sentinel_scenario.py | 486 +++ .../azext_sentinel/vendored_sdks/__init__.py | 12 + .../vendored_sdks/securityinsight/__init__.py | 16 + .../securityinsight/_configuration.py | 70 + .../securityinsight/_security_insights.py | 103 + .../securityinsight/aio/__init__.py | 10 + .../securityinsight/aio/_configuration.py | 66 + .../securityinsight/aio/_security_insights.py | 97 + .../aio/operations/__init__.py | 27 + .../aio/operations/_action_operations.py | 121 + .../aio/operations/_alert_rule_operations.py | 535 +++ .../_alert_rule_template_operations.py | 180 + .../aio/operations/_bookmark_operations.py | 345 ++ .../operations/_data_connector_operations.py | 315 ++ .../_incident_comment_operations.py | 287 ++ .../aio/operations/_incident_operations.py | 373 ++ .../aio/operations/_operation_operations.py | 104 + .../securityinsight/models/__init__.py | 245 ++ .../securityinsight/models/_models.py | 2922 +++++++++++++++ .../securityinsight/models/_models_py3.py | 3184 +++++++++++++++++ .../models/_security_insights_enums.py | 182 + .../securityinsight/operations/__init__.py | 27 + .../operations/_action_operations.py | 126 + .../operations/_alert_rule_operations.py | 546 +++ .../_alert_rule_template_operations.py | 186 + .../operations/_bookmark_operations.py | 353 ++ .../operations/_data_connector_operations.py | 323 ++ .../_incident_comment_operations.py | 294 ++ .../operations/_incident_operations.py | 381 ++ .../operations/_operation_operations.py | 109 + .../vendored_sdks/securityinsight/py.typed | 1 + src/securityinsight/report.md | 610 ++++ src/securityinsight/setup.cfg | 1 + src/securityinsight/setup.py | 58 + 51 files changed, 15107 insertions(+) create mode 100644 src/securityinsight/HISTORY.rst create mode 100644 src/securityinsight/README.md create mode 100644 src/securityinsight/azext_sentinel/__init__.py create mode 100644 src/securityinsight/azext_sentinel/action.py create mode 100644 src/securityinsight/azext_sentinel/azext_metadata.json create mode 100644 src/securityinsight/azext_sentinel/custom.py create mode 100644 src/securityinsight/azext_sentinel/generated/__init__.py create mode 100644 src/securityinsight/azext_sentinel/generated/_client_factory.py create mode 100644 src/securityinsight/azext_sentinel/generated/_help.py create mode 100644 src/securityinsight/azext_sentinel/generated/_params.py create mode 100644 src/securityinsight/azext_sentinel/generated/_validators.py create mode 100644 src/securityinsight/azext_sentinel/generated/action.py create mode 100644 src/securityinsight/azext_sentinel/generated/commands.py create mode 100644 src/securityinsight/azext_sentinel/generated/custom.py create mode 100644 src/securityinsight/azext_sentinel/manual/__init__.py create mode 100644 src/securityinsight/azext_sentinel/tests/__init__.py create mode 100644 src/securityinsight/azext_sentinel/tests/latest/__init__.py create mode 100644 src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/__init__.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/__init__.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_configuration.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/__init__.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_configuration.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py create mode 100644 src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/py.typed create mode 100644 src/securityinsight/report.md create mode 100644 src/securityinsight/setup.cfg create mode 100644 src/securityinsight/setup.py diff --git a/src/securityinsight/HISTORY.rst b/src/securityinsight/HISTORY.rst new file mode 100644 index 00000000000..1c139576ba0 --- /dev/null +++ b/src/securityinsight/HISTORY.rst @@ -0,0 +1,8 @@ +.. :changelog: + +Release History +=============== + +0.1.0 +++++++ +* Initial release. diff --git a/src/securityinsight/README.md b/src/securityinsight/README.md new file mode 100644 index 00000000000..90913a91f07 --- /dev/null +++ b/src/securityinsight/README.md @@ -0,0 +1,184 @@ +# Azure CLI sentinel Extension # +This is the extension for sentinel + +### How to use ### +Install this extension using the below CLI command +``` +az extension add --name sentinel +``` + +### Included Features ### +#### sentinel alert-rule #### +##### Create ##### +``` +az sentinel alert-rule create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ + --logic-app-resource-id "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" \ + --trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" \ + --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \ + --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel alert-rule show --resource-group "myRg" --rule-id "myFirstFusionRule" --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel alert-rule show --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" \ + --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel alert-rule show --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ + --workspace-name "myWorkspace" +``` +##### List ##### +``` +az sentinel alert-rule list --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Get-action ##### +``` +az sentinel alert-rule get-action --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \ + --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +``` +##### Delete ##### +``` +az sentinel alert-rule delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \ + --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +``` +#### sentinel action #### +##### List ##### +``` +az sentinel action list --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ + --workspace-name "myWorkspace" +``` +#### sentinel alert-rule-template #### +##### List ##### +``` +az sentinel alert-rule-template list --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel alert-rule-template show --alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" \ + --resource-group "myRg" --workspace-name "myWorkspace" +``` +#### sentinel bookmark #### +##### Create ##### +``` +az sentinel bookmark create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --created "2019-01-01T13:15:30Z" \ + --display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious activity" \ + --query "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" \ + --query-result "Security Event query result" --updated "2019-01-01T13:15:30Z" \ + --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel bookmark show --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### List ##### +``` +az sentinel bookmark list --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Delete ##### +``` +az sentinel bookmark delete --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +#### sentinel data-connector #### +##### Create ##### +``` +az sentinel data-connector create \ + --office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" \ + --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel data-connector show --data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel data-connector show --data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel data-connector show --data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel data-connector show --data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel data-connector show --data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### List ##### +``` +az sentinel data-connector list --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Delete ##### +``` +az sentinel data-connector delete --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +#### sentinel incident #### +##### Create ##### +``` +az sentinel incident create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ + --description "This is a demo incident" --classification "FalsePositive" \ + --classification-comment "Not a malicious activity" --classification-reason "IncorrectAlertLogic" \ + --first-activity-time-utc "2019-01-01T13:00:30Z" --last-activity-time-utc "2019-01-01T13:05:30Z" \ + --owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" --severity "High" --status "Closed" --title "My incident" \ + --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel incident show --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### List ##### +``` +az sentinel incident list --orderby "properties/createdTimeUtc desc" --top 1 --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +##### Delete ##### +``` +az sentinel incident delete --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` +#### sentinel incident-comment #### +##### Create ##### +``` +az sentinel incident-comment create --message "Some message" \ + --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ + --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Show ##### +``` +az sentinel incident-comment show --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" \ + --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### List ##### +``` +az sentinel incident-comment list --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ + --workspace-name "myWorkspace" +``` \ No newline at end of file diff --git a/src/securityinsight/azext_sentinel/__init__.py b/src/securityinsight/azext_sentinel/__init__.py new file mode 100644 index 00000000000..cba11ad4731 --- /dev/null +++ b/src/securityinsight/azext_sentinel/__init__.py @@ -0,0 +1,50 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.cli.core import AzCommandsLoader +from azext_sentinel.generated._help import helps # pylint: disable=unused-import +try: + from azext_sentinel.manual._help import helps # pylint: disable=reimported +except ImportError: + pass + + +class SecurityInsightsCommandsLoader(AzCommandsLoader): + + def __init__(self, cli_ctx=None): + from azure.cli.core.commands import CliCommandType + from azext_sentinel.generated._client_factory import cf_sentinel_cl + sentinel_custom = CliCommandType( + operations_tmpl='azext_sentinel.custom#{}', + client_factory=cf_sentinel_cl) + parent = super(SecurityInsightsCommandsLoader, self) + parent.__init__(cli_ctx=cli_ctx, custom_command_type=sentinel_custom) + + def load_command_table(self, args): + from azext_sentinel.generated.commands import load_command_table + load_command_table(self, args) + try: + from azext_sentinel.manual.commands import load_command_table as load_command_table_manual + load_command_table_manual(self, args) + except ImportError: + pass + return self.command_table + + def load_arguments(self, command): + from azext_sentinel.generated._params import load_arguments + load_arguments(self, command) + try: + from azext_sentinel.manual._params import load_arguments as load_arguments_manual + load_arguments_manual(self, command) + except ImportError: + pass + + +COMMAND_LOADER_CLS = SecurityInsightsCommandsLoader diff --git a/src/securityinsight/azext_sentinel/action.py b/src/securityinsight/azext_sentinel/action.py new file mode 100644 index 00000000000..d95d53bf711 --- /dev/null +++ b/src/securityinsight/azext_sentinel/action.py @@ -0,0 +1,17 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=wildcard-import +# pylint: disable=unused-wildcard-import + +from .generated.action import * # noqa: F403 +try: + from .manual.action import * # noqa: F403 +except ImportError: + pass diff --git a/src/securityinsight/azext_sentinel/azext_metadata.json b/src/securityinsight/azext_sentinel/azext_metadata.json new file mode 100644 index 00000000000..4f48fa652a5 --- /dev/null +++ b/src/securityinsight/azext_sentinel/azext_metadata.json @@ -0,0 +1,4 @@ +{ + "azext.isExperimental": true, + "azext.minCliCoreVersion": "2.11.0" +} \ No newline at end of file diff --git a/src/securityinsight/azext_sentinel/custom.py b/src/securityinsight/azext_sentinel/custom.py new file mode 100644 index 00000000000..dbe9d5f9742 --- /dev/null +++ b/src/securityinsight/azext_sentinel/custom.py @@ -0,0 +1,17 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=wildcard-import +# pylint: disable=unused-wildcard-import + +from .generated.custom import * # noqa: F403 +try: + from .manual.custom import * # noqa: F403 +except ImportError: + pass diff --git a/src/securityinsight/azext_sentinel/generated/__init__.py b/src/securityinsight/azext_sentinel/generated/__init__.py new file mode 100644 index 00000000000..c9cfdc73e77 --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/__init__.py @@ -0,0 +1,12 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +__path__ = __import__('pkgutil').extend_path(__path__, __name__) diff --git a/src/securityinsight/azext_sentinel/generated/_client_factory.py b/src/securityinsight/azext_sentinel/generated/_client_factory.py new file mode 100644 index 00000000000..6868ae4601c --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/_client_factory.py @@ -0,0 +1,44 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + + +def cf_sentinel_cl(cli_ctx, *_): + from azure.cli.core.commands.client_factory import get_mgmt_service_client + from ..vendored_sdks.securityinsight import SecurityInsights + return get_mgmt_service_client(cli_ctx, + SecurityInsights) + + +def cf_alert_rule(cli_ctx, *_): + return cf_sentinel_cl(cli_ctx).alert_rule + + +def cf_action(cli_ctx, *_): + return cf_sentinel_cl(cli_ctx).action + + +def cf_alert_rule_template(cli_ctx, *_): + return cf_sentinel_cl(cli_ctx).alert_rule_template + + +def cf_bookmark(cli_ctx, *_): + return cf_sentinel_cl(cli_ctx).bookmark + + +def cf_data_connector(cli_ctx, *_): + return cf_sentinel_cl(cli_ctx).data_connector + + +def cf_incident(cli_ctx, *_): + return cf_sentinel_cl(cli_ctx).incident + + +def cf_incident_comment(cli_ctx, *_): + return cf_sentinel_cl(cli_ctx).incident_comment diff --git a/src/securityinsight/azext_sentinel/generated/_help.py b/src/securityinsight/azext_sentinel/generated/_help.py new file mode 100644 index 00000000000..09a6f71e5c0 --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/_help.py @@ -0,0 +1,676 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=too-many-lines + +from knack.help_files import helps + + +helps['sentinel alert-rule'] = """ + type: group + short-summary: sentinel alert-rule +""" + +helps['sentinel alert-rule list'] = """ + type: command + short-summary: "Gets all alert rules." + examples: + - name: Get all alert rules. + text: |- + az sentinel alert-rule list --resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel alert-rule show'] = """ + type: command + short-summary: "Gets the alert rule." + examples: + - name: Get a Fusion alert rule. + text: |- + az sentinel alert-rule show --resource-group "myRg" --rule-id "myFirstFusionRule" --workspace-name \ +"myWorkspace" + - name: Get a MicrosoftSecurityIncidentCreation rule. + text: |- + az sentinel alert-rule show --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExam\ +ple" --workspace-name "myWorkspace" + - name: Get a Scheduled alert rule. + text: |- + az sentinel alert-rule show --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--workspace-name "myWorkspace" +""" + +helps['sentinel alert-rule create'] = """ + type: command + short-summary: "Creates or updates the action of alert rule. And Create the alert rule." + parameters: + - name: --fusion-alert-rule + short-summary: "Represents Fusion alert rule." + long-summary: | + Usage: --fusion-alert-rule alert-rule-template-name=XX enabled=XX kind=XX etag=XX + + alert-rule-template-name: The Name of the alert rule template used to create this rule. + enabled: Determines whether this alert rule is enabled or disabled. + kind: Required. The alert rule kind + etag: Etag of the azure resource + - name: --microsoft-security-incident-creation-alert-rule + short-summary: "Represents MicrosoftSecurityIncidentCreation rule." + long-summary: | + Usage: --microsoft-security-incident-creation-alert-rule display-names-filter=XX \ +display-names-exclude-filter=XX product-filter=XX severities-filter=XX alert-rule-template-name=XX description=XX \ +display-name=XX enabled=XX kind=XX etag=XX + + display-names-filter: the alerts' displayNames on which the cases will be generated + display-names-exclude-filter: the alerts' displayNames on which the cases will not be generated + product-filter: The alerts' productName on which the cases will be generated + severities-filter: the alerts' severities on which the cases will be generated + alert-rule-template-name: The Name of the alert rule template used to create this rule. + description: The description of the alert rule. + display-name: The display name for alerts created by this alert rule. + enabled: Determines whether this alert rule is enabled or disabled. + kind: Required. The alert rule kind + etag: Etag of the azure resource + - name: --scheduled-alert-rule + short-summary: "Represents scheduled alert rule." + long-summary: | + Usage: --scheduled-alert-rule query=XX query-frequency=XX query-period=XX severity=XX trigger-operator=XX \ +trigger-threshold=XX alert-rule-template-name=XX description=XX display-name=XX enabled=XX suppression-duration=XX \ +suppression-enabled=XX tactics=XX kind=XX etag=XX + + query: The query that creates alerts for this rule. + query-frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + query-period: The period (in ISO 8601 duration format) that this alert rule looks at. + severity: The severity for alerts created by this alert rule. + trigger-operator: The operation against the threshold that triggers alert rule. + trigger-threshold: The threshold triggers this alert rule. + alert-rule-template-name: The Name of the alert rule template used to create this rule. + description: The description of the alert rule. + display-name: The display name for alerts created by this alert rule. + enabled: Determines whether this alert rule is enabled or disabled. + suppression-duration: The suppression (in ISO 8601 duration format) to wait since last time this alert \ +rule been triggered. + suppression-enabled: Determines whether the suppression for this alert rule is enabled or disabled. + tactics: The tactics of the alert rule + kind: Required. The alert rule kind + etag: Etag of the azure resource + examples: + - name: Creates or updates an action of alert rule. + text: |- + az sentinel alert-rule create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ +--logic-app-resource-id "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Lo\ +gic/workflows/MyAlerts" --trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd\ +7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" \ +--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2\ +ab5" --workspace-name "myWorkspace" + - name: Creates or updates a Fusion alert rule. + text: |- + az sentinel alert-rule create --fusion-alert-rule etag="3d00c3ca-0000-0100-0000-5d42d5010000" \ +alert-rule-template-name="f71aba3d-28fb-450b-b192-4e76a83015c8" enabled=true --resource-group "myRg" --rule-id \ +"myFirstFusionRule" --workspace-name "myWorkspace" + - name: Creates or updates a MicrosoftSecurityIncidentCreation rule. + text: |- + az sentinel alert-rule create --microsoft-security-incident-creation-alert-rule \ +etag="\\"260097e0-0000-0d00-0000-5d6fa88f0000\\"" product-filter="Microsoft Cloud App Security" display-name="testing \ +displayname" enabled=true --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" \ +--workspace-name "myWorkspace" + - name: Creates or updates a Scheduled alert rule. + text: |- + az sentinel alert-rule create --scheduled-alert-rule etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ +query="ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden" \ +query-frequency="PT1H" query-period="P2DT1H30M" severity="High" trigger-operator="GreaterThan" trigger-threshold=0 \ +description="" display-name="Rule2" enabled=true suppression-duration="PT1H" suppression-enabled=false \ +tactics="Persistence" tactics="LateralMovement" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5\ +" --workspace-name "myWorkspace" +""" + +helps['sentinel alert-rule update'] = """ + type: command + short-summary: "Update the alert rule." + parameters: + - name: --fusion-alert-rule + short-summary: "Represents Fusion alert rule." + long-summary: | + Usage: --fusion-alert-rule alert-rule-template-name=XX enabled=XX kind=XX etag=XX + + alert-rule-template-name: The Name of the alert rule template used to create this rule. + enabled: Determines whether this alert rule is enabled or disabled. + kind: Required. The alert rule kind + etag: Etag of the azure resource + - name: --microsoft-security-incident-creation-alert-rule + short-summary: "Represents MicrosoftSecurityIncidentCreation rule." + long-summary: | + Usage: --microsoft-security-incident-creation-alert-rule display-names-filter=XX \ +display-names-exclude-filter=XX product-filter=XX severities-filter=XX alert-rule-template-name=XX description=XX \ +display-name=XX enabled=XX kind=XX etag=XX + + display-names-filter: the alerts' displayNames on which the cases will be generated + display-names-exclude-filter: the alerts' displayNames on which the cases will not be generated + product-filter: The alerts' productName on which the cases will be generated + severities-filter: the alerts' severities on which the cases will be generated + alert-rule-template-name: The Name of the alert rule template used to create this rule. + description: The description of the alert rule. + display-name: The display name for alerts created by this alert rule. + enabled: Determines whether this alert rule is enabled or disabled. + kind: Required. The alert rule kind + etag: Etag of the azure resource + - name: --scheduled-alert-rule + short-summary: "Represents scheduled alert rule." + long-summary: | + Usage: --scheduled-alert-rule query=XX query-frequency=XX query-period=XX severity=XX trigger-operator=XX \ +trigger-threshold=XX alert-rule-template-name=XX description=XX display-name=XX enabled=XX suppression-duration=XX \ +suppression-enabled=XX tactics=XX kind=XX etag=XX + + query: The query that creates alerts for this rule. + query-frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + query-period: The period (in ISO 8601 duration format) that this alert rule looks at. + severity: The severity for alerts created by this alert rule. + trigger-operator: The operation against the threshold that triggers alert rule. + trigger-threshold: The threshold triggers this alert rule. + alert-rule-template-name: The Name of the alert rule template used to create this rule. + description: The description of the alert rule. + display-name: The display name for alerts created by this alert rule. + enabled: Determines whether this alert rule is enabled or disabled. + suppression-duration: The suppression (in ISO 8601 duration format) to wait since last time this alert \ +rule been triggered. + suppression-enabled: Determines whether the suppression for this alert rule is enabled or disabled. + tactics: The tactics of the alert rule + kind: Required. The alert rule kind + etag: Etag of the azure resource +""" + +helps['sentinel alert-rule delete'] = """ + type: command + short-summary: "Delete the action of alert rule. And Delete the alert rule." + examples: + - name: Delete an action of alert rule. + text: |- + az sentinel alert-rule delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group \ +"myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" + - name: Delete an alert rule. + text: |- + az sentinel alert-rule delete --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--workspace-name "myWorkspace" +""" + +helps['sentinel alert-rule get-action'] = """ + type: command + short-summary: "Gets the action of alert rule." + examples: + - name: Get an action of alert rule. + text: |- + az sentinel alert-rule get-action --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group \ +"myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +""" + +helps['sentinel action'] = """ + type: group + short-summary: sentinel action +""" + +helps['sentinel action list'] = """ + type: command + short-summary: "Gets all actions of alert rule." + examples: + - name: Get all actions of alert rule. + text: |- + az sentinel action list --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--workspace-name "myWorkspace" +""" + +helps['sentinel alert-rule-template'] = """ + type: group + short-summary: sentinel alert-rule-template +""" + +helps['sentinel alert-rule-template list'] = """ + type: command + short-summary: "Gets all alert rule templates." + examples: + - name: Get all alert rule templates. + text: |- + az sentinel alert-rule-template list --resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel alert-rule-template show'] = """ + type: command + short-summary: "Gets the alert rule template." + examples: + - name: Get alert rule template by Id. + text: |- + az sentinel alert-rule-template show --alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" \ +--resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel bookmark'] = """ + type: group + short-summary: sentinel bookmark +""" + +helps['sentinel bookmark list'] = """ + type: command + short-summary: "Gets all bookmarks." + examples: + - name: Get all bookmarks. + text: |- + az sentinel bookmark list --resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel bookmark show'] = """ + type: command + short-summary: "Gets a bookmark." + examples: + - name: Get a bookmark. + text: |- + az sentinel bookmark show --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +""" + +helps['sentinel bookmark create'] = """ + type: command + short-summary: "Create the bookmark." + parameters: + - name: --incident-info + short-summary: "Describes an incident that relates to bookmark" + long-summary: | + Usage: --incident-info incident-id=XX severity=XX title=XX relation-name=XX + + incident-id: Required. Incident Id + severity: Required. The severity of the incident + title: Required. The title of the incident + relation-name: Required. Relation Name + examples: + - name: Creates or updates a bookmark. + text: |- + az sentinel bookmark create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --created \ +"2019-01-01T13:15:30Z" --display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious \ +activity" --query "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" --query-result "Security \ +Event query result" --updated "2019-01-01T13:15:30Z" --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel bookmark update'] = """ + type: command + short-summary: "Update the bookmark." + parameters: + - name: --incident-info + short-summary: "Describes an incident that relates to bookmark" + long-summary: | + Usage: --incident-info incident-id=XX severity=XX title=XX relation-name=XX + + incident-id: Required. Incident Id + severity: Required. The severity of the incident + title: Required. The title of the incident + relation-name: Required. Relation Name +""" + +helps['sentinel bookmark delete'] = """ + type: command + short-summary: "Delete the bookmark." + examples: + - name: Delete a bookmark. + text: |- + az sentinel bookmark delete --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ +"myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel data-connector'] = """ + type: group + short-summary: sentinel data-connector +""" + +helps['sentinel data-connector list'] = """ + type: command + short-summary: "Gets all data connectors." + examples: + - name: Get all data connectors. + text: |- + az sentinel data-connector list --resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel data-connector show'] = """ + type: command + short-summary: "Gets a data connector." + examples: + - name: Get a ASC data connector. + text: |- + az sentinel data-connector show --data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get a MCAS data connector. + text: |- + az sentinel data-connector show --data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get a MDATP data connector + text: |- + az sentinel data-connector show --data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get a TI data connector. + text: |- + az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an AAD data connector. + text: |- + az sentinel data-connector show --data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an AATP data connector. + text: |- + az sentinel data-connector show --data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an AwsCloudTrail data connector. + text: |- + az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an Office365 data connector. + text: |- + az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel data-connector create'] = """ + type: command + short-summary: "Create the data connector." + parameters: + - name: --aad-data-connector + short-summary: "Represents AAD (Azure Active Directory) data connector." + long-summary: | + Usage: --aad-data-connector tenant-id=XX state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --aatp-data-connector + short-summary: "Represents AATP (Azure Advanced Threat Protection) data connector." + long-summary: | + Usage: --aatp-data-connector tenant-id=XX state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --asc-data-connector + short-summary: "Represents ASC (Azure Security Center) data connector." + long-summary: | + Usage: --asc-data-connector subscription-id=XX state=XX kind=XX etag=XX + + subscription-id: The subscription id to connect to, and get the data from. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --aws-cloud-trail-data-connector + short-summary: "Represents Amazon Web Services CloudTrail data connector." + long-summary: | + Usage: --aws-cloud-trail-data-connector aws-role-arn=XX state=XX kind=XX etag=XX + + aws-role-arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --mcas-data-connector + short-summary: "Represents MCAS (Microsoft Cloud App Security) data connector." + long-summary: | + Usage: --mcas-data-connector tenant-id=XX state-data-types-alerts-state=XX state-data-types-discovery-logs-\ +state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state-data-types-alerts-state: Describe whether this data type connection is enabled or not. + state-data-types-discovery-logs-state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --mdatp-data-connector + short-summary: "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector." + long-summary: | + Usage: --mdatp-data-connector tenant-id=XX state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --office-data-connector + short-summary: "Represents office data connector." + long-summary: | + Usage: --office-data-connector tenant-id=XX state-data-types-share-point-state=XX \ +state-data-types-exchange-state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state-data-types-share-point-state: Describe whether this data type connection is enabled or not. + state-data-types-exchange-state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --ti-data-connector + short-summary: "Represents threat intelligence data connector." + long-summary: | + Usage: --ti-data-connector tenant-id=XX state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + examples: + - name: Creates or updates an Office365 data connector. + text: |- + az sentinel data-connector create --office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\ +\\"" tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel data-connector update'] = """ + type: command + short-summary: "Update the data connector." + parameters: + - name: --aad-data-connector + short-summary: "Represents AAD (Azure Active Directory) data connector." + long-summary: | + Usage: --aad-data-connector tenant-id=XX state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --aatp-data-connector + short-summary: "Represents AATP (Azure Advanced Threat Protection) data connector." + long-summary: | + Usage: --aatp-data-connector tenant-id=XX state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --asc-data-connector + short-summary: "Represents ASC (Azure Security Center) data connector." + long-summary: | + Usage: --asc-data-connector subscription-id=XX state=XX kind=XX etag=XX + + subscription-id: The subscription id to connect to, and get the data from. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --aws-cloud-trail-data-connector + short-summary: "Represents Amazon Web Services CloudTrail data connector." + long-summary: | + Usage: --aws-cloud-trail-data-connector aws-role-arn=XX state=XX kind=XX etag=XX + + aws-role-arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --mcas-data-connector + short-summary: "Represents MCAS (Microsoft Cloud App Security) data connector." + long-summary: | + Usage: --mcas-data-connector tenant-id=XX state-data-types-alerts-state=XX state-data-types-discovery-logs-\ +state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state-data-types-alerts-state: Describe whether this data type connection is enabled or not. + state-data-types-discovery-logs-state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --mdatp-data-connector + short-summary: "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector." + long-summary: | + Usage: --mdatp-data-connector tenant-id=XX state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --office-data-connector + short-summary: "Represents office data connector." + long-summary: | + Usage: --office-data-connector tenant-id=XX state-data-types-share-point-state=XX \ +state-data-types-exchange-state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state-data-types-share-point-state: Describe whether this data type connection is enabled or not. + state-data-types-exchange-state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource + - name: --ti-data-connector + short-summary: "Represents threat intelligence data connector." + long-summary: | + Usage: --ti-data-connector tenant-id=XX state=XX kind=XX etag=XX + + tenant-id: The tenant id to connect to, and get the data from. + state: Describe whether this data type connection is enabled or not. + kind: Required. The data connector kind + etag: Etag of the azure resource +""" + +helps['sentinel data-connector delete'] = """ + type: command + short-summary: "Delete the data connector." + examples: + - name: Delete an Office365 data connector. + text: |- + az sentinel data-connector delete --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel incident'] = """ + type: group + short-summary: sentinel incident +""" + +helps['sentinel incident list'] = """ + type: command + short-summary: "Gets all incidents." + examples: + - name: Get all incidents. + text: |- + az sentinel incident list --orderby "properties/createdTimeUtc desc" --top 1 --resource-group "myRg" \ +--workspace-name "myWorkspace" +""" + +helps['sentinel incident show'] = """ + type: command + short-summary: "Gets an incident." + examples: + - name: Get an incident. + text: |- + az sentinel incident show --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +""" + +helps['sentinel incident create'] = """ + type: command + short-summary: "Create the incident." + parameters: + - name: --labels + short-summary: "List of labels relevant to this incident" + long-summary: | + Usage: --labels label-name=XX + + label-name: Required. The name of the label + + Multiple actions can be specified by using more than one --labels argument. + - name: --owner + short-summary: "Describes a user that the incident is assigned to" + long-summary: | + Usage: --owner email=XX assigned-to=XX object-id=XX user-principal-name=XX + + email: The email of the user the incident is assigned to. + assigned-to: The name of the user the incident is assigned to. + object-id: The object id of the user the incident is assigned to. + user-principal-name: The user principal name of the user the incident is assigned to. + examples: + - name: Creates or updates an incident. + text: |- + az sentinel incident create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --description "This is \ +a demo incident" --classification "FalsePositive" --classification-comment "Not a malicious activity" \ +--classification-reason "IncorrectAlertLogic" --first-activity-time-utc "2019-01-01T13:00:30Z" \ +--last-activity-time-utc "2019-01-01T13:05:30Z" --owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" --severity \ +"High" --status "Closed" --title "My incident" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ +"myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel incident update'] = """ + type: command + short-summary: "Update the incident." + parameters: + - name: --labels + short-summary: "List of labels relevant to this incident" + long-summary: | + Usage: --labels label-name=XX + + label-name: Required. The name of the label + + Multiple actions can be specified by using more than one --labels argument. + - name: --owner + short-summary: "Describes a user that the incident is assigned to" + long-summary: | + Usage: --owner email=XX assigned-to=XX object-id=XX user-principal-name=XX + + email: The email of the user the incident is assigned to. + assigned-to: The name of the user the incident is assigned to. + object-id: The object id of the user the incident is assigned to. + user-principal-name: The user principal name of the user the incident is assigned to. +""" + +helps['sentinel incident delete'] = """ + type: command + short-summary: "Delete the incident." + examples: + - name: Delete an incident. + text: |- + az sentinel incident delete --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ +"myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel incident-comment'] = """ + type: group + short-summary: sentinel incident-comment +""" + +helps['sentinel incident-comment list'] = """ + type: command + short-summary: "Gets all incident comments." + examples: + - name: Get all incident comments. + text: |- + az sentinel incident-comment list --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ +"myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel incident-comment show'] = """ + type: command + short-summary: "Gets an incident comment." + examples: + - name: Get an incident comment. + text: |- + az sentinel incident-comment show --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" \ +--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel incident-comment create'] = """ + type: command + short-summary: "Creates the incident comment." + examples: + - name: Creates an incident comment. + text: |- + az sentinel incident-comment create --message "Some message" --incident-comment-id \ +"4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +""" diff --git a/src/securityinsight/azext_sentinel/generated/_params.py b/src/securityinsight/azext_sentinel/generated/_params.py new file mode 100644 index 00000000000..1d0fd616a6f --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/_params.py @@ -0,0 +1,293 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=too-many-lines +# pylint: disable=too-many-statements + +from azure.cli.core.commands.parameters import ( + get_enum_type, + resource_group_name_type +) +from azext_sentinel.action import ( + AddFusionAlertRule, + AddMicrosoftSecurityIncidentCreationAlertRule, + AddScheduledAlertRule, + AddIncidentInfo, + AddAadDataConnector, + AddAatpDataConnector, + AddAscDataConnector, + AddAwsCloudTrailDataConnector, + AddMcasDataConnector, + AddMdatpDataConnector, + AddOfficeDataConnector, + AddTiDataConnector, + AddLabels, + AddOwner +) + + +def load_arguments(self, _): + + with self.argument_context('sentinel alert-rule list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + + with self.argument_context('sentinel alert-rule show') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') + + with self.argument_context('sentinel alert-rule create') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + c.argument('rule_id', type=str, help='Alert rule ID') + c.argument('action_id', type=str, help='Action ID') + c.argument('etag', type=str, help='Etag of the azure resource') + c.argument('logic_app_resource_id', type=str, help='Logic App Resource Id, /subscriptions/{my-subscription}/res' + 'ourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.') + c.argument('trigger_uri', type=str, help='Logic App Callback URL for this specific workflow.') + c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='*', help='Represents Fusion alert rule.', + arg_group='AlertRule') + c.argument('microsoft_security_incident_creation_alert_rule', + action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='*', help='Represents ' + 'MicrosoftSecurityIncidentCreation rule.', arg_group='AlertRule') + c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='*', help='Represents scheduled alert ' + 'rule.', arg_group='AlertRule') + + with self.argument_context('sentinel alert-rule update') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') + c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='*', help='Represents Fusion alert rule.', + arg_group='AlertRule') + c.argument('microsoft_security_incident_creation_alert_rule', + action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='*', help='Represents ' + 'MicrosoftSecurityIncidentCreation rule.', arg_group='AlertRule') + c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='*', help='Represents scheduled alert ' + 'rule.', arg_group='AlertRule') + + with self.argument_context('sentinel alert-rule delete') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') + c.argument('action_id', type=str, help='Action ID', id_part='child_name_2') + + with self.argument_context('sentinel alert-rule get-action') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') + c.argument('action_id', type=str, help='Action ID', id_part='child_name_2') + + with self.argument_context('sentinel action list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + c.argument('rule_id', type=str, help='Alert rule ID') + + with self.argument_context('sentinel alert-rule-template list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + + with self.argument_context('sentinel alert-rule-template show') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('alert_rule_template_id', type=str, help='Alert rule template ID', id_part='child_name_1') + + with self.argument_context('sentinel bookmark list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + + with self.argument_context('sentinel bookmark show') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('bookmark_id', type=str, help='Bookmark ID', id_part='child_name_1') + + with self.argument_context('sentinel bookmark create') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + c.argument('bookmark_id', type=str, help='Bookmark ID') + c.argument('etag', type=str, help='Etag of the azure resource') + c.argument('created', help='The time the bookmark was created') + c.argument('display_name', type=str, help='The display name of the bookmark') + c.argument('labels', nargs='*', help='List of labels relevant to this bookmark') + c.argument('notes', type=str, help='The notes of the bookmark') + c.argument('query', type=str, help='The query of the bookmark.') + c.argument('query_result', type=str, help='The query result of the bookmark.') + c.argument('updated', help='The last time the bookmark was updated') + c.argument('incident_info', action=AddIncidentInfo, nargs='*', help='Describes an incident that relates to ' + 'bookmark') + c.argument('updated_by_object_id', help='The object id of the user.') + + with self.argument_context('sentinel bookmark update') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('bookmark_id', type=str, help='Bookmark ID', id_part='child_name_1') + c.argument('etag', type=str, help='Etag of the azure resource') + c.argument('created', help='The time the bookmark was created') + c.argument('display_name', type=str, help='The display name of the bookmark') + c.argument('labels', nargs='*', help='List of labels relevant to this bookmark') + c.argument('notes', type=str, help='The notes of the bookmark') + c.argument('query', type=str, help='The query of the bookmark.') + c.argument('query_result', type=str, help='The query result of the bookmark.') + c.argument('updated', help='The last time the bookmark was updated') + c.argument('incident_info', action=AddIncidentInfo, nargs='*', help='Describes an incident that relates to ' + 'bookmark') + c.argument('updated_by_object_id', help='The object id of the user.') + + with self.argument_context('sentinel bookmark delete') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('bookmark_id', type=str, help='Bookmark ID', id_part='child_name_1') + + with self.argument_context('sentinel data-connector list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + + with self.argument_context('sentinel data-connector show') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('data_connector_id', type=str, help='Connector ID', id_part='child_name_1') + + with self.argument_context('sentinel data-connector create') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + c.argument('data_connector_id', type=str, help='Connector ID') + c.argument('aad_data_connector', action=AddAadDataConnector, nargs='*', help='Represents AAD (Azure Active ' + 'Directory) data connector.', arg_group='DataConnector') + c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='*', help='Represents AATP (Azure ' + 'Advanced Threat Protection) data connector.', arg_group='DataConnector') + c.argument('asc_data_connector', action=AddAscDataConnector, nargs='*', help='Represents ASC (Azure Security ' + 'Center) data connector.', arg_group='DataConnector') + c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='*', help='Represents ' + 'Amazon Web Services CloudTrail data connector.', arg_group='DataConnector') + c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='*', help='Represents MCAS (Microsoft ' + 'Cloud App Security) data connector.', arg_group='DataConnector') + c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='*', help='Represents MDATP (Microsoft ' + 'Defender Advanced Threat Protection) data connector.', arg_group='DataConnector') + c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='*', help='Represents office data ' + 'connector.', arg_group='DataConnector') + c.argument('ti_data_connector', action=AddTiDataConnector, nargs='*', help='Represents threat intelligence ' + 'data connector.', arg_group='DataConnector') + + with self.argument_context('sentinel data-connector update') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('data_connector_id', type=str, help='Connector ID', id_part='child_name_1') + c.argument('aad_data_connector', action=AddAadDataConnector, nargs='*', help='Represents AAD (Azure Active ' + 'Directory) data connector.', arg_group='DataConnector') + c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='*', help='Represents AATP (Azure ' + 'Advanced Threat Protection) data connector.', arg_group='DataConnector') + c.argument('asc_data_connector', action=AddAscDataConnector, nargs='*', help='Represents ASC (Azure Security ' + 'Center) data connector.', arg_group='DataConnector') + c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='*', help='Represents ' + 'Amazon Web Services CloudTrail data connector.', arg_group='DataConnector') + c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='*', help='Represents MCAS (Microsoft ' + 'Cloud App Security) data connector.', arg_group='DataConnector') + c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='*', help='Represents MDATP (Microsoft ' + 'Defender Advanced Threat Protection) data connector.', arg_group='DataConnector') + c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='*', help='Represents office data ' + 'connector.', arg_group='DataConnector') + c.argument('ti_data_connector', action=AddTiDataConnector, nargs='*', help='Represents threat intelligence ' + 'data connector.', arg_group='DataConnector') + + with self.argument_context('sentinel data-connector delete') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('data_connector_id', type=str, help='Connector ID', id_part='child_name_1') + + with self.argument_context('sentinel incident list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + c.argument('filter_', options_list=['--filter'], type=str, help='Filters the results, based on a Boolean ' + 'condition. Optional.') + c.argument('orderby', type=str, help='Sorts the results. Optional.') + c.argument('top', type=int, help='Returns only the first n results. Optional.') + c.argument('skip_token', type=str, help='Skiptoken is only used if a previous operation returned a partial ' + 'result. If a previous response contains a nextLink element, the value of the nextLink element will ' + 'include a skiptoken parameter that specifies a starting point to use for subsequent calls. ' + 'Optional.') + + with self.argument_context('sentinel incident show') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('incident_id', type=str, help='Incident ID', id_part='child_name_1') + + with self.argument_context('sentinel incident create') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + c.argument('incident_id', type=str, help='Incident ID') + c.argument('etag', type=str, help='Etag of the azure resource') + c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', '' + 'FalsePositive']), help='The reason the incident was ' + 'closed') + c.argument('classification_comment', type=str, help='Describes the reason the incident was closed') + c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', '' + 'IncorrectAlertLogic', 'InaccurateData']), help='' + 'The classification reason the incident was closed with') + c.argument('description', type=str, help='The description of the incident') + c.argument('first_activity_time_utc', help='The time of the first activity in the incident') + c.argument('labels', action=AddLabels, nargs='*', help='List of labels relevant to this incident') + c.argument('last_activity_time_utc', help='The time of the last activity in the incident') + c.argument('owner', action=AddOwner, nargs='*', help='Describes a user that the incident is assigned to') + c.argument('severity', arg_type=get_enum_type(['High', 'Medium', 'Low', 'Informational']), help='The severity ' + 'of the incident') + c.argument('status', arg_type=get_enum_type(['New', 'Active', 'Closed']), help='The status of the incident') + c.argument('title', type=str, help='The title of the incident') + + with self.argument_context('sentinel incident update') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('incident_id', type=str, help='Incident ID', id_part='child_name_1') + c.argument('etag', type=str, help='Etag of the azure resource') + c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', '' + 'FalsePositive']), help='The reason the incident was ' + 'closed') + c.argument('classification_comment', type=str, help='Describes the reason the incident was closed') + c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', '' + 'IncorrectAlertLogic', 'InaccurateData']), help='' + 'The classification reason the incident was closed with') + c.argument('description', type=str, help='The description of the incident') + c.argument('first_activity_time_utc', help='The time of the first activity in the incident') + c.argument('labels', action=AddLabels, nargs='*', help='List of labels relevant to this incident') + c.argument('last_activity_time_utc', help='The time of the last activity in the incident') + c.argument('owner', action=AddOwner, nargs='*', help='Describes a user that the incident is assigned to') + c.argument('severity', arg_type=get_enum_type(['High', 'Medium', 'Low', 'Informational']), help='The severity ' + 'of the incident') + c.argument('status', arg_type=get_enum_type(['New', 'Active', 'Closed']), help='The status of the incident') + c.argument('title', type=str, help='The title of the incident') + + with self.argument_context('sentinel incident delete') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('incident_id', type=str, help='Incident ID', id_part='child_name_1') + + with self.argument_context('sentinel incident-comment list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + c.argument('incident_id', type=str, help='Incident ID') + c.argument('filter_', options_list=['--filter'], type=str, help='Filters the results, based on a Boolean ' + 'condition. Optional.') + c.argument('orderby', type=str, help='Sorts the results. Optional.') + c.argument('top', type=int, help='Returns only the first n results. Optional.') + c.argument('skip_token', type=str, help='Skiptoken is only used if a previous operation returned a partial ' + 'result. If a previous response contains a nextLink element, the value of the nextLink element will ' + 'include a skiptoken parameter that specifies a starting point to use for subsequent calls. ' + 'Optional.') + + with self.argument_context('sentinel incident-comment show') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('incident_id', type=str, help='Incident ID', id_part='child_name_1') + c.argument('incident_comment_id', type=str, help='Incident comment ID', id_part='child_name_2') + + with self.argument_context('sentinel incident-comment create') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + c.argument('incident_id', type=str, help='Incident ID') + c.argument('incident_comment_id', type=str, help='Incident comment ID') + c.argument('message', type=str, help='The comment message') diff --git a/src/securityinsight/azext_sentinel/generated/_validators.py b/src/securityinsight/azext_sentinel/generated/_validators.py new file mode 100644 index 00000000000..b33a44c1ebf --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/_validators.py @@ -0,0 +1,9 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- diff --git a/src/securityinsight/azext_sentinel/generated/action.py b/src/securityinsight/azext_sentinel/generated/action.py new file mode 100644 index 00000000000..640e939dbf8 --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/action.py @@ -0,0 +1,427 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=protected-access + +import argparse +from collections import defaultdict +from knack.util import CLIError + + +class AddFusionAlertRule(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.fusion_alert_rule = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'alert-rule-template-name': + d['alert_rule_template_name'] = v[0] + elif kl == 'enabled': + d['enabled'] = v[0] + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'Fusion' + return d + + +class AddMicrosoftSecurityIncidentCreationAlertRule(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.microsoft_security_incident_creation_alert_rule = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'display-names-filter': + d['display_names_filter'] = v + elif kl == 'display-names-exclude-filter': + d['display_names_exclude_filter'] = v + elif kl == 'product-filter': + d['product_filter'] = v[0] + elif kl == 'severities-filter': + d['severities_filter'] = v + elif kl == 'alert-rule-template-name': + d['alert_rule_template_name'] = v[0] + elif kl == 'description': + d['description'] = v[0] + elif kl == 'display-name': + d['display_name'] = v[0] + elif kl == 'enabled': + d['enabled'] = v[0] + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'MicrosoftSecurityIncidentCreation' + return d + + +class AddScheduledAlertRule(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.scheduled_alert_rule = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'query': + d['query'] = v[0] + elif kl == 'query-frequency': + d['query_frequency'] = v[0] + elif kl == 'query-period': + d['query_period'] = v[0] + elif kl == 'severity': + d['severity'] = v[0] + elif kl == 'trigger-operator': + d['trigger_operator'] = v[0] + elif kl == 'trigger-threshold': + d['trigger_threshold'] = v[0] + elif kl == 'alert-rule-template-name': + d['alert_rule_template_name'] = v[0] + elif kl == 'description': + d['description'] = v[0] + elif kl == 'display-name': + d['display_name'] = v[0] + elif kl == 'enabled': + d['enabled'] = v[0] + elif kl == 'suppression-duration': + d['suppression_duration'] = v[0] + elif kl == 'suppression-enabled': + d['suppression_enabled'] = v[0] + elif kl == 'tactics': + d['tactics'] = v + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'Scheduled' + return d + + +class AddIncidentInfo(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.incident_info = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'incident-id': + d['incident_id'] = v[0] + elif kl == 'severity': + d['severity'] = v[0] + elif kl == 'title': + d['title'] = v[0] + elif kl == 'relation-name': + d['relation_name'] = v[0] + return d + + +class AddAadDataConnector(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.aad_data_connector = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'tenant-id': + d['tenant_id'] = v[0] + elif kl == 'state': + d['state'] = v[0] + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'AzureActiveDirectory' + return d + + +class AddAatpDataConnector(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.aatp_data_connector = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'tenant-id': + d['tenant_id'] = v[0] + elif kl == 'state': + d['state'] = v[0] + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'AzureAdvancedThreatProtection' + return d + + +class AddAscDataConnector(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.asc_data_connector = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'subscription-id': + d['subscription_id'] = v[0] + elif kl == 'state': + d['state'] = v[0] + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'AzureSecurityCenter' + return d + + +class AddAwsCloudTrailDataConnector(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.aws_cloud_trail_data_connector = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'aws-role-arn': + d['aws_role_arn'] = v[0] + elif kl == 'state': + d['state'] = v[0] + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'AmazonWebServicesCloudTrail' + return d + + +class AddMcasDataConnector(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.mcas_data_connector = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'tenant-id': + d['tenant_id'] = v[0] + elif kl == 'state-data-types-alerts-state': + d['state_data_types_alerts_state'] = v[0] + elif kl == 'state-data-types-discovery-logs-state': + d['state_data_types_discovery_logs_state'] = v[0] + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'MicrosoftCloudAppSecurity' + return d + + +class AddMdatpDataConnector(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.mdatp_data_connector = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'tenant-id': + d['tenant_id'] = v[0] + elif kl == 'state': + d['state'] = v[0] + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'MicrosoftDefenderAdvancedThreatProtection' + return d + + +class AddOfficeDataConnector(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.office_data_connector = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'tenant-id': + d['tenant_id'] = v[0] + elif kl == 'state-data-types-share-point-state': + d['state_data_types_share_point_state'] = v[0] + elif kl == 'state-data-types-exchange-state': + d['state_data_types_exchange_state'] = v[0] + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'Office365' + return d + + +class AddTiDataConnector(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.ti_data_connector = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'tenant-id': + d['tenant_id'] = v[0] + elif kl == 'state': + d['state'] = v[0] + elif kl == 'etag': + d['etag'] = v[0] + d['kind'] = 'ThreatIntelligence' + return d + + +class AddLabels(argparse._AppendAction): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + super(AddLabels, self).__call__(parser, namespace, action, option_string) + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'label-name': + d['label_name'] = v[0] + return d + + +class AddOwner(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + action = self.get_action(values, option_string) + namespace.owner = action + + def get_action(self, values, option_string): # pylint: disable=no-self-use + try: + properties = defaultdict(list) + for (k, v) in (x.split('=', 1) for x in values): + properties[k].append(v) + properties = dict(properties) + except ValueError: + raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) + d = {} + for k in properties: + kl = k.lower() + v = properties[k] + if kl == 'email': + d['email'] = v[0] + elif kl == 'assigned-to': + d['assigned_to'] = v[0] + elif kl == 'object-id': + d['object_id'] = v[0] + elif kl == 'user-principal-name': + d['user_principal_name'] = v[0] + return d diff --git a/src/securityinsight/azext_sentinel/generated/commands.py b/src/securityinsight/azext_sentinel/generated/commands.py new file mode 100644 index 00000000000..f8dac3f83d6 --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/commands.py @@ -0,0 +1,100 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=too-many-statements +# pylint: disable=too-many-locals + +from azure.cli.core.commands import CliCommandType + + +def load_command_table(self, _): + + from azext_sentinel.generated._client_factory import cf_alert_rule + sentinel_alert_rule = CliCommandType( + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_operations#AlertRuleOperat' + 'ions.{}', + client_factory=cf_alert_rule) + with self.command_group('sentinel alert-rule', sentinel_alert_rule, client_factory=cf_alert_rule, + is_experimental=True) as g: + g.custom_command('list', 'sentinel_alert_rule_list') + g.custom_show_command('show', 'sentinel_alert_rule_show') + g.custom_command('create', 'sentinel_alert_rule_create') + g.generic_update_command('update', setter_arg_name='alert_rule', + custom_func_name='sentinel_alert_rule_update') + g.custom_command('delete', 'sentinel_alert_rule_delete', confirmation=True) + g.custom_command('get-action', 'sentinel_alert_rule_get_action') + + from azext_sentinel.generated._client_factory import cf_action + sentinel_action = CliCommandType( + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._action_operations#ActionOperations.{}' + '', + client_factory=cf_action) + with self.command_group('sentinel action', sentinel_action, client_factory=cf_action, is_experimental=True) as g: + g.custom_command('list', 'sentinel_action_list') + + from azext_sentinel.generated._client_factory import cf_alert_rule_template + sentinel_alert_rule_template = CliCommandType( + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_template_operations#AlertR' + 'uleTemplateOperations.{}', + client_factory=cf_alert_rule_template) + with self.command_group('sentinel alert-rule-template', sentinel_alert_rule_template, + client_factory=cf_alert_rule_template, is_experimental=True) as g: + g.custom_command('list', 'sentinel_alert_rule_template_list') + g.custom_show_command('show', 'sentinel_alert_rule_template_show') + + from azext_sentinel.generated._client_factory import cf_bookmark + sentinel_bookmark = CliCommandType( + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._bookmark_operations#BookmarkOperation' + 's.{}', + client_factory=cf_bookmark) + with self.command_group('sentinel bookmark', sentinel_bookmark, client_factory=cf_bookmark, + is_experimental=True) as g: + g.custom_command('list', 'sentinel_bookmark_list') + g.custom_show_command('show', 'sentinel_bookmark_show') + g.custom_command('create', 'sentinel_bookmark_create') + g.custom_command('update', 'sentinel_bookmark_update') + g.custom_command('delete', 'sentinel_bookmark_delete', confirmation=True) + + from azext_sentinel.generated._client_factory import cf_data_connector + sentinel_data_connector = CliCommandType( + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._data_connector_operations#DataConnect' + 'orOperations.{}', + client_factory=cf_data_connector) + with self.command_group('sentinel data-connector', sentinel_data_connector, client_factory=cf_data_connector, + is_experimental=True) as g: + g.custom_command('list', 'sentinel_data_connector_list') + g.custom_show_command('show', 'sentinel_data_connector_show') + g.custom_command('create', 'sentinel_data_connector_create') + g.generic_update_command('update', setter_arg_name='data_connector', custom_func_name='' + 'sentinel_data_connector_update') + g.custom_command('delete', 'sentinel_data_connector_delete', confirmation=True) + + from azext_sentinel.generated._client_factory import cf_incident + sentinel_incident = CliCommandType( + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_operations#IncidentOperation' + 's.{}', + client_factory=cf_incident) + with self.command_group('sentinel incident', sentinel_incident, client_factory=cf_incident, + is_experimental=True) as g: + g.custom_command('list', 'sentinel_incident_list') + g.custom_show_command('show', 'sentinel_incident_show') + g.custom_command('create', 'sentinel_incident_create') + g.custom_command('update', 'sentinel_incident_update') + g.custom_command('delete', 'sentinel_incident_delete', confirmation=True) + + from azext_sentinel.generated._client_factory import cf_incident_comment + sentinel_incident_comment = CliCommandType( + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_comment_operations#IncidentC' + 'ommentOperations.{}', + client_factory=cf_incident_comment) + with self.command_group('sentinel incident-comment', sentinel_incident_comment, client_factory=cf_incident_comment, + is_experimental=True) as g: + g.custom_command('list', 'sentinel_incident_comment_list') + g.custom_show_command('show', 'sentinel_incident_comment_show') + g.custom_command('create', 'sentinel_incident_comment_create') diff --git a/src/securityinsight/azext_sentinel/generated/custom.py b/src/securityinsight/azext_sentinel/generated/custom.py new file mode 100644 index 00000000000..aecb82f2db6 --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/custom.py @@ -0,0 +1,433 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=too-many-lines +# pylint: disable=unused-argument + +from knack.util import CLIError + + +def sentinel_alert_rule_list(client, + resource_group_name, + workspace_name): + return client.list(resource_group_name=resource_group_name, + workspace_name=workspace_name) + + +def sentinel_alert_rule_show(client, + resource_group_name, + workspace_name, + rule_id): + return client.get(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id) + + +def sentinel_alert_rule_create(client, + resource_group_name, + workspace_name, + rule_id, + action_id=None, + etag=None, + logic_app_resource_id=None, + trigger_uri=None, + fusion_alert_rule=None, + microsoft_security_incident_creation_alert_rule=None, + scheduled_alert_rule=None): + all_alert_rule = [] + if fusion_alert_rule is not None: + all_alert_rule.append(fusion_alert_rule) + if microsoft_security_incident_creation_alert_rule is not None: + all_alert_rule.append(microsoft_security_incident_creation_alert_rule) + if scheduled_alert_rule is not None: + all_alert_rule.append(scheduled_alert_rule) + if len(all_alert_rule) > 1: + raise CLIError('at most one of fusion_alert_rule, microsoft_security_incident_creation_alert_rule, ' + 'scheduled_alert_rule is needed for alert_rule!') + alert_rule = all_alert_rule[0] if len(all_alert_rule) == 1 else None + if resource_group_name and workspace_name is not None and rule_id is not None and action_id is not None: + return client.create_or_update_action(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + action_id=action_id, + etag=etag, + logic_app_resource_id=logic_app_resource_id, + trigger_uri=trigger_uri) + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + alert_rule=alert_rule) + + +def sentinel_alert_rule_update(instance, + resource_group_name, + workspace_name, + rule_id, + fusion_alert_rule=None, + microsoft_security_incident_creation_alert_rule=None, + scheduled_alert_rule=None): + return instance + + +def sentinel_alert_rule_delete(client, + resource_group_name, + workspace_name, + rule_id, + action_id=None): + if resource_group_name and workspace_name is not None and rule_id is not None and action_id is not None: + return client.delete_action(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + action_id=action_id) + return client.delete(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id) + + +def sentinel_alert_rule_get_action(client, + resource_group_name, + workspace_name, + rule_id, + action_id): + return client.get_action(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + action_id=action_id) + + +def sentinel_action_list(client, + resource_group_name, + workspace_name, + rule_id): + return client.list_by_alert_rule(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id) + + +def sentinel_alert_rule_template_list(client, + resource_group_name, + workspace_name): + return client.list(resource_group_name=resource_group_name, + workspace_name=workspace_name) + + +def sentinel_alert_rule_template_show(client, + resource_group_name, + workspace_name, + alert_rule_template_id): + return client.get(resource_group_name=resource_group_name, + workspace_name=workspace_name, + alert_rule_template_id=alert_rule_template_id) + + +def sentinel_bookmark_list(client, + resource_group_name, + workspace_name): + return client.list(resource_group_name=resource_group_name, + workspace_name=workspace_name) + + +def sentinel_bookmark_show(client, + resource_group_name, + workspace_name, + bookmark_id): + return client.get(resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id) + + +def sentinel_bookmark_create(client, + resource_group_name, + workspace_name, + bookmark_id, + etag=None, + created=None, + display_name=None, + labels=None, + notes=None, + query=None, + query_result=None, + updated=None, + incident_info=None, + updated_by_object_id=None): + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + etag=etag, + created=created, + display_name=display_name, + labels=labels, + notes=notes, + query=query, + query_result=query_result, + updated=updated, + incident_info=incident_info, + object_id=updated_by_object_id) + + +def sentinel_bookmark_update(client, + resource_group_name, + workspace_name, + bookmark_id, + etag=None, + created=None, + display_name=None, + labels=None, + notes=None, + query=None, + query_result=None, + updated=None, + incident_info=None, + updated_by_object_id=None): + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + etag=etag, + created=created, + display_name=display_name, + labels=labels, + notes=notes, + query=query, + query_result=query_result, + updated=updated, + incident_info=incident_info, + object_id=updated_by_object_id) + + +def sentinel_bookmark_delete(client, + resource_group_name, + workspace_name, + bookmark_id): + return client.delete(resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id) + + +def sentinel_data_connector_list(client, + resource_group_name, + workspace_name): + return client.list(resource_group_name=resource_group_name, + workspace_name=workspace_name) + + +def sentinel_data_connector_show(client, + resource_group_name, + workspace_name, + data_connector_id): + return client.get(resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id) + + +def sentinel_data_connector_create(client, + resource_group_name, + workspace_name, + data_connector_id, + aad_data_connector=None, + aatp_data_connector=None, + asc_data_connector=None, + aws_cloud_trail_data_connector=None, + mcas_data_connector=None, + mdatp_data_connector=None, + office_data_connector=None, + ti_data_connector=None): + all_data_connector = [] + if aad_data_connector is not None: + all_data_connector.append(aad_data_connector) + if aatp_data_connector is not None: + all_data_connector.append(aatp_data_connector) + if asc_data_connector is not None: + all_data_connector.append(asc_data_connector) + if aws_cloud_trail_data_connector is not None: + all_data_connector.append(aws_cloud_trail_data_connector) + if mcas_data_connector is not None: + all_data_connector.append(mcas_data_connector) + if mdatp_data_connector is not None: + all_data_connector.append(mdatp_data_connector) + if office_data_connector is not None: + all_data_connector.append(office_data_connector) + if ti_data_connector is not None: + all_data_connector.append(ti_data_connector) + if len(all_data_connector) > 1: + raise CLIError('at most one of aad_data_connector, aatp_data_connector, asc_data_connector, ' + 'aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, ' + 'office_data_connector, ti_data_connector is needed for data_connector!') + if len(all_data_connector) != 1: + raise CLIError('data_connector is required. but none of aad_data_connector, aatp_data_connector, ' + 'asc_data_connector, aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, ' + 'office_data_connector, ti_data_connector is provided!') + data_connector = all_data_connector[0] if len(all_data_connector) == 1 else None + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id, + data_connector=data_connector) + + +def sentinel_data_connector_update(instance, + resource_group_name, + workspace_name, + data_connector_id, + aad_data_connector=None, + aatp_data_connector=None, + asc_data_connector=None, + aws_cloud_trail_data_connector=None, + mcas_data_connector=None, + mdatp_data_connector=None, + office_data_connector=None, + ti_data_connector=None): + return instance + + +def sentinel_data_connector_delete(client, + resource_group_name, + workspace_name, + data_connector_id): + return client.delete(resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id) + + +def sentinel_incident_list(client, + resource_group_name, + workspace_name, + filter_=None, + orderby=None, + top=None, + skip_token=None): + return client.list(resource_group_name=resource_group_name, + workspace_name=workspace_name, + filter=filter_, + orderby=orderby, + top=top, + skip_token=skip_token) + + +def sentinel_incident_show(client, + resource_group_name, + workspace_name, + incident_id): + return client.get(resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_id=incident_id) + + +def sentinel_incident_create(client, + resource_group_name, + workspace_name, + incident_id, + etag=None, + classification=None, + classification_comment=None, + classification_reason=None, + description=None, + first_activity_time_utc=None, + labels=None, + last_activity_time_utc=None, + owner=None, + severity=None, + status=None, + title=None): + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_id=incident_id, + etag=etag, + classification=classification, + classification_comment=classification_comment, + classification_reason=classification_reason, + description=description, + first_activity_time_utc=first_activity_time_utc, + labels=labels, + last_activity_time_utc=last_activity_time_utc, + owner=owner, + severity=severity, + status=status, + title=title) + + +def sentinel_incident_update(client, + resource_group_name, + workspace_name, + incident_id, + etag=None, + classification=None, + classification_comment=None, + classification_reason=None, + description=None, + first_activity_time_utc=None, + labels=None, + last_activity_time_utc=None, + owner=None, + severity=None, + status=None, + title=None): + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_id=incident_id, + etag=etag, + classification=classification, + classification_comment=classification_comment, + classification_reason=classification_reason, + description=description, + first_activity_time_utc=first_activity_time_utc, + labels=labels, + last_activity_time_utc=last_activity_time_utc, + owner=owner, + severity=severity, + status=status, + title=title) + + +def sentinel_incident_delete(client, + resource_group_name, + workspace_name, + incident_id): + return client.delete(resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_id=incident_id) + + +def sentinel_incident_comment_list(client, + resource_group_name, + workspace_name, + incident_id, + filter_=None, + orderby=None, + top=None, + skip_token=None): + return client.list_by_incident(resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_id=incident_id, + filter=filter_, + orderby=orderby, + top=top, + skip_token=skip_token) + + +def sentinel_incident_comment_show(client, + resource_group_name, + workspace_name, + incident_id, + incident_comment_id): + return client.get(resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_id=incident_id, + incident_comment_id=incident_comment_id) + + +def sentinel_incident_comment_create(client, + resource_group_name, + workspace_name, + incident_id, + incident_comment_id, + message=None): + return client.create_comment(resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_id=incident_id, + incident_comment_id=incident_comment_id, + message=message) diff --git a/src/securityinsight/azext_sentinel/manual/__init__.py b/src/securityinsight/azext_sentinel/manual/__init__.py new file mode 100644 index 00000000000..c9cfdc73e77 --- /dev/null +++ b/src/securityinsight/azext_sentinel/manual/__init__.py @@ -0,0 +1,12 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +__path__ = __import__('pkgutil').extend_path(__path__, __name__) diff --git a/src/securityinsight/azext_sentinel/tests/__init__.py b/src/securityinsight/azext_sentinel/tests/__init__.py new file mode 100644 index 00000000000..50e0627daff --- /dev/null +++ b/src/securityinsight/azext_sentinel/tests/__init__.py @@ -0,0 +1,114 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +import inspect +import logging +import os +import sys +import traceback +import datetime as dt + +from azure.core.exceptions import AzureError +from azure.cli.testsdk.exceptions import CliTestError, CliExecutionError, JMESPathCheckAssertionError + + +logger = logging.getLogger('azure.cli.testsdk') +logger.addHandler(logging.StreamHandler()) +__path__ = __import__('pkgutil').extend_path(__path__, __name__) +exceptions = [] +test_map = dict() +SUCCESSED = "successed" +FAILED = "failed" + + +def try_manual(func): + def import_manual_function(origin_func): + from importlib import import_module + decorated_path = inspect.getfile(origin_func) + module_path = __path__[0] + if not decorated_path.startswith(module_path): + raise Exception("Decorator can only be used in submodules!") + manual_path = os.path.join( + decorated_path[module_path.rfind(os.path.sep) + 1:]) + manual_file_path, manual_file_name = os.path.split(manual_path) + module_name, _ = os.path.splitext(manual_file_name) + manual_module = "..manual." + \ + ".".join(manual_file_path.split(os.path.sep) + [module_name, ]) + return getattr(import_module(manual_module, package=__name__), origin_func.__name__) + + def get_func_to_call(): + func_to_call = func + try: + func_to_call = import_manual_function(func) + func_to_call = import_manual_function(func) + logger.info("Found manual override for %s(...)", func.__name__) + except (ImportError, AttributeError): + pass + return func_to_call + + def wrapper(*args, **kwargs): + func_to_call = get_func_to_call() + logger.info("running %s()...", func.__name__) + try: + test_map[func.__name__] = dict() + test_map[func.__name__]["result"] = SUCCESSED + test_map[func.__name__]["error_message"] = "" + test_map[func.__name__]["error_stack"] = "" + test_map[func.__name__]["error_normalized"] = "" + test_map[func.__name__]["start_dt"] = dt.datetime.utcnow() + ret = func_to_call(*args, **kwargs) + except (AssertionError, AzureError, CliTestError, CliExecutionError, SystemExit, + JMESPathCheckAssertionError) as e: + test_map[func.__name__]["end_dt"] = dt.datetime.utcnow() + test_map[func.__name__]["result"] = FAILED + test_map[func.__name__]["error_message"] = str(e).replace("\r\n", " ").replace("\n", " ")[:500] + test_map[func.__name__]["error_stack"] = traceback.format_exc().replace( + "\r\n", " ").replace("\n", " ")[:500] + logger.info("--------------------------------------") + logger.info("step exception: %s", e) + logger.error("--------------------------------------") + logger.error("step exception in %s: %s", func.__name__, e) + logger.info(traceback.format_exc()) + exceptions.append((func.__name__, sys.exc_info())) + else: + test_map[func.__name__]["end_dt"] = dt.datetime.utcnow() + return ret + + if inspect.isclass(func): + return get_func_to_call() + return wrapper + + +def calc_coverage(filename): + filename = filename.split(".")[0] + coverage_name = filename + "_coverage.md" + with open(coverage_name, "w") as f: + f.write("|Scenario|Result|ErrorMessage|ErrorStack|ErrorNormalized|StartDt|EndDt|\n") + total = len(test_map) + covered = 0 + for k, v in test_map.items(): + if not k.startswith("step_"): + total -= 1 + continue + if v["result"] == SUCCESSED: + covered += 1 + f.write("|{step_name}|{result}|{error_message}|{error_stack}|{error_normalized}|{start_dt}|" + "{end_dt}|\n".format(step_name=k, **v)) + f.write("Coverage: {}/{}\n".format(covered, total)) + print("Create coverage\n", file=sys.stderr) + + +def raise_if(): + if exceptions: + if len(exceptions) <= 1: + raise exceptions[0][1][1] + message = "{}\nFollowed with exceptions in other steps:\n".format(str(exceptions[0][1][1])) + message += "\n".join(["{}: {}".format(h[0], h[1][1]) for h in exceptions[1:]]) + raise exceptions[0][1][0](message).with_traceback(exceptions[0][1][2]) diff --git a/src/securityinsight/azext_sentinel/tests/latest/__init__.py b/src/securityinsight/azext_sentinel/tests/latest/__init__.py new file mode 100644 index 00000000000..c9cfdc73e77 --- /dev/null +++ b/src/securityinsight/azext_sentinel/tests/latest/__init__.py @@ -0,0 +1,12 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +__path__ = __import__('pkgutil').extend_path(__path__, __name__) diff --git a/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py b/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py new file mode 100644 index 00000000000..6e1e99057bb --- /dev/null +++ b/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py @@ -0,0 +1,486 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import os +from azure.cli.testsdk import ScenarioTest +from .. import try_manual, raise_if, calc_coverage +from azure.cli.testsdk import ResourceGroupPreparer + + +TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..')) + + +# Env setup +@try_manual +def setup(test, rg): + pass + + +# EXAMPLE: /Actions/get/Get all actions of alert rule. +@try_manual +def step__actions_get_get_all_actions_of_alert_rule_(test, rg): + test.cmd('az sentinel action list ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/put/Creates or updates a Fusion alert rule. +@try_manual +def step__alertrules_put(test, rg): + test.cmd('az sentinel alert-rule create ' + '--fusion-alert-rule etag="3d00c3ca-0000-0100-0000-5d42d5010000" alert-rule-template-name="f71aba3d-28fb-4' + '50b-b192-4e76a83015c8" enabled=true ' + '--resource-group "{rg}" ' + '--rule-id "myFirstFusionRule" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/put/Creates or updates a MicrosoftSecurityIncidentCreation rule. +@try_manual +def step__alertrules_put2(test, rg): + test.cmd('az sentinel alert-rule create ' + '--microsoft-security-incident-creation-alert-rule etag="\\"260097e0-0000-0d00-0000-5d6fa88f0000\\"" ' + 'product-filter="Microsoft Cloud App Security" display-name="testing displayname" enabled=true ' + '--resource-group "{rg}" ' + '--rule-id "microsoftSecurityIncidentCreationRuleExample" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/put/Creates or updates a Scheduled alert rule. +@try_manual +def step__alertrules_put3(test, rg): + test.cmd('az sentinel alert-rule create ' + '--scheduled-alert-rule etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" query="ProtectionStatus | ' + 'extend HostCustomEntity query-frequency="PT1H" query-period="P2DT1H30M" severity="High" ' + 'trigger-operator="GreaterThan" trigger-threshold=0 description="" display-name="Rule2" enabled=true ' + 'suppression-duration="PT1H" suppression-enabled=false tactics="Persistence" tactics="LateralMovement" ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/put/Creates or updates an action of alert rule. +@try_manual +def step__alertrules_put4(test, rg): + test.cmd('az sentinel alert-rule create ' + '--etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" ' + '--logic-app-resource-id "/subscriptions/{subscription_id}/resourceGroups/{rg}/providers/Microsoft.Logic/w' + 'orkflows/MyAlerts" ' + '--trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d4' + '8d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signatur' + 'e" ' + '--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/get/Get a Fusion alert rule. +@try_manual +def step__alertrules_get_get_a_fusion_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule show ' + '--resource-group "{rg}" ' + '--rule-id "myFirstFusionRule" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/get/Get a MicrosoftSecurityIncidentCreation rule. +@try_manual +def step__alertrules_get(test, rg): + test.cmd('az sentinel alert-rule show ' + '--resource-group "{rg}" ' + '--rule-id "microsoftSecurityIncidentCreationRuleExample" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/get/Get a Scheduled alert rule. +@try_manual +def step__alertrules_get_get_a_scheduled_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule show ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/get/Get all alert rules. +@try_manual +def step__alertrules_get_get_all_alert_rules_(test, rg): + test.cmd('az sentinel alert-rule list ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/get/Get an action of alert rule. +@try_manual +def step__alertrules_get_get_an_action_of_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule get-action ' + '--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/delete/Delete an action of alert rule. +@try_manual +def step__alertrules_delete(test, rg): + test.cmd('az sentinel alert-rule delete -y ' + '--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/delete/Delete an alert rule. +@try_manual +def step__alertrules_delete_delete_an_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule delete -y ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRuleTemplates/get/Get alert rule template by Id. +@try_manual +def step__alertruletemplates_get(test, rg): + test.cmd('az sentinel alert-rule-template show ' + '--alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRuleTemplates/get/Get all alert rule templates. +@try_manual +def step__alertruletemplates_get2(test, rg): + test.cmd('az sentinel alert-rule-template list ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /Bookmarks/put/Creates or updates a bookmark. +@try_manual +def step__bookmarks_put_creates_or_updates_a_bookmark_(test, rg): + test.cmd('az sentinel bookmark create ' + '--etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" ' + '--created "2019-01-01T13:15:30Z" ' + '--display-name "My bookmark" ' + '--labels "Tag1" ' + '--labels "Tag2" ' + '--notes "Found a suspicious activity" ' + '--query "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" ' + '--query-result "Security Event query result" ' + '--updated "2019-01-01T13:15:30Z" ' + '--bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /Bookmarks/get/Get a bookmark. +@try_manual +def step__bookmarks_get_get_a_bookmark_(test, rg): + test.cmd('az sentinel bookmark show ' + '--bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /Bookmarks/get/Get all bookmarks. +@try_manual +def step__bookmarks_get_get_all_bookmarks_(test, rg): + test.cmd('az sentinel bookmark list ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /Bookmarks/delete/Delete a bookmark. +@try_manual +def step__bookmarks_delete_delete_a_bookmark_(test, rg): + test.cmd('az sentinel bookmark delete -y ' + '--bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/put/Creates or updates an Office365 data connector. +@try_manual +def step__dataconnectors_put(test, rg): + test.cmd('az sentinel data-connector create ' + '--office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" tenant-id="2070ecc9-b4d5-4ae4-a' + 'daa-936fa1954fa8" ' + '--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get a ASC data connector. +@try_manual +def step__dataconnectors_get_get_a_asc_data_connector_(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get a MCAS data connector. +@try_manual +def step__dataconnectors_get(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get a MDATP data connector +@try_manual +def step__dataconnectors_get2(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get a TI data connector. +@try_manual +def step__dataconnectors_get_get_a_ti_data_connector_(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get all data connectors. +@try_manual +def step__dataconnectors_get_get_all_data_connectors_(test, rg): + test.cmd('az sentinel data-connector list ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get an AAD data connector. +@try_manual +def step__dataconnectors_get3(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get an AATP data connector. +@try_manual +def step__dataconnectors_get4(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get an AwsCloudTrail data connector. +@try_manual +def step__dataconnectors_get5(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get an Office365 data connector. +@try_manual +def step__dataconnectors_get6(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/delete/Delete an Office365 data connector. +@try_manual +def step__dataconnectors_delete(test, rg): + test.cmd('az sentinel data-connector delete -y ' + '--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /IncidentComments/put/Creates an incident comment. +@try_manual +def step__incidentcomments_put(test, rg): + test.cmd('az sentinel incident-comment create ' + '--message "Some message" ' + '--incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" ' + '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /IncidentComments/get/Get all incident comments. +@try_manual +def step__incidentcomments_get(test, rg): + test.cmd('az sentinel incident-comment list ' + '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /IncidentComments/get/Get an incident comment. +@try_manual +def step__incidentcomments_get2(test, rg): + test.cmd('az sentinel incident-comment show ' + '--incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" ' + '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /Incidents/put/Creates or updates an incident. +@try_manual +def step__incidents_put(test, rg): + test.cmd('az sentinel incident create ' + '--etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" ' + '--description "This is a demo incident" ' + '--classification "FalsePositive" ' + '--classification-comment "Not a malicious activity" ' + '--classification-reason "IncorrectAlertLogic" ' + '--first-activity-time-utc "2019-01-01T13:00:30Z" ' + '--last-activity-time-utc "2019-01-01T13:05:30Z" ' + '--owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" ' + '--severity "High" ' + '--status "Closed" ' + '--title "My incident" ' + '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /Incidents/get/Get all incidents. +@try_manual +def step__incidents_get_get_all_incidents_(test, rg): + test.cmd('az sentinel incident list ' + '--orderby "properties/createdTimeUtc desc" ' + '--top 1 ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /Incidents/get/Get an incident. +@try_manual +def step__incidents_get_get_an_incident_(test, rg): + test.cmd('az sentinel incident show ' + '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /Incidents/delete/Delete an incident. +@try_manual +def step__incidents_delete_delete_an_incident_(test, rg): + test.cmd('az sentinel incident delete -y ' + '--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# Env cleanup +@try_manual +def cleanup(test, rg): + pass + + +# Testcase +@try_manual +def call_scenario(test, rg): + setup(test, rg) + step__actions_get_get_all_actions_of_alert_rule_(test, rg) + step__alertrules_put(test, rg) + step__alertrules_put2(test, rg) + step__alertrules_put3(test, rg) + step__alertrules_put4(test, rg) + step__alertrules_get_get_a_fusion_alert_rule_(test, rg) + step__alertrules_get(test, rg) + step__alertrules_get_get_a_scheduled_alert_rule_(test, rg) + step__alertrules_get_get_all_alert_rules_(test, rg) + step__alertrules_get_get_an_action_of_alert_rule_(test, rg) + step__alertrules_delete(test, rg) + step__alertrules_delete_delete_an_alert_rule_(test, rg) + step__alertruletemplates_get(test, rg) + step__alertruletemplates_get2(test, rg) + step__bookmarks_put_creates_or_updates_a_bookmark_(test, rg) + step__bookmarks_get_get_a_bookmark_(test, rg) + step__bookmarks_get_get_all_bookmarks_(test, rg) + step__bookmarks_delete_delete_a_bookmark_(test, rg) + step__dataconnectors_put(test, rg) + step__dataconnectors_get_get_a_asc_data_connector_(test, rg) + step__dataconnectors_get(test, rg) + step__dataconnectors_get2(test, rg) + step__dataconnectors_get_get_a_ti_data_connector_(test, rg) + step__dataconnectors_get_get_all_data_connectors_(test, rg) + step__dataconnectors_get3(test, rg) + step__dataconnectors_get4(test, rg) + step__dataconnectors_get5(test, rg) + step__dataconnectors_get6(test, rg) + step__dataconnectors_delete(test, rg) + step__incidentcomments_put(test, rg) + step__incidentcomments_get(test, rg) + step__incidentcomments_get2(test, rg) + step__incidents_put(test, rg) + step__incidents_get_get_all_incidents_(test, rg) + step__incidents_get_get_an_incident_(test, rg) + step__incidents_delete_delete_an_incident_(test, rg) + cleanup(test, rg) + + +@try_manual +class SecurityInsightsScenarioTest(ScenarioTest): + + @ResourceGroupPreparer(name_prefix='clitestsentinel_myRg'[:7], key='rg', parameter_name='rg') + def test_sentinel(self, rg): + + self.kwargs.update({ + 'subscription_id': self.get_subscription_id() + }) + + call_scenario(self, rg) + calc_coverage(__file__) + raise_if() diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/__init__.py new file mode 100644 index 00000000000..c9cfdc73e77 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/__init__.py @@ -0,0 +1,12 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +__path__ = __import__('pkgutil').extend_path(__path__, __name__) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/__init__.py new file mode 100644 index 00000000000..adcb1a40f19 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/__init__.py @@ -0,0 +1,16 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from ._security_insights import SecurityInsights +__all__ = ['SecurityInsights'] + +try: + from ._patch import patch_sdk # type: ignore + patch_sdk() +except ImportError: + pass diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_configuration.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_configuration.py new file mode 100644 index 00000000000..e24ce7ef4eb --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_configuration.py @@ -0,0 +1,70 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from typing import TYPE_CHECKING + +from azure.core.configuration import Configuration +from azure.core.pipeline import policies +from azure.mgmt.core.policies import ARMHttpLoggingPolicy + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any + + from azure.core.credentials import TokenCredential + +VERSION = "unknown" + +class SecurityInsightsConfiguration(Configuration): + """Configuration for SecurityInsights. + + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credential: Credential needed for the client to connect to Azure. + :type credential: ~azure.core.credentials.TokenCredential + :param subscription_id: Azure subscription ID. + :type subscription_id: str + """ + + def __init__( + self, + credential, # type: "TokenCredential" + subscription_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + if credential is None: + raise ValueError("Parameter 'credential' must not be None.") + if subscription_id is None: + raise ValueError("Parameter 'subscription_id' must not be None.") + super(SecurityInsightsConfiguration, self).__init__(**kwargs) + + self.credential = credential + self.subscription_id = subscription_id + self.api_version = "2020-01-01" + self.credential_scopes = kwargs.pop('credential_scopes', ['https://management.azure.com/.default']) + kwargs.setdefault('sdk_moniker', 'securityinsights/{}'.format(VERSION)) + self._configure(**kwargs) + + def _configure( + self, + **kwargs # type: Any + ): + # type: (...) -> None + self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) + self.http_logging_policy = kwargs.get('http_logging_policy') or ARMHttpLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get('retry_policy') or policies.RetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs) + self.authentication_policy = kwargs.get('authentication_policy') + if self.credential and not self.authentication_policy: + self.authentication_policy = policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py new file mode 100644 index 00000000000..3f1b4e49c01 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py @@ -0,0 +1,103 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from typing import TYPE_CHECKING + +from azure.mgmt.core import ARMPipelineClient +from msrest import Deserializer, Serializer + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Optional + + from azure.core.credentials import TokenCredential + +from ._configuration import SecurityInsightsConfiguration +from .operations import OperationOperations +from .operations import AlertRuleOperations +from .operations import ActionOperations +from .operations import AlertRuleTemplateOperations +from .operations import BookmarkOperations +from .operations import DataConnectorOperations +from .operations import IncidentOperations +from .operations import IncidentCommentOperations +from . import models + + +class SecurityInsights(object): + """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. + + :ivar operation: OperationOperations operations + :vartype operation: security_insights.operations.OperationOperations + :ivar alert_rule: AlertRuleOperations operations + :vartype alert_rule: security_insights.operations.AlertRuleOperations + :ivar action: ActionOperations operations + :vartype action: security_insights.operations.ActionOperations + :ivar alert_rule_template: AlertRuleTemplateOperations operations + :vartype alert_rule_template: security_insights.operations.AlertRuleTemplateOperations + :ivar bookmark: BookmarkOperations operations + :vartype bookmark: security_insights.operations.BookmarkOperations + :ivar data_connector: DataConnectorOperations operations + :vartype data_connector: security_insights.operations.DataConnectorOperations + :ivar incident: IncidentOperations operations + :vartype incident: security_insights.operations.IncidentOperations + :ivar incident_comment: IncidentCommentOperations operations + :vartype incident_comment: security_insights.operations.IncidentCommentOperations + :param credential: Credential needed for the client to connect to Azure. + :type credential: ~azure.core.credentials.TokenCredential + :param subscription_id: Azure subscription ID. + :type subscription_id: str + :param str base_url: Service URL + """ + + def __init__( + self, + credential, # type: "TokenCredential" + subscription_id, # type: str + base_url=None, # type: Optional[str] + **kwargs # type: Any + ): + # type: (...) -> None + if not base_url: + base_url = 'https://management.azure.com' + self._config = SecurityInsightsConfiguration(credential, subscription_id, **kwargs) + self._client = ARMPipelineClient(base_url=base_url, config=self._config, **kwargs) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + self.operation = OperationOperations( + self._client, self._config, self._serialize, self._deserialize) + self.alert_rule = AlertRuleOperations( + self._client, self._config, self._serialize, self._deserialize) + self.action = ActionOperations( + self._client, self._config, self._serialize, self._deserialize) + self.alert_rule_template = AlertRuleTemplateOperations( + self._client, self._config, self._serialize, self._deserialize) + self.bookmark = BookmarkOperations( + self._client, self._config, self._serialize, self._deserialize) + self.data_connector = DataConnectorOperations( + self._client, self._config, self._serialize, self._deserialize) + self.incident = IncidentOperations( + self._client, self._config, self._serialize, self._deserialize) + self.incident_comment = IncidentCommentOperations( + self._client, self._config, self._serialize, self._deserialize) + + def close(self): + # type: () -> None + self._client.close() + + def __enter__(self): + # type: () -> SecurityInsights + self._client.__enter__() + return self + + def __exit__(self, *exc_details): + # type: (Any) -> None + self._client.__exit__(*exc_details) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/__init__.py new file mode 100644 index 00000000000..17980852599 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/__init__.py @@ -0,0 +1,10 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from ._security_insights import SecurityInsights +__all__ = ['SecurityInsights'] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_configuration.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_configuration.py new file mode 100644 index 00000000000..160eb378d2f --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_configuration.py @@ -0,0 +1,66 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from typing import Any, TYPE_CHECKING + +from azure.core.configuration import Configuration +from azure.core.pipeline import policies +from azure.mgmt.core.policies import ARMHttpLoggingPolicy + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from azure.core.credentials_async import AsyncTokenCredential + +VERSION = "unknown" + +class SecurityInsightsConfiguration(Configuration): + """Configuration for SecurityInsights. + + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credential: Credential needed for the client to connect to Azure. + :type credential: ~azure.core.credentials_async.AsyncTokenCredential + :param subscription_id: Azure subscription ID. + :type subscription_id: str + """ + + def __init__( + self, + credential: "AsyncTokenCredential", + subscription_id: str, + **kwargs: Any + ) -> None: + if credential is None: + raise ValueError("Parameter 'credential' must not be None.") + if subscription_id is None: + raise ValueError("Parameter 'subscription_id' must not be None.") + super(SecurityInsightsConfiguration, self).__init__(**kwargs) + + self.credential = credential + self.subscription_id = subscription_id + self.api_version = "2020-01-01" + self.credential_scopes = kwargs.pop('credential_scopes', ['https://management.azure.com/.default']) + kwargs.setdefault('sdk_moniker', 'securityinsights/{}'.format(VERSION)) + self._configure(**kwargs) + + def _configure( + self, + **kwargs: Any + ) -> None: + self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) + self.http_logging_policy = kwargs.get('http_logging_policy') or ARMHttpLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get('retry_policy') or policies.AsyncRetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs) + self.authentication_policy = kwargs.get('authentication_policy') + if self.credential and not self.authentication_policy: + self.authentication_policy = policies.AsyncBearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py new file mode 100644 index 00000000000..7eb275a24fa --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py @@ -0,0 +1,97 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from typing import Any, Optional, TYPE_CHECKING + +from azure.mgmt.core import AsyncARMPipelineClient +from msrest import Deserializer, Serializer + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from azure.core.credentials_async import AsyncTokenCredential + +from ._configuration import SecurityInsightsConfiguration +from .operations import OperationOperations +from .operations import AlertRuleOperations +from .operations import ActionOperations +from .operations import AlertRuleTemplateOperations +from .operations import BookmarkOperations +from .operations import DataConnectorOperations +from .operations import IncidentOperations +from .operations import IncidentCommentOperations +from .. import models + + +class SecurityInsights(object): + """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. + + :ivar operation: OperationOperations operations + :vartype operation: security_insights.aio.operations.OperationOperations + :ivar alert_rule: AlertRuleOperations operations + :vartype alert_rule: security_insights.aio.operations.AlertRuleOperations + :ivar action: ActionOperations operations + :vartype action: security_insights.aio.operations.ActionOperations + :ivar alert_rule_template: AlertRuleTemplateOperations operations + :vartype alert_rule_template: security_insights.aio.operations.AlertRuleTemplateOperations + :ivar bookmark: BookmarkOperations operations + :vartype bookmark: security_insights.aio.operations.BookmarkOperations + :ivar data_connector: DataConnectorOperations operations + :vartype data_connector: security_insights.aio.operations.DataConnectorOperations + :ivar incident: IncidentOperations operations + :vartype incident: security_insights.aio.operations.IncidentOperations + :ivar incident_comment: IncidentCommentOperations operations + :vartype incident_comment: security_insights.aio.operations.IncidentCommentOperations + :param credential: Credential needed for the client to connect to Azure. + :type credential: ~azure.core.credentials_async.AsyncTokenCredential + :param subscription_id: Azure subscription ID. + :type subscription_id: str + :param str base_url: Service URL + """ + + def __init__( + self, + credential: "AsyncTokenCredential", + subscription_id: str, + base_url: Optional[str] = None, + **kwargs: Any + ) -> None: + if not base_url: + base_url = 'https://management.azure.com' + self._config = SecurityInsightsConfiguration(credential, subscription_id, **kwargs) + self._client = AsyncARMPipelineClient(base_url=base_url, config=self._config, **kwargs) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + self.operation = OperationOperations( + self._client, self._config, self._serialize, self._deserialize) + self.alert_rule = AlertRuleOperations( + self._client, self._config, self._serialize, self._deserialize) + self.action = ActionOperations( + self._client, self._config, self._serialize, self._deserialize) + self.alert_rule_template = AlertRuleTemplateOperations( + self._client, self._config, self._serialize, self._deserialize) + self.bookmark = BookmarkOperations( + self._client, self._config, self._serialize, self._deserialize) + self.data_connector = DataConnectorOperations( + self._client, self._config, self._serialize, self._deserialize) + self.incident = IncidentOperations( + self._client, self._config, self._serialize, self._deserialize) + self.incident_comment = IncidentCommentOperations( + self._client, self._config, self._serialize, self._deserialize) + + async def close(self) -> None: + await self._client.close() + + async def __aenter__(self) -> "SecurityInsights": + await self._client.__aenter__() + return self + + async def __aexit__(self, *exc_details) -> None: + await self._client.__aexit__(*exc_details) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py new file mode 100644 index 00000000000..5e67996dcd4 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py @@ -0,0 +1,27 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from ._operation_operations import OperationOperations +from ._alert_rule_operations import AlertRuleOperations +from ._action_operations import ActionOperations +from ._alert_rule_template_operations import AlertRuleTemplateOperations +from ._bookmark_operations import BookmarkOperations +from ._data_connector_operations import DataConnectorOperations +from ._incident_operations import IncidentOperations +from ._incident_comment_operations import IncidentCommentOperations + +__all__ = [ + 'OperationOperations', + 'AlertRuleOperations', + 'ActionOperations', + 'AlertRuleTemplateOperations', + 'BookmarkOperations', + 'DataConnectorOperations', + 'IncidentOperations', + 'IncidentCommentOperations', +] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py new file mode 100644 index 00000000000..378198b2cfb --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py @@ -0,0 +1,121 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class ActionOperations: + """ActionOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list_by_alert_rule( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + **kwargs + ) -> AsyncIterable["models.ActionsList"]: + """Gets all actions of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ActionsList or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.ActionsList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionsList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list_by_alert_rule.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('ActionsList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py new file mode 100644 index 00000000000..89d90bb06be --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py @@ -0,0 +1,535 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class AlertRuleOperations: + """AlertRuleOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name: str, + workspace_name: str, + **kwargs + ) -> AsyncIterable["models.AlertRulesList"]: + """Gets all alert rules. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either AlertRulesList or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.AlertRulesList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRulesList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('AlertRulesList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} # type: ignore + + async def get( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + **kwargs + ) -> "models.AlertRule": + """Gets the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule, or the result of cls(response) + :rtype: ~security_insights.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore + + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + alert_rule: "models.AlertRule", + **kwargs + ) -> "models.AlertRule": + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param alert_rule: The alert rule. + :type alert_rule: ~security_insights.models.AlertRule + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule, or the result of cls(response) + :rtype: ~security_insights.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(alert_rule, 'AlertRule') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore + + async def delete( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + **kwargs + ) -> None: + """Delete the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore + + async def get_action( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + **kwargs + ) -> "models.ActionResponse": + """Gets the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse, or the result of cls(response) + :rtype: ~security_insights.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get_action.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore + + async def create_or_update_action( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + etag: Optional[str] = None, + logic_app_resource_id: Optional[str] = None, + trigger_uri: Optional[str] = None, + **kwargs + ) -> "models.ActionResponse": + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :param etag: Etag of the azure resource. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse, or the result of cls(response) + :rtype: ~security_insights.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + + action = models.ActionRequest(etag=etag, logic_app_resource_id=logic_app_resource_id, trigger_uri=trigger_uri) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update_action.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(action, 'ActionRequest') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore + + async def delete_action( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + **kwargs + ) -> None: + """Delete the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete_action.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py new file mode 100644 index 00000000000..986138cb66b --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py @@ -0,0 +1,180 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class AlertRuleTemplateOperations: + """AlertRuleTemplateOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name: str, + workspace_name: str, + **kwargs + ) -> AsyncIterable["models.AlertRuleTemplatesList"]: + """Gets all alert rule templates. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either AlertRuleTemplatesList or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.AlertRuleTemplatesList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRuleTemplatesList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('AlertRuleTemplatesList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates'} # type: ignore + + async def get( + self, + resource_group_name: str, + workspace_name: str, + alert_rule_template_id: str, + **kwargs + ) -> "models.AlertRuleTemplate": + """Gets the alert rule template. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param alert_rule_template_id: Alert rule template ID. + :type alert_rule_template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRuleTemplate, or the result of cls(response) + :rtype: ~security_insights.models.AlertRuleTemplate + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRuleTemplate"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'alertRuleTemplateId': self._serialize.url("alert_rule_template_id", alert_rule_template_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('AlertRuleTemplate', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py new file mode 100644 index 00000000000..6cd59a2dc8c --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py @@ -0,0 +1,345 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +import datetime +from typing import Any, AsyncIterable, Callable, Dict, Generic, List, Optional, TypeVar, Union +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class BookmarkOperations: + """BookmarkOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name: str, + workspace_name: str, + **kwargs + ) -> AsyncIterable["models.BookmarkList"]: + """Gets all bookmarks. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either BookmarkList or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.BookmarkList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.BookmarkList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('BookmarkList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks'} # type: ignore + + async def get( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + **kwargs + ) -> "models.Bookmark": + """Gets a bookmark. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param bookmark_id: Bookmark ID. + :type bookmark_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Bookmark, or the result of cls(response) + :rtype: ~security_insights.models.Bookmark + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.Bookmark"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('Bookmark', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore + + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + etag: Optional[str] = None, + created: Optional[datetime.datetime] = None, + display_name: Optional[str] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + incident_info: Optional["models.IncidentInfo"] = None, + object_id: Optional[str] = None, + **kwargs + ) -> "models.Bookmark": + """Creates or updates the bookmark. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param bookmark_id: Bookmark ID. + :type bookmark_id: str + :param etag: Etag of the azure resource. + :type etag: str + :param created: The time the bookmark was created. + :type created: ~datetime.datetime + :param display_name: The display name of the bookmark. + :type display_name: str + :param labels: List of labels relevant to this bookmark. + :type labels: list[str] + :param notes: The notes of the bookmark. + :type notes: str + :param query: The query of the bookmark. + :type query: str + :param query_result: The query result of the bookmark. + :type query_result: str + :param updated: The last time the bookmark was updated. + :type updated: ~datetime.datetime + :param incident_info: Describes an incident that relates to bookmark. + :type incident_info: ~security_insights.models.IncidentInfo + :param object_id: The object id of the user. + :type object_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Bookmark, or the result of cls(response) + :rtype: ~security_insights.models.Bookmark + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.Bookmark"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + + bookmark = models.Bookmark(etag=etag, created=created, display_name=display_name, labels=labels, notes=notes, query=query, query_result=query_result, updated=updated, incident_info=incident_info, object_id_updated_by_object_id=object_id) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(bookmark, 'Bookmark') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('Bookmark', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('Bookmark', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore + + async def delete( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + **kwargs + ) -> None: + """Delete the bookmark. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param bookmark_id: Bookmark ID. + :type bookmark_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py new file mode 100644 index 00000000000..9f83b3170a9 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py @@ -0,0 +1,315 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class DataConnectorOperations: + """DataConnectorOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name: str, + workspace_name: str, + **kwargs + ) -> AsyncIterable["models.DataConnectorList"]: + """Gets all data connectors. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either DataConnectorList or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.DataConnectorList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnectorList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('DataConnectorList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors'} # type: ignore + + async def get( + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + **kwargs + ) -> "models.DataConnector": + """Gets a data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector, or the result of cls(response) + :rtype: ~security_insights.models.DataConnector + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('DataConnector', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore + + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + data_connector: "models.DataConnector", + **kwargs + ) -> "models.DataConnector": + """Creates or updates the data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :param data_connector: The data connector. + :type data_connector: ~security_insights.models.DataConnector + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector, or the result of cls(response) + :rtype: ~security_insights.models.DataConnector + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(data_connector, 'DataConnector') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('DataConnector', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('DataConnector', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore + + async def delete( + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + **kwargs + ) -> None: + """Delete the data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py new file mode 100644 index 00000000000..cc2b8403fc1 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py @@ -0,0 +1,287 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class IncidentCommentOperations: + """IncidentCommentOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list_by_incident( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs + ) -> AsyncIterable["models.IncidentCommentList"]: + """Gets all incident comments. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. + :type filter: str + :param orderby: Sorts the results. Optional. + :type orderby: str + :param top: Returns only the first n results. Optional. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either IncidentCommentList or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.IncidentCommentList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentCommentList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list_by_incident.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + if orderby is not None: + query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str') + if top is not None: + query_parameters['$top'] = self._serialize.query("top", top, 'int') + if skip_token is not None: + query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('IncidentCommentList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list_by_incident.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments'} # type: ignore + + async def get( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + incident_comment_id: str, + **kwargs + ) -> "models.IncidentComment": + """Gets an incident comment. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :param incident_comment_id: Incident comment ID. + :type incident_comment_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: IncidentComment, or the result of cls(response) + :rtype: ~security_insights.models.IncidentComment + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentComment"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + 'incidentCommentId': self._serialize.url("incident_comment_id", incident_comment_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('IncidentComment', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}'} # type: ignore + + async def create_comment( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + incident_comment_id: str, + message: Optional[str] = None, + **kwargs + ) -> "models.IncidentComment": + """Creates the incident comment. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :param incident_comment_id: Incident comment ID. + :type incident_comment_id: str + :param message: The comment message. + :type message: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: IncidentComment, or the result of cls(response) + :rtype: ~security_insights.models.IncidentComment + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentComment"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + + incident_comment = models.IncidentComment(message=message) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_comment.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + 'incidentCommentId': self._serialize.url("incident_comment_id", incident_comment_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(incident_comment, 'IncidentComment') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('IncidentComment', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_comment.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py new file mode 100644 index 00000000000..8efc09e2788 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py @@ -0,0 +1,373 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +import datetime +from typing import Any, AsyncIterable, Callable, Dict, Generic, List, Optional, TypeVar, Union +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class IncidentOperations: + """IncidentOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs + ) -> AsyncIterable["models.IncidentList"]: + """Gets all incidents. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. + :type filter: str + :param orderby: Sorts the results. Optional. + :type orderby: str + :param top: Returns only the first n results. Optional. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either IncidentList or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.IncidentList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + if orderby is not None: + query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str') + if top is not None: + query_parameters['$top'] = self._serialize.query("top", top, 'int') + if skip_token is not None: + query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('IncidentList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents'} # type: ignore + + async def get( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + **kwargs + ) -> "models.Incident": + """Gets an incident. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Incident, or the result of cls(response) + :rtype: ~security_insights.models.Incident + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.Incident"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('Incident', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore + + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + etag: Optional[str] = None, + classification: Optional[Union[str, "models.IncidentClassification"]] = None, + classification_comment: Optional[str] = None, + classification_reason: Optional[Union[str, "models.IncidentClassificationReason"]] = None, + description: Optional[str] = None, + first_activity_time_utc: Optional[datetime.datetime] = None, + labels: Optional[List["models.IncidentLabel"]] = None, + last_activity_time_utc: Optional[datetime.datetime] = None, + owner: Optional["models.IncidentOwnerInfo"] = None, + severity: Optional[Union[str, "models.IncidentSeverity"]] = None, + status: Optional[Union[str, "models.IncidentStatus"]] = None, + title: Optional[str] = None, + **kwargs + ) -> "models.Incident": + """Creates or updates the incident. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :param etag: Etag of the azure resource. + :type etag: str + :param classification: The reason the incident was closed. + :type classification: str or ~security_insights.models.IncidentClassification + :param classification_comment: Describes the reason the incident was closed. + :type classification_comment: str + :param classification_reason: The classification reason the incident was closed with. + :type classification_reason: str or ~security_insights.models.IncidentClassificationReason + :param description: The description of the incident. + :type description: str + :param first_activity_time_utc: The time of the first activity in the incident. + :type first_activity_time_utc: ~datetime.datetime + :param labels: List of labels relevant to this incident. + :type labels: list[~security_insights.models.IncidentLabel] + :param last_activity_time_utc: The time of the last activity in the incident. + :type last_activity_time_utc: ~datetime.datetime + :param owner: Describes a user that the incident is assigned to. + :type owner: ~security_insights.models.IncidentOwnerInfo + :param severity: The severity of the incident. + :type severity: str or ~security_insights.models.IncidentSeverity + :param status: The status of the incident. + :type status: str or ~security_insights.models.IncidentStatus + :param title: The title of the incident. + :type title: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Incident, or the result of cls(response) + :rtype: ~security_insights.models.Incident + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.Incident"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + + incident = models.Incident(etag=etag, classification=classification, classification_comment=classification_comment, classification_reason=classification_reason, description=description, first_activity_time_utc=first_activity_time_utc, labels=labels, last_activity_time_utc=last_activity_time_utc, owner=owner, severity=severity, status=status, title=title) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(incident, 'Incident') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('Incident', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('Incident', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore + + async def delete( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + **kwargs + ) -> None: + """Delete the incident. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py new file mode 100644 index 00000000000..d8d19921e5c --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py @@ -0,0 +1,104 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class OperationOperations: + """OperationOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + **kwargs + ) -> AsyncIterable["models.OperationsList"]: + """Lists all operations available Azure Security Insights Resource Provider. + + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either OperationsList or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.OperationsList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.OperationsList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('OperationsList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/providers/Microsoft.SecurityInsights/operations'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py new file mode 100644 index 00000000000..d50534763d7 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py @@ -0,0 +1,245 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +try: + from ._models_py3 import AADDataConnector + from ._models_py3 import AATPDataConnector + from ._models_py3 import ASCDataConnector + from ._models_py3 import ASCDataConnectorProperties + from ._models_py3 import ActionPropertiesBase + from ._models_py3 import ActionRequest + from ._models_py3 import ActionRequestProperties + from ._models_py3 import ActionResponse + from ._models_py3 import ActionResponseProperties + from ._models_py3 import ActionsList + from ._models_py3 import AlertRule + from ._models_py3 import AlertRuleTemplate + from ._models_py3 import AlertRuleTemplateDataSource + from ._models_py3 import AlertRuleTemplatesList + from ._models_py3 import AlertRulesList + from ._models_py3 import AlertsDataTypeOfDataConnector + from ._models_py3 import AwsCloudTrailDataConnector + from ._models_py3 import AwsCloudTrailDataConnectorDataTypesLogs + from ._models_py3 import Bookmark + from ._models_py3 import BookmarkList + from ._models_py3 import ClientInfo + from ._models_py3 import DataConnector + from ._models_py3 import DataConnectorDataTypeCommon + from ._models_py3 import DataConnectorList + from ._models_py3 import DataConnectorTenantId + from ._models_py3 import DataConnectorWithAlertsProperties + from ._models_py3 import ErrorAdditionalInfo + from ._models_py3 import ErrorResponse + from ._models_py3 import FusionAlertRule + from ._models_py3 import FusionAlertRuleTemplate + from ._models_py3 import Incident + from ._models_py3 import IncidentAdditionalData + from ._models_py3 import IncidentComment + from ._models_py3 import IncidentCommentList + from ._models_py3 import IncidentInfo + from ._models_py3 import IncidentLabel + from ._models_py3 import IncidentList + from ._models_py3 import IncidentOwnerInfo + from ._models_py3 import MCASDataConnector + from ._models_py3 import MCASDataConnectorDataTypes + from ._models_py3 import MDATPDataConnector + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRule + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleProperties + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplate + from ._models_py3 import OfficeConsent + from ._models_py3 import OfficeConsentList + from ._models_py3 import OfficeDataConnector + from ._models_py3 import OfficeDataConnectorDataTypesExchange + from ._models_py3 import OfficeDataConnectorDataTypesSharePoint + from ._models_py3 import Operation + from ._models_py3 import OperationDisplay + from ._models_py3 import OperationsList + from ._models_py3 import Resource + from ._models_py3 import ResourceWithEtag + from ._models_py3 import ScheduledAlertRule + from ._models_py3 import ScheduledAlertRuleCommonProperties + from ._models_py3 import ScheduledAlertRuleProperties + from ._models_py3 import ScheduledAlertRuleTemplate + from ._models_py3 import Settings + from ._models_py3 import TIDataConnector + from ._models_py3 import TIDataConnectorDataTypesIndicators + from ._models_py3 import ThreatIntelligence + from ._models_py3 import ToggleSettings + from ._models_py3 import UebaSettings +except (SyntaxError, ImportError): + from ._models import AADDataConnector # type: ignore + from ._models import AATPDataConnector # type: ignore + from ._models import ASCDataConnector # type: ignore + from ._models import ASCDataConnectorProperties # type: ignore + from ._models import ActionPropertiesBase # type: ignore + from ._models import ActionRequest # type: ignore + from ._models import ActionRequestProperties # type: ignore + from ._models import ActionResponse # type: ignore + from ._models import ActionResponseProperties # type: ignore + from ._models import ActionsList # type: ignore + from ._models import AlertRule # type: ignore + from ._models import AlertRuleTemplate # type: ignore + from ._models import AlertRuleTemplateDataSource # type: ignore + from ._models import AlertRuleTemplatesList # type: ignore + from ._models import AlertRulesList # type: ignore + from ._models import AlertsDataTypeOfDataConnector # type: ignore + from ._models import AwsCloudTrailDataConnector # type: ignore + from ._models import AwsCloudTrailDataConnectorDataTypesLogs # type: ignore + from ._models import Bookmark # type: ignore + from ._models import BookmarkList # type: ignore + from ._models import ClientInfo # type: ignore + from ._models import DataConnector # type: ignore + from ._models import DataConnectorDataTypeCommon # type: ignore + from ._models import DataConnectorList # type: ignore + from ._models import DataConnectorTenantId # type: ignore + from ._models import DataConnectorWithAlertsProperties # type: ignore + from ._models import ErrorAdditionalInfo # type: ignore + from ._models import ErrorResponse # type: ignore + from ._models import FusionAlertRule # type: ignore + from ._models import FusionAlertRuleTemplate # type: ignore + from ._models import Incident # type: ignore + from ._models import IncidentAdditionalData # type: ignore + from ._models import IncidentComment # type: ignore + from ._models import IncidentCommentList # type: ignore + from ._models import IncidentInfo # type: ignore + from ._models import IncidentLabel # type: ignore + from ._models import IncidentList # type: ignore + from ._models import IncidentOwnerInfo # type: ignore + from ._models import MCASDataConnector # type: ignore + from ._models import MCASDataConnectorDataTypes # type: ignore + from ._models import MDATPDataConnector # type: ignore + from ._models import MicrosoftSecurityIncidentCreationAlertRule # type: ignore + from ._models import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties # type: ignore + from ._models import MicrosoftSecurityIncidentCreationAlertRuleProperties # type: ignore + from ._models import MicrosoftSecurityIncidentCreationAlertRuleTemplate # type: ignore + from ._models import OfficeConsent # type: ignore + from ._models import OfficeConsentList # type: ignore + from ._models import OfficeDataConnector # type: ignore + from ._models import OfficeDataConnectorDataTypesExchange # type: ignore + from ._models import OfficeDataConnectorDataTypesSharePoint # type: ignore + from ._models import Operation # type: ignore + from ._models import OperationDisplay # type: ignore + from ._models import OperationsList # type: ignore + from ._models import Resource # type: ignore + from ._models import ResourceWithEtag # type: ignore + from ._models import ScheduledAlertRule # type: ignore + from ._models import ScheduledAlertRuleCommonProperties # type: ignore + from ._models import ScheduledAlertRuleProperties # type: ignore + from ._models import ScheduledAlertRuleTemplate # type: ignore + from ._models import Settings # type: ignore + from ._models import TIDataConnector # type: ignore + from ._models import TIDataConnectorDataTypesIndicators # type: ignore + from ._models import ThreatIntelligence # type: ignore + from ._models import ToggleSettings # type: ignore + from ._models import UebaSettings # type: ignore + +from ._security_insights_enums import ( + AlertRuleKind, + AlertSeverity, + AttackTactic, + CaseSeverity, + DataConnectorKind, + DataTypeState, + IncidentClassification, + IncidentClassificationReason, + IncidentLabelType, + IncidentSeverity, + IncidentStatus, + LicenseStatus, + MicrosoftSecurityProductName, + SettingKind, + StatusInMCAS, + TemplateStatus, + TriggerOperator, +) + +__all__ = [ + 'AADDataConnector', + 'AATPDataConnector', + 'ASCDataConnector', + 'ASCDataConnectorProperties', + 'ActionPropertiesBase', + 'ActionRequest', + 'ActionRequestProperties', + 'ActionResponse', + 'ActionResponseProperties', + 'ActionsList', + 'AlertRule', + 'AlertRuleTemplate', + 'AlertRuleTemplateDataSource', + 'AlertRuleTemplatesList', + 'AlertRulesList', + 'AlertsDataTypeOfDataConnector', + 'AwsCloudTrailDataConnector', + 'AwsCloudTrailDataConnectorDataTypesLogs', + 'Bookmark', + 'BookmarkList', + 'ClientInfo', + 'DataConnector', + 'DataConnectorDataTypeCommon', + 'DataConnectorList', + 'DataConnectorTenantId', + 'DataConnectorWithAlertsProperties', + 'ErrorAdditionalInfo', + 'ErrorResponse', + 'FusionAlertRule', + 'FusionAlertRuleTemplate', + 'Incident', + 'IncidentAdditionalData', + 'IncidentComment', + 'IncidentCommentList', + 'IncidentInfo', + 'IncidentLabel', + 'IncidentList', + 'IncidentOwnerInfo', + 'MCASDataConnector', + 'MCASDataConnectorDataTypes', + 'MDATPDataConnector', + 'MicrosoftSecurityIncidentCreationAlertRule', + 'MicrosoftSecurityIncidentCreationAlertRuleCommonProperties', + 'MicrosoftSecurityIncidentCreationAlertRuleProperties', + 'MicrosoftSecurityIncidentCreationAlertRuleTemplate', + 'OfficeConsent', + 'OfficeConsentList', + 'OfficeDataConnector', + 'OfficeDataConnectorDataTypesExchange', + 'OfficeDataConnectorDataTypesSharePoint', + 'Operation', + 'OperationDisplay', + 'OperationsList', + 'Resource', + 'ResourceWithEtag', + 'ScheduledAlertRule', + 'ScheduledAlertRuleCommonProperties', + 'ScheduledAlertRuleProperties', + 'ScheduledAlertRuleTemplate', + 'Settings', + 'TIDataConnector', + 'TIDataConnectorDataTypesIndicators', + 'ThreatIntelligence', + 'ToggleSettings', + 'UebaSettings', + 'AlertRuleKind', + 'AlertSeverity', + 'AttackTactic', + 'CaseSeverity', + 'DataConnectorKind', + 'DataTypeState', + 'IncidentClassification', + 'IncidentClassificationReason', + 'IncidentLabelType', + 'IncidentSeverity', + 'IncidentStatus', + 'LicenseStatus', + 'MicrosoftSecurityProductName', + 'SettingKind', + 'StatusInMCAS', + 'TemplateStatus', + 'TriggerOperator', +] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py new file mode 100644 index 00000000000..53b00b59bc5 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py @@ -0,0 +1,2922 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +import msrest.serialization + + +class ResourceWithEtag(msrest.serialization.Model): + """An azure resource object with an Etag property. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ResourceWithEtag, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + self.etag = kwargs.get('etag', None) + + +class DataConnector(ResourceWithEtag): + """Data connector. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AwsCloudTrailDataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, MCASDataConnector, MDATPDataConnector, OfficeDataConnector, TIDataConnector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector'} + } + + def __init__( + self, + **kwargs + ): + super(DataConnector, self).__init__(**kwargs) + self.kind = 'DataConnector' # type: str + + +class AADDataConnector(DataConnector): + """Represents AAD (Azure Active Directory) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AADDataConnector, self).__init__(**kwargs) + self.kind = 'AzureActiveDirectory' # type: str + self.tenant_id = kwargs.get('tenant_id', None) + self.state = kwargs.get('state', None) + + +class AATPDataConnector(DataConnector): + """Represents AATP (Azure Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AATPDataConnector, self).__init__(**kwargs) + self.kind = 'AzureAdvancedThreatProtection' # type: str + self.tenant_id = kwargs.get('tenant_id', None) + self.state = kwargs.get('state', None) + + +class ActionPropertiesBase(msrest.serialization.Model): + """Action property bag base. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionPropertiesBase, self).__init__(**kwargs) + self.logic_app_resource_id = kwargs['logic_app_resource_id'] + + +class ActionRequest(ResourceWithEtag): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'trigger_uri': {'key': 'properties.triggerUri', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionRequest, self).__init__(**kwargs) + self.logic_app_resource_id = kwargs.get('logic_app_resource_id', None) + self.trigger_uri = kwargs.get('trigger_uri', None) + + +class ActionRequestProperties(ActionPropertiesBase): + """Action property bag. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + 'trigger_uri': {'key': 'triggerUri', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionRequestProperties, self).__init__(**kwargs) + self.trigger_uri = kwargs.get('trigger_uri', None) + + +class Resource(msrest.serialization.Model): + """An azure resource object. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(Resource, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + + +class ActionResponse(Resource): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the action. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + :param workflow_id: The name of the logic app's workflow. + :type workflow_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'workflow_id': {'key': 'properties.workflowId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionResponse, self).__init__(**kwargs) + self.etag = kwargs.get('etag', None) + self.logic_app_resource_id = kwargs.get('logic_app_resource_id', None) + self.workflow_id = kwargs.get('workflow_id', None) + + +class ActionResponseProperties(ActionPropertiesBase): + """Action property bag. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + :param workflow_id: The name of the logic app's workflow. + :type workflow_id: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + 'workflow_id': {'key': 'workflowId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionResponseProperties, self).__init__(**kwargs) + self.workflow_id = kwargs.get('workflow_id', None) + + +class ActionsList(msrest.serialization.Model): + """List all the actions. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of actions. + :vartype next_link: str + :param value: Required. Array of actions. + :type value: list[~security_insights.models.ActionResponse] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[ActionResponse]'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionsList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class AlertRule(ResourceWithEtag): + """Alert rule. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: FusionAlertRule, MicrosoftSecurityIncidentCreationAlertRule, ScheduledAlertRule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'Fusion': 'FusionAlertRule', 'MicrosoftSecurityIncidentCreation': 'MicrosoftSecurityIncidentCreationAlertRule', 'Scheduled': 'ScheduledAlertRule'} + } + + def __init__( + self, + **kwargs + ): + super(AlertRule, self).__init__(**kwargs) + self.kind = 'AlertRule' # type: str + + +class AlertRulesList(msrest.serialization.Model): + """List all the alert rules. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of alert rules. + :vartype next_link: str + :param value: Required. Array of alert rules. + :type value: list[~security_insights.models.AlertRule] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[AlertRule]'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertRulesList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class AlertRuleTemplate(Resource): + """Alert rule template. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: FusionAlertRuleTemplate, MicrosoftSecurityIncidentCreationAlertRuleTemplate, ScheduledAlertRuleTemplate. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'Fusion': 'FusionAlertRuleTemplate', 'MicrosoftSecurityIncidentCreation': 'MicrosoftSecurityIncidentCreationAlertRuleTemplate', 'Scheduled': 'ScheduledAlertRuleTemplate'} + } + + def __init__( + self, + **kwargs + ): + super(AlertRuleTemplate, self).__init__(**kwargs) + self.kind = 'AlertRuleTemplate' # type: str + + +class AlertRuleTemplateDataSource(msrest.serialization.Model): + """alert rule template data sources. + + :param connector_id: The connector id that provides the following data types. + :type connector_id: str + :param data_types: The data types used by the alert rule template. + :type data_types: list[str] + """ + + _attribute_map = { + 'connector_id': {'key': 'connectorId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertRuleTemplateDataSource, self).__init__(**kwargs) + self.connector_id = kwargs.get('connector_id', None) + self.data_types = kwargs.get('data_types', None) + + +class AlertRuleTemplatesList(msrest.serialization.Model): + """List all the alert rule templates. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of alert rule templates. + :vartype next_link: str + :param value: Required. Array of alert rule templates. + :type value: list[~security_insights.models.AlertRuleTemplate] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[AlertRuleTemplate]'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertRuleTemplatesList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class AlertsDataTypeOfDataConnector(msrest.serialization.Model): + """Alerts data type for data connectors. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'alerts.state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) + self.state = kwargs.get('state', None) + + +class ASCDataConnector(DataConnector): + """Represents ASC (Azure Security Center) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param subscription_id: The subscription id to connect to, and get the data from. + :type subscription_id: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, + 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ASCDataConnector, self).__init__(**kwargs) + self.kind = 'AzureSecurityCenter' # type: str + self.subscription_id = kwargs.get('subscription_id', None) + self.state = kwargs.get('state', None) + + +class DataConnectorWithAlertsProperties(msrest.serialization.Model): + """Data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + **kwargs + ): + super(DataConnectorWithAlertsProperties, self).__init__(**kwargs) + self.data_types = kwargs.get('data_types', None) + + +class ASCDataConnectorProperties(DataConnectorWithAlertsProperties): + """ASC (Azure Security Center) data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector + :param subscription_id: The subscription id to connect to, and get the data from. + :type subscription_id: str + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + 'subscription_id': {'key': 'subscriptionId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ASCDataConnectorProperties, self).__init__(**kwargs) + self.subscription_id = kwargs.get('subscription_id', None) + + +class AwsCloudTrailDataConnector(DataConnector): + """Represents Amazon Web Services CloudTrail data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access + the Aws account. + :type aws_role_arn: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, + 'state': {'key': 'dataTypes.logs.state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AwsCloudTrailDataConnector, self).__init__(**kwargs) + self.kind = 'AmazonWebServicesCloudTrail' # type: str + self.aws_role_arn = kwargs.get('aws_role_arn', None) + self.state = kwargs.get('state', None) + + +class DataConnectorDataTypeCommon(msrest.serialization.Model): + """Common field for data type in data connectors. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(DataConnectorDataTypeCommon, self).__init__(**kwargs) + self.state = kwargs.get('state', None) + + +class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AwsCloudTrailDataConnectorDataTypesLogs, self).__init__(**kwargs) + + +class Bookmark(ResourceWithEtag): + """Represents a bookmark in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param created: The time the bookmark was created. + :type created: ~datetime.datetime + :param display_name: The display name of the bookmark. + :type display_name: str + :param labels: List of labels relevant to this bookmark. + :type labels: list[str] + :param notes: The notes of the bookmark. + :type notes: str + :param query: The query of the bookmark. + :type query: str + :param query_result: The query result of the bookmark. + :type query_result: str + :param updated: The last time the bookmark was updated. + :type updated: ~datetime.datetime + :param incident_info: Describes an incident that relates to bookmark. + :type incident_info: ~security_insights.models.IncidentInfo + :ivar email_updated_by_email: The email of the user. + :vartype email_updated_by_email: str + :ivar name_updated_by_name: The name of the user. + :vartype name_updated_by_name: str + :param object_id_updated_by_object_id: The object id of the user. + :type object_id_updated_by_object_id: str + :ivar email_created_by_email: The email of the user. + :vartype email_created_by_email: str + :ivar name_created_by_name: The name of the user. + :vartype name_created_by_name: str + :param object_id_created_by_object_id: The object id of the user. + :type object_id_created_by_object_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'email_updated_by_email': {'readonly': True}, + 'name_updated_by_name': {'readonly': True}, + 'email_created_by_email': {'readonly': True}, + 'name_created_by_name': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'created': {'key': 'properties.created', 'type': 'iso-8601'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'labels': {'key': 'properties.labels', 'type': '[str]'}, + 'notes': {'key': 'properties.notes', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, + 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, + 'incident_info': {'key': 'properties.incidentInfo', 'type': 'IncidentInfo'}, + 'email_updated_by_email': {'key': 'updatedBy.email', 'type': 'str'}, + 'name_updated_by_name': {'key': 'updatedBy.name', 'type': 'str'}, + 'object_id_updated_by_object_id': {'key': 'updatedBy.objectId', 'type': 'str'}, + 'email_created_by_email': {'key': 'createdBy.email', 'type': 'str'}, + 'name_created_by_name': {'key': 'createdBy.name', 'type': 'str'}, + 'object_id_created_by_object_id': {'key': 'createdBy.objectId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(Bookmark, self).__init__(**kwargs) + self.created = kwargs.get('created', None) + self.display_name = kwargs.get('display_name', None) + self.labels = kwargs.get('labels', None) + self.notes = kwargs.get('notes', None) + self.query = kwargs.get('query', None) + self.query_result = kwargs.get('query_result', None) + self.updated = kwargs.get('updated', None) + self.incident_info = kwargs.get('incident_info', None) + self.email_updated_by_email = None + self.name_updated_by_name = None + self.object_id_updated_by_object_id = kwargs.get('object_id_updated_by_object_id', None) + self.email_created_by_email = None + self.name_created_by_name = None + self.object_id_created_by_object_id = kwargs.get('object_id_created_by_object_id', None) + + +class BookmarkList(msrest.serialization.Model): + """List all the bookmarks. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of cases. + :vartype next_link: str + :param value: Required. Array of bookmarks. + :type value: list[~security_insights.models.Bookmark] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[Bookmark]'}, + } + + def __init__( + self, + **kwargs + ): + super(BookmarkList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class ClientInfo(msrest.serialization.Model): + """Information on the client (user or application) that made some action. + + :param email: The email of the client. + :type email: str + :param name: The name of the client. + :type name: str + :param object_id: The object id of the client. + :type object_id: str + :param user_principal_name: The user principal name of the client. + :type user_principal_name: str + """ + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ClientInfo, self).__init__(**kwargs) + self.email = kwargs.get('email', None) + self.name = kwargs.get('name', None) + self.object_id = kwargs.get('object_id', None) + self.user_principal_name = kwargs.get('user_principal_name', None) + + +class DataConnectorList(msrest.serialization.Model): + """List all the data connectors. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of data connectors. + :vartype next_link: str + :param value: Required. Array of data connectors. + :type value: list[~security_insights.models.DataConnector] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[DataConnector]'}, + } + + def __init__( + self, + **kwargs + ): + super(DataConnectorList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class DataConnectorTenantId(msrest.serialization.Model): + """Properties data connector on tenant level. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(DataConnectorTenantId, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + + +class ErrorAdditionalInfo(msrest.serialization.Model): + """The resource management error additional info. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar type: The additional info type. + :vartype type: str + :ivar info: The additional info. + :vartype info: object + """ + + _validation = { + 'type': {'readonly': True}, + 'info': {'readonly': True}, + } + + _attribute_map = { + 'type': {'key': 'type', 'type': 'str'}, + 'info': {'key': 'info', 'type': 'object'}, + } + + def __init__( + self, + **kwargs + ): + super(ErrorAdditionalInfo, self).__init__(**kwargs) + self.type = None + self.info = None + + +class ErrorResponse(msrest.serialization.Model): + """Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar target: The error target. + :vartype target: str + :ivar details: The error details. + :vartype details: list[~security_insights.models.ErrorResponse] + :ivar additional_info: The error additional info. + :vartype additional_info: list[~security_insights.models.ErrorAdditionalInfo] + """ + + _validation = { + 'code': {'readonly': True}, + 'message': {'readonly': True}, + 'target': {'readonly': True}, + 'details': {'readonly': True}, + 'additional_info': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + 'target': {'key': 'target', 'type': 'str'}, + 'details': {'key': 'details', 'type': '[ErrorResponse]'}, + 'additional_info': {'key': 'additionalInfo', 'type': '[ErrorAdditionalInfo]'}, + } + + def __init__( + self, + **kwargs + ): + super(ErrorResponse, self).__init__(**kwargs) + self.code = None + self.message = None + self.target = None + self.details = None + self.additional_info = None + + +class FusionAlertRule(AlertRule): + """Represents Fusion alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :vartype severity: str or ~security_insights.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'description': {'readonly': True}, + 'display_name': {'readonly': True}, + 'last_modified_utc': {'readonly': True}, + 'severity': {'readonly': True}, + 'tactics': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(FusionAlertRule, self).__init__(**kwargs) + self.kind = 'Fusion' # type: str + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = None + self.display_name = None + self.enabled = kwargs.get('enabled', None) + self.last_modified_utc = None + self.severity = None + self.tactics = None + + +class FusionAlertRuleTemplate(AlertRuleTemplate): + """Represents Fusion alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: list[~security_insights.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~security_insights.models.TemplateStatus + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.AlertSeverity + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(FusionAlertRuleTemplate, self).__init__(**kwargs) + self.kind = 'Fusion' # type: str + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.created_date_utc = None + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.status = kwargs.get('status', None) + self.severity = kwargs.get('severity', None) + self.tactics = kwargs.get('tactics', None) + + +class Incident(ResourceWithEtag): + """Represents an incident in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :ivar additional_data: Additional data on the incident. + :vartype additional_data: ~security_insights.models.IncidentAdditionalData + :param classification: The reason the incident was closed. Possible values include: + "Undetermined", "TruePositive", "BenignPositive", "FalsePositive". + :type classification: str or ~security_insights.models.IncidentClassification + :param classification_comment: Describes the reason the incident was closed. + :type classification_comment: str + :param classification_reason: The classification reason the incident was closed with. Possible + values include: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", + "InaccurateData". + :type classification_reason: str or ~security_insights.models.IncidentClassificationReason + :ivar created_time_utc: The time the incident was created. + :vartype created_time_utc: ~datetime.datetime + :param description: The description of the incident. + :type description: str + :param first_activity_time_utc: The time of the first activity in the incident. + :type first_activity_time_utc: ~datetime.datetime + :ivar incident_url: The deep-link url to the incident in Azure portal. + :vartype incident_url: str + :ivar incident_number: A sequential number. + :vartype incident_number: int + :param labels: List of labels relevant to this incident. + :type labels: list[~security_insights.models.IncidentLabel] + :param last_activity_time_utc: The time of the last activity in the incident. + :type last_activity_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The last time the incident was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :param owner: Describes a user that the incident is assigned to. + :type owner: ~security_insights.models.IncidentOwnerInfo + :ivar related_analytic_rule_ids: List of resource ids of Analytic rules related to the + incident. + :vartype related_analytic_rule_ids: list[str] + :param severity: The severity of the incident. Possible values include: "High", "Medium", + "Low", "Informational". + :type severity: str or ~security_insights.models.IncidentSeverity + :param status: The status of the incident. Possible values include: "New", "Active", "Closed". + :type status: str or ~security_insights.models.IncidentStatus + :param title: The title of the incident. + :type title: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'created_time_utc': {'readonly': True}, + 'incident_url': {'readonly': True}, + 'incident_number': {'readonly': True}, + 'last_modified_time_utc': {'readonly': True}, + 'related_analytic_rule_ids': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': 'IncidentAdditionalData'}, + 'classification': {'key': 'properties.classification', 'type': 'str'}, + 'classification_comment': {'key': 'properties.classificationComment', 'type': 'str'}, + 'classification_reason': {'key': 'properties.classificationReason', 'type': 'str'}, + 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'first_activity_time_utc': {'key': 'properties.firstActivityTimeUtc', 'type': 'iso-8601'}, + 'incident_url': {'key': 'properties.incidentUrl', 'type': 'str'}, + 'incident_number': {'key': 'properties.incidentNumber', 'type': 'int'}, + 'labels': {'key': 'properties.labels', 'type': '[IncidentLabel]'}, + 'last_activity_time_utc': {'key': 'properties.lastActivityTimeUtc', 'type': 'iso-8601'}, + 'last_modified_time_utc': {'key': 'properties.lastModifiedTimeUtc', 'type': 'iso-8601'}, + 'owner': {'key': 'properties.owner', 'type': 'IncidentOwnerInfo'}, + 'related_analytic_rule_ids': {'key': 'properties.relatedAnalyticRuleIds', 'type': '[str]'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'title': {'key': 'properties.title', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(Incident, self).__init__(**kwargs) + self.additional_data = None + self.classification = kwargs.get('classification', None) + self.classification_comment = kwargs.get('classification_comment', None) + self.classification_reason = kwargs.get('classification_reason', None) + self.created_time_utc = None + self.description = kwargs.get('description', None) + self.first_activity_time_utc = kwargs.get('first_activity_time_utc', None) + self.incident_url = None + self.incident_number = None + self.labels = kwargs.get('labels', None) + self.last_activity_time_utc = kwargs.get('last_activity_time_utc', None) + self.last_modified_time_utc = None + self.owner = kwargs.get('owner', None) + self.related_analytic_rule_ids = None + self.severity = kwargs.get('severity', None) + self.status = kwargs.get('status', None) + self.title = kwargs.get('title', None) + + +class IncidentAdditionalData(msrest.serialization.Model): + """Incident additional data property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar alerts_count: The number of alerts in the incident. + :vartype alerts_count: int + :ivar bookmarks_count: The number of bookmarks in the incident. + :vartype bookmarks_count: int + :ivar comments_count: The number of comments in the incident. + :vartype comments_count: int + :ivar alert_product_names: List of product names of alerts in the incident. + :vartype alert_product_names: list[str] + :ivar tactics: The tactics associated with incident. + :vartype tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'alerts_count': {'readonly': True}, + 'bookmarks_count': {'readonly': True}, + 'comments_count': {'readonly': True}, + 'alert_product_names': {'readonly': True}, + 'tactics': {'readonly': True}, + } + + _attribute_map = { + 'alerts_count': {'key': 'alertsCount', 'type': 'int'}, + 'bookmarks_count': {'key': 'bookmarksCount', 'type': 'int'}, + 'comments_count': {'key': 'commentsCount', 'type': 'int'}, + 'alert_product_names': {'key': 'alertProductNames', 'type': '[str]'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(IncidentAdditionalData, self).__init__(**kwargs) + self.alerts_count = None + self.bookmarks_count = None + self.comments_count = None + self.alert_product_names = None + self.tactics = None + + +class IncidentComment(Resource): + """Represents an incident comment. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :ivar created_time_utc: The time the comment was created. + :vartype created_time_utc: ~datetime.datetime + :param message: The comment message. + :type message: str + :ivar author: Describes the client that created the comment. + :vartype author: ~security_insights.models.ClientInfo + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'created_time_utc': {'readonly': True}, + 'author': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'message': {'key': 'properties.message', 'type': 'str'}, + 'author': {'key': 'properties.author', 'type': 'ClientInfo'}, + } + + def __init__( + self, + **kwargs + ): + super(IncidentComment, self).__init__(**kwargs) + self.created_time_utc = None + self.message = kwargs.get('message', None) + self.author = None + + +class IncidentCommentList(msrest.serialization.Model): + """List of incident comments. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of comments. + :vartype next_link: str + :param value: Required. Array of comments. + :type value: list[~security_insights.models.IncidentComment] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[IncidentComment]'}, + } + + def __init__( + self, + **kwargs + ): + super(IncidentCommentList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class IncidentInfo(msrest.serialization.Model): + """Describes related incident information for the bookmark. + + All required parameters must be populated in order to send to Azure. + + :param incident_id: Required. Incident Id. + :type incident_id: str + :param severity: Required. The severity of the incident. Possible values include: "Critical", + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.CaseSeverity + :param title: Required. The title of the incident. + :type title: str + :param relation_name: Required. Relation Name. + :type relation_name: str + """ + + _validation = { + 'incident_id': {'required': True}, + 'severity': {'required': True}, + 'title': {'required': True}, + 'relation_name': {'required': True}, + } + + _attribute_map = { + 'incident_id': {'key': 'incidentId', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'title': {'key': 'title', 'type': 'str'}, + 'relation_name': {'key': 'relationName', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(IncidentInfo, self).__init__(**kwargs) + self.incident_id = kwargs['incident_id'] + self.severity = kwargs['severity'] + self.title = kwargs['title'] + self.relation_name = kwargs['relation_name'] + + +class IncidentLabel(msrest.serialization.Model): + """Represents an incident label. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param label_name: Required. The name of the label. + :type label_name: str + :ivar label_type: The type of the label. Possible values include: "User", "System". + :vartype label_type: str or ~security_insights.models.IncidentLabelType + """ + + _validation = { + 'label_name': {'required': True}, + 'label_type': {'readonly': True}, + } + + _attribute_map = { + 'label_name': {'key': 'labelName', 'type': 'str'}, + 'label_type': {'key': 'labelType', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(IncidentLabel, self).__init__(**kwargs) + self.label_name = kwargs['label_name'] + self.label_type = None + + +class IncidentList(msrest.serialization.Model): + """List all the incidents. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of incidents. + :vartype next_link: str + :param value: Required. Array of incidents. + :type value: list[~security_insights.models.Incident] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[Incident]'}, + } + + def __init__( + self, + **kwargs + ): + super(IncidentList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class IncidentOwnerInfo(msrest.serialization.Model): + """Information on the user an incident is assigned to. + + :param email: The email of the user the incident is assigned to. + :type email: str + :param assigned_to: The name of the user the incident is assigned to. + :type assigned_to: str + :param object_id: The object id of the user the incident is assigned to. + :type object_id: str + :param user_principal_name: The user principal name of the user the incident is assigned to. + :type user_principal_name: str + """ + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'assigned_to': {'key': 'assignedTo', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(IncidentOwnerInfo, self).__init__(**kwargs) + self.email = kwargs.get('email', None) + self.assigned_to = kwargs.get('assigned_to', None) + self.object_id = kwargs.get('object_id', None) + self.user_principal_name = kwargs.get('user_principal_name', None) + + +class MCASDataConnector(DataConnector): + """Represents MCAS (Microsoft Cloud App Security) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state_data_types_alerts_state: Describe whether this data type connection is enabled or + not. Possible values include: "Enabled", "Disabled". + :type state_data_types_alerts_state: str or ~security_insights.models.DataTypeState + :param state_data_types_discovery_logs_state: Describe whether this data type connection is + enabled or not. Possible values include: "Enabled", "Disabled". + :type state_data_types_discovery_logs_state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state_data_types_alerts_state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'state_data_types_discovery_logs_state': {'key': 'dataTypes.discoveryLogs.state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(MCASDataConnector, self).__init__(**kwargs) + self.kind = 'MicrosoftCloudAppSecurity' # type: str + self.tenant_id = kwargs.get('tenant_id', None) + self.state_data_types_alerts_state = kwargs.get('state_data_types_alerts_state', None) + self.state_data_types_discovery_logs_state = kwargs.get('state_data_types_discovery_logs_state', None) + + +class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data connector. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + :param state_discovery_logs_state: Describe whether this data type connection is enabled or + not. Possible values include: "Enabled", "Disabled". + :type state_discovery_logs_state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'alerts.state', 'type': 'str'}, + 'state_discovery_logs_state': {'key': 'discoveryLogs.state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(MCASDataConnectorDataTypes, self).__init__(**kwargs) + self.state_discovery_logs_state = kwargs.get('state_discovery_logs_state', None) + + +class MDATPDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(MDATPDataConnector, self).__init__(**kwargs) + self.kind = 'MicrosoftDefenderAdvancedThreatProtection' # type: str + self.tenant_id = kwargs.get('tenant_id', None) + self.state = kwargs.get('state', None) + + +class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): + """Represents MicrosoftSecurityIncidentCreation rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :type display_names_exclude_filter: list[str] + :param product_filter: The alerts' productName on which the cases will be generated. Possible + values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". + :type product_filter: str or ~security_insights.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~security_insights.models.AlertSeverity] + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'properties.displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + } + + def __init__( + self, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRule, self).__init__(**kwargs) + self.kind = 'MicrosoftSecurityIncidentCreation' # type: str + self.display_names_filter = kwargs.get('display_names_filter', None) + self.display_names_exclude_filter = kwargs.get('display_names_exclude_filter', None) + self.product_filter = kwargs.get('product_filter', None) + self.severities_filter = kwargs.get('severities_filter', None) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.enabled = kwargs.get('enabled', None) + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(msrest.serialization.Model): + """MicrosoftSecurityIncidentCreation rule common property bag. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :type display_names_exclude_filter: list[str] + :param product_filter: Required. The alerts' productName on which the cases will be generated. + Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT". + :type product_filter: str or ~security_insights.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~security_insights.models.AlertSeverity] + """ + + _validation = { + 'product_filter': {'required': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties, self).__init__(**kwargs) + self.display_names_filter = kwargs.get('display_names_filter', None) + self.display_names_exclude_filter = kwargs.get('display_names_exclude_filter', None) + self.product_filter = kwargs['product_filter'] + self.severities_filter = kwargs.get('severities_filter', None) + + +class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): + """MicrosoftSecurityIncidentCreation rule property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :type display_names_exclude_filter: list[str] + :param product_filter: Required. The alerts' productName on which the cases will be generated. + Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT". + :type product_filter: str or ~security_insights.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~security_insights.models.AlertSeverity] + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + 'product_filter': {'required': True}, + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + 'alert_rule_template_name': {'key': 'alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'lastModifiedUtc', 'type': 'iso-8601'}, + } + + def __init__( + self, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleProperties, self).__init__(**kwargs) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = kwargs.get('description', None) + self.display_name = kwargs['display_name'] + self.enabled = kwargs['enabled'] + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplate(AlertRuleTemplate): + """Represents MicrosoftSecurityIncidentCreation rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: list[~security_insights.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~security_insights.models.TemplateStatus + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :type display_names_exclude_filter: list[str] + :param product_filter: The alerts' productName on which the cases will be generated. Possible + values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". + :type product_filter: str or ~security_insights.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~security_insights.models.AlertSeverity] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'properties.displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleTemplate, self).__init__(**kwargs) + self.kind = 'MicrosoftSecurityIncidentCreation' # type: str + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.created_date_utc = None + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.status = kwargs.get('status', None) + self.display_names_filter = kwargs.get('display_names_filter', None) + self.display_names_exclude_filter = kwargs.get('display_names_exclude_filter', None) + self.product_filter = kwargs.get('product_filter', None) + self.severities_filter = kwargs.get('severities_filter', None) + + +class OfficeConsent(Resource): + """Consent for Office365 tenant that already made. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param tenant_id: The tenantId of the Office365 with the consent. + :type tenant_id: str + :ivar tenant_name: The tenant name of the Office365 with the consent. + :vartype tenant_name: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'tenant_name': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'tenant_name': {'key': 'properties.tenantName', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeConsent, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.tenant_name = None + + +class OfficeConsentList(msrest.serialization.Model): + """List of all the office365 consents. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of office consents. + :vartype next_link: str + :param value: Required. Array of the consents. + :type value: list[~security_insights.models.OfficeConsent] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[OfficeConsent]'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeConsentList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class OfficeDataConnector(DataConnector): + """Represents office data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state_data_types_share_point_state: Describe whether this data type connection is + enabled or not. Possible values include: "Enabled", "Disabled". + :type state_data_types_share_point_state: str or ~security_insights.models.DataTypeState + :param state_data_types_exchange_state: Describe whether this data type connection is enabled + or not. Possible values include: "Enabled", "Disabled". + :type state_data_types_exchange_state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state_data_types_share_point_state': {'key': 'dataTypes.sharePoint.state', 'type': 'str'}, + 'state_data_types_exchange_state': {'key': 'dataTypes.exchange.state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnector, self).__init__(**kwargs) + self.kind = 'Office365' # type: str + self.tenant_id = kwargs.get('tenant_id', None) + self.state_data_types_share_point_state = kwargs.get('state_data_types_share_point_state', None) + self.state_data_types_exchange_state = kwargs.get('state_data_types_exchange_state', None) + + +class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): + """Exchange data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnectorDataTypesExchange, self).__init__(**kwargs) + + +class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): + """SharePoint data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnectorDataTypesSharePoint, self).__init__(**kwargs) + + +class Operation(msrest.serialization.Model): + """Operation provided by provider. + + :param display: Properties of the operation. + :type display: ~security_insights.models.OperationDisplay + :param name: Name of the operation. + :type name: str + """ + + _attribute_map = { + 'display': {'key': 'display', 'type': 'OperationDisplay'}, + 'name': {'key': 'name', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(Operation, self).__init__(**kwargs) + self.display = kwargs.get('display', None) + self.name = kwargs.get('name', None) + + +class OperationDisplay(msrest.serialization.Model): + """Properties of the operation. + + :param description: Description of the operation. + :type description: str + :param operation: Operation name. + :type operation: str + :param provider: Provider name. + :type provider: str + :param resource: Resource name. + :type resource: str + """ + + _attribute_map = { + 'description': {'key': 'description', 'type': 'str'}, + 'operation': {'key': 'operation', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'resource': {'key': 'resource', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OperationDisplay, self).__init__(**kwargs) + self.description = kwargs.get('description', None) + self.operation = kwargs.get('operation', None) + self.provider = kwargs.get('provider', None) + self.resource = kwargs.get('resource', None) + + +class OperationsList(msrest.serialization.Model): + """Lists the operations available in the SecurityInsights RP. + + All required parameters must be populated in order to send to Azure. + + :param next_link: URL to fetch the next set of operations. + :type next_link: str + :param value: Required. Array of operations. + :type value: list[~security_insights.models.Operation] + """ + + _validation = { + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[Operation]'}, + } + + def __init__( + self, + **kwargs + ): + super(OperationsList, self).__init__(**kwargs) + self.next_link = kwargs.get('next_link', None) + self.value = kwargs['value'] + + +class ScheduledAlertRule(AlertRule): + """Represents scheduled alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~security_insights.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :param suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :type suppression_duration: ~datetime.timedelta + :param suppression_enabled: Determines whether the suppression for this alert rule is enabled + or disabled. + :type suppression_enabled: bool + :param tactics: The tactics of the alert rule. + :type tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'suppression_duration': {'key': 'properties.suppressionDuration', 'type': 'duration'}, + 'suppression_enabled': {'key': 'properties.suppressionEnabled', 'type': 'bool'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(ScheduledAlertRule, self).__init__(**kwargs) + self.kind = 'Scheduled' # type: str + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.severity = kwargs.get('severity', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.enabled = kwargs.get('enabled', None) + self.last_modified_utc = None + self.suppression_duration = kwargs.get('suppression_duration', None) + self.suppression_enabled = kwargs.get('suppression_enabled', None) + self.tactics = kwargs.get('tactics', None) + + +class ScheduledAlertRuleCommonProperties(msrest.serialization.Model): + """Schedule alert rule template property bag. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~security_insights.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + """ + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + } + + def __init__( + self, + **kwargs + ): + super(ScheduledAlertRuleCommonProperties, self).__init__(**kwargs) + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.severity = kwargs.get('severity', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) + + +class ScheduledAlertRuleProperties(ScheduledAlertRuleCommonProperties): + """Scheduled alert rule base property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~security_insights.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :param suppression_duration: Required. The suppression (in ISO 8601 duration format) to wait + since last time this alert rule been triggered. + :type suppression_duration: ~datetime.timedelta + :param suppression_enabled: Required. Determines whether the suppression for this alert rule is + enabled or disabled. + :type suppression_enabled: bool + :param tactics: The tactics of the alert rule. + :type tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + 'suppression_duration': {'required': True}, + 'suppression_enabled': {'required': True}, + } + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + 'alert_rule_template_name': {'key': 'alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'lastModifiedUtc', 'type': 'iso-8601'}, + 'suppression_duration': {'key': 'suppressionDuration', 'type': 'duration'}, + 'suppression_enabled': {'key': 'suppressionEnabled', 'type': 'bool'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(ScheduledAlertRuleProperties, self).__init__(**kwargs) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = kwargs.get('description', None) + self.display_name = kwargs['display_name'] + self.enabled = kwargs['enabled'] + self.last_modified_utc = None + self.suppression_duration = kwargs['suppression_duration'] + self.suppression_enabled = kwargs['suppression_enabled'] + self.tactics = kwargs.get('tactics', None) + + +class ScheduledAlertRuleTemplate(AlertRuleTemplate): + """Represents scheduled alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: list[~security_insights.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~security_insights.models.TemplateStatus + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~security_insights.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(ScheduledAlertRuleTemplate, self).__init__(**kwargs) + self.kind = 'Scheduled' # type: str + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.created_date_utc = None + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.status = kwargs.get('status', None) + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.severity = kwargs.get('severity', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) + self.tactics = kwargs.get('tactics', None) + + +class Settings(ResourceWithEtag): + """The Settings. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ToggleSettings, UebaSettings. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "UebaSettings", "ToggleSettings". + :type kind: str or ~security_insights.models.SettingKind + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'ToggleSettings': 'ToggleSettings', 'UebaSettings': 'UebaSettings'} + } + + def __init__( + self, + **kwargs + ): + super(Settings, self).__init__(**kwargs) + self.kind = 'Settings' # type: str + + +class ThreatIntelligence(msrest.serialization.Model): + """ThreatIntelligence property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar confidence: Confidence (must be between 0 and 1). + :vartype confidence: float + :ivar provider_name: Name of the provider from whom this Threat Intelligence information was + received. + :vartype provider_name: str + :ivar report_link: Report link. + :vartype report_link: str + :ivar threat_description: Threat description (free text). + :vartype threat_description: str + :ivar threat_name: Threat name (e.g. "Jedobot malware"). + :vartype threat_name: str + :ivar threat_type: Threat type (e.g. "Botnet"). + :vartype threat_type: str + """ + + _validation = { + 'confidence': {'readonly': True}, + 'provider_name': {'readonly': True}, + 'report_link': {'readonly': True}, + 'threat_description': {'readonly': True}, + 'threat_name': {'readonly': True}, + 'threat_type': {'readonly': True}, + } + + _attribute_map = { + 'confidence': {'key': 'confidence', 'type': 'float'}, + 'provider_name': {'key': 'providerName', 'type': 'str'}, + 'report_link': {'key': 'reportLink', 'type': 'str'}, + 'threat_description': {'key': 'threatDescription', 'type': 'str'}, + 'threat_name': {'key': 'threatName', 'type': 'str'}, + 'threat_type': {'key': 'threatType', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ThreatIntelligence, self).__init__(**kwargs) + self.confidence = None + self.provider_name = None + self.report_link = None + self.threat_description = None + self.threat_name = None + self.threat_type = None + + +class TIDataConnector(DataConnector): + """Represents threat intelligence data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state': {'key': 'dataTypes.indicators.state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(TIDataConnector, self).__init__(**kwargs) + self.kind = 'ThreatIntelligence' # type: str + self.tenant_id = kwargs.get('tenant_id', None) + self.state = kwargs.get('state', None) + + +class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + """Data type for indicators connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(TIDataConnectorDataTypesIndicators, self).__init__(**kwargs) + + +class ToggleSettings(Settings): + """Settings with single toggle. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "UebaSettings", "ToggleSettings". + :type kind: str or ~security_insights.models.SettingKind + :param is_enabled: Determines whether the setting is enable or disabled. + :type is_enabled: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + } + + def __init__( + self, + **kwargs + ): + super(ToggleSettings, self).__init__(**kwargs) + self.kind = 'ToggleSettings' # type: str + self.is_enabled = kwargs.get('is_enabled', None) + + +class UebaSettings(Settings): + """Represents settings for User and Entity Behavior Analytics enablement. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "UebaSettings", "ToggleSettings". + :type kind: str or ~security_insights.models.SettingKind + :ivar atp_license_status: Determines whether the tenant has ATP (Advanced Threat Protection) + license. Possible values include: "Enabled", "Disabled". + :vartype atp_license_status: str or ~security_insights.models.LicenseStatus + :param is_enabled: Determines whether User and Entity Behavior Analytics is enabled for this + workspace. + :type is_enabled: bool + :ivar status_in_mcas: Determines whether User and Entity Behavior Analytics is enabled from + MCAS (Microsoft Cloud App Security). Possible values include: "Enabled", "Disabled". + :vartype status_in_mcas: str or ~security_insights.models.StatusInMCAS + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'atp_license_status': {'readonly': True}, + 'status_in_mcas': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'atp_license_status': {'key': 'properties.atpLicenseStatus', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + 'status_in_mcas': {'key': 'properties.statusInMcas', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(UebaSettings, self).__init__(**kwargs) + self.kind = 'UebaSettings' # type: str + self.atp_license_status = None + self.is_enabled = kwargs.get('is_enabled', None) + self.status_in_mcas = None diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py new file mode 100644 index 00000000000..25dbbd71b16 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py @@ -0,0 +1,3184 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +import datetime +from typing import List, Optional, Union + +import msrest.serialization + +from ._security_insights_enums import * + + +class ResourceWithEtag(msrest.serialization.Model): + """An azure resource object with an Etag property. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + **kwargs + ): + super(ResourceWithEtag, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + self.etag = etag + + +class DataConnector(ResourceWithEtag): + """Data connector. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AwsCloudTrailDataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, MCASDataConnector, MDATPDataConnector, OfficeDataConnector, TIDataConnector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector'} + } + + def __init__( + self, + *, + etag: Optional[str] = None, + **kwargs + ): + super(DataConnector, self).__init__(etag=etag, **kwargs) + self.kind = 'DataConnector' # type: str + + +class AADDataConnector(DataConnector): + """Represents AAD (Azure Active Directory) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(AADDataConnector, self).__init__(etag=etag, **kwargs) + self.kind = 'AzureActiveDirectory' # type: str + self.tenant_id = tenant_id + self.state = state + + +class AATPDataConnector(DataConnector): + """Represents AATP (Azure Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(AATPDataConnector, self).__init__(etag=etag, **kwargs) + self.kind = 'AzureAdvancedThreatProtection' # type: str + self.tenant_id = tenant_id + self.state = state + + +class ActionPropertiesBase(msrest.serialization.Model): + """Action property bag base. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + } + + def __init__( + self, + *, + logic_app_resource_id: str, + **kwargs + ): + super(ActionPropertiesBase, self).__init__(**kwargs) + self.logic_app_resource_id = logic_app_resource_id + + +class ActionRequest(ResourceWithEtag): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'trigger_uri': {'key': 'properties.triggerUri', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + logic_app_resource_id: Optional[str] = None, + trigger_uri: Optional[str] = None, + **kwargs + ): + super(ActionRequest, self).__init__(etag=etag, **kwargs) + self.logic_app_resource_id = logic_app_resource_id + self.trigger_uri = trigger_uri + + +class ActionRequestProperties(ActionPropertiesBase): + """Action property bag. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + 'trigger_uri': {'key': 'triggerUri', 'type': 'str'}, + } + + def __init__( + self, + *, + logic_app_resource_id: str, + trigger_uri: Optional[str] = None, + **kwargs + ): + super(ActionRequestProperties, self).__init__(logic_app_resource_id=logic_app_resource_id, **kwargs) + self.trigger_uri = trigger_uri + + +class Resource(msrest.serialization.Model): + """An azure resource object. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(Resource, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + + +class ActionResponse(Resource): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the action. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + :param workflow_id: The name of the logic app's workflow. + :type workflow_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'workflow_id': {'key': 'properties.workflowId', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + logic_app_resource_id: Optional[str] = None, + workflow_id: Optional[str] = None, + **kwargs + ): + super(ActionResponse, self).__init__(**kwargs) + self.etag = etag + self.logic_app_resource_id = logic_app_resource_id + self.workflow_id = workflow_id + + +class ActionResponseProperties(ActionPropertiesBase): + """Action property bag. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + :param workflow_id: The name of the logic app's workflow. + :type workflow_id: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + 'workflow_id': {'key': 'workflowId', 'type': 'str'}, + } + + def __init__( + self, + *, + logic_app_resource_id: str, + workflow_id: Optional[str] = None, + **kwargs + ): + super(ActionResponseProperties, self).__init__(logic_app_resource_id=logic_app_resource_id, **kwargs) + self.workflow_id = workflow_id + + +class ActionsList(msrest.serialization.Model): + """List all the actions. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of actions. + :vartype next_link: str + :param value: Required. Array of actions. + :type value: list[~security_insights.models.ActionResponse] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[ActionResponse]'}, + } + + def __init__( + self, + *, + value: List["ActionResponse"], + **kwargs + ): + super(ActionsList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class AlertRule(ResourceWithEtag): + """Alert rule. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: FusionAlertRule, MicrosoftSecurityIncidentCreationAlertRule, ScheduledAlertRule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'Fusion': 'FusionAlertRule', 'MicrosoftSecurityIncidentCreation': 'MicrosoftSecurityIncidentCreationAlertRule', 'Scheduled': 'ScheduledAlertRule'} + } + + def __init__( + self, + *, + etag: Optional[str] = None, + **kwargs + ): + super(AlertRule, self).__init__(etag=etag, **kwargs) + self.kind = 'AlertRule' # type: str + + +class AlertRulesList(msrest.serialization.Model): + """List all the alert rules. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of alert rules. + :vartype next_link: str + :param value: Required. Array of alert rules. + :type value: list[~security_insights.models.AlertRule] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[AlertRule]'}, + } + + def __init__( + self, + *, + value: List["AlertRule"], + **kwargs + ): + super(AlertRulesList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class AlertRuleTemplate(Resource): + """Alert rule template. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: FusionAlertRuleTemplate, MicrosoftSecurityIncidentCreationAlertRuleTemplate, ScheduledAlertRuleTemplate. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'Fusion': 'FusionAlertRuleTemplate', 'MicrosoftSecurityIncidentCreation': 'MicrosoftSecurityIncidentCreationAlertRuleTemplate', 'Scheduled': 'ScheduledAlertRuleTemplate'} + } + + def __init__( + self, + **kwargs + ): + super(AlertRuleTemplate, self).__init__(**kwargs) + self.kind = 'AlertRuleTemplate' # type: str + + +class AlertRuleTemplateDataSource(msrest.serialization.Model): + """alert rule template data sources. + + :param connector_id: The connector id that provides the following data types. + :type connector_id: str + :param data_types: The data types used by the alert rule template. + :type data_types: list[str] + """ + + _attribute_map = { + 'connector_id': {'key': 'connectorId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': '[str]'}, + } + + def __init__( + self, + *, + connector_id: Optional[str] = None, + data_types: Optional[List[str]] = None, + **kwargs + ): + super(AlertRuleTemplateDataSource, self).__init__(**kwargs) + self.connector_id = connector_id + self.data_types = data_types + + +class AlertRuleTemplatesList(msrest.serialization.Model): + """List all the alert rule templates. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of alert rule templates. + :vartype next_link: str + :param value: Required. Array of alert rule templates. + :type value: list[~security_insights.models.AlertRuleTemplate] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[AlertRuleTemplate]'}, + } + + def __init__( + self, + *, + value: List["AlertRuleTemplate"], + **kwargs + ): + super(AlertRuleTemplatesList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class AlertsDataTypeOfDataConnector(msrest.serialization.Model): + """Alerts data type for data connectors. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'alerts.state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) + self.state = state + + +class ASCDataConnector(DataConnector): + """Represents ASC (Azure Security Center) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param subscription_id: The subscription id to connect to, and get the data from. + :type subscription_id: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, + 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + subscription_id: Optional[str] = None, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(ASCDataConnector, self).__init__(etag=etag, **kwargs) + self.kind = 'AzureSecurityCenter' # type: str + self.subscription_id = subscription_id + self.state = state + + +class DataConnectorWithAlertsProperties(msrest.serialization.Model): + """Data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + *, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + **kwargs + ): + super(DataConnectorWithAlertsProperties, self).__init__(**kwargs) + self.data_types = data_types + + +class ASCDataConnectorProperties(DataConnectorWithAlertsProperties): + """ASC (Azure Security Center) data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector + :param subscription_id: The subscription id to connect to, and get the data from. + :type subscription_id: str + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + 'subscription_id': {'key': 'subscriptionId', 'type': 'str'}, + } + + def __init__( + self, + *, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs + ): + super(ASCDataConnectorProperties, self).__init__(data_types=data_types, **kwargs) + self.subscription_id = subscription_id + + +class AwsCloudTrailDataConnector(DataConnector): + """Represents Amazon Web Services CloudTrail data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access + the Aws account. + :type aws_role_arn: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, + 'state': {'key': 'dataTypes.logs.state', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + aws_role_arn: Optional[str] = None, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(AwsCloudTrailDataConnector, self).__init__(etag=etag, **kwargs) + self.kind = 'AmazonWebServicesCloudTrail' # type: str + self.aws_role_arn = aws_role_arn + self.state = state + + +class DataConnectorDataTypeCommon(msrest.serialization.Model): + """Common field for data type in data connectors. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(DataConnectorDataTypeCommon, self).__init__(**kwargs) + self.state = state + + +class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(AwsCloudTrailDataConnectorDataTypesLogs, self).__init__(state=state, **kwargs) + + +class Bookmark(ResourceWithEtag): + """Represents a bookmark in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param created: The time the bookmark was created. + :type created: ~datetime.datetime + :param display_name: The display name of the bookmark. + :type display_name: str + :param labels: List of labels relevant to this bookmark. + :type labels: list[str] + :param notes: The notes of the bookmark. + :type notes: str + :param query: The query of the bookmark. + :type query: str + :param query_result: The query result of the bookmark. + :type query_result: str + :param updated: The last time the bookmark was updated. + :type updated: ~datetime.datetime + :param incident_info: Describes an incident that relates to bookmark. + :type incident_info: ~security_insights.models.IncidentInfo + :ivar email_updated_by_email: The email of the user. + :vartype email_updated_by_email: str + :ivar name_updated_by_name: The name of the user. + :vartype name_updated_by_name: str + :param object_id_updated_by_object_id: The object id of the user. + :type object_id_updated_by_object_id: str + :ivar email_created_by_email: The email of the user. + :vartype email_created_by_email: str + :ivar name_created_by_name: The name of the user. + :vartype name_created_by_name: str + :param object_id_created_by_object_id: The object id of the user. + :type object_id_created_by_object_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'email_updated_by_email': {'readonly': True}, + 'name_updated_by_name': {'readonly': True}, + 'email_created_by_email': {'readonly': True}, + 'name_created_by_name': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'created': {'key': 'properties.created', 'type': 'iso-8601'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'labels': {'key': 'properties.labels', 'type': '[str]'}, + 'notes': {'key': 'properties.notes', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, + 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, + 'incident_info': {'key': 'properties.incidentInfo', 'type': 'IncidentInfo'}, + 'email_updated_by_email': {'key': 'updatedBy.email', 'type': 'str'}, + 'name_updated_by_name': {'key': 'updatedBy.name', 'type': 'str'}, + 'object_id_updated_by_object_id': {'key': 'updatedBy.objectId', 'type': 'str'}, + 'email_created_by_email': {'key': 'createdBy.email', 'type': 'str'}, + 'name_created_by_name': {'key': 'createdBy.name', 'type': 'str'}, + 'object_id_created_by_object_id': {'key': 'createdBy.objectId', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + created: Optional[datetime.datetime] = None, + display_name: Optional[str] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + incident_info: Optional["IncidentInfo"] = None, + object_id_updated_by_object_id: Optional[str] = None, + object_id_created_by_object_id: Optional[str] = None, + **kwargs + ): + super(Bookmark, self).__init__(etag=etag, **kwargs) + self.created = created + self.display_name = display_name + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.incident_info = incident_info + self.email_updated_by_email = None + self.name_updated_by_name = None + self.object_id_updated_by_object_id = object_id_updated_by_object_id + self.email_created_by_email = None + self.name_created_by_name = None + self.object_id_created_by_object_id = object_id_created_by_object_id + + +class BookmarkList(msrest.serialization.Model): + """List all the bookmarks. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of cases. + :vartype next_link: str + :param value: Required. Array of bookmarks. + :type value: list[~security_insights.models.Bookmark] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[Bookmark]'}, + } + + def __init__( + self, + *, + value: List["Bookmark"], + **kwargs + ): + super(BookmarkList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class ClientInfo(msrest.serialization.Model): + """Information on the client (user or application) that made some action. + + :param email: The email of the client. + :type email: str + :param name: The name of the client. + :type name: str + :param object_id: The object id of the client. + :type object_id: str + :param user_principal_name: The user principal name of the client. + :type user_principal_name: str + """ + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, + } + + def __init__( + self, + *, + email: Optional[str] = None, + name: Optional[str] = None, + object_id: Optional[str] = None, + user_principal_name: Optional[str] = None, + **kwargs + ): + super(ClientInfo, self).__init__(**kwargs) + self.email = email + self.name = name + self.object_id = object_id + self.user_principal_name = user_principal_name + + +class DataConnectorList(msrest.serialization.Model): + """List all the data connectors. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of data connectors. + :vartype next_link: str + :param value: Required. Array of data connectors. + :type value: list[~security_insights.models.DataConnector] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[DataConnector]'}, + } + + def __init__( + self, + *, + value: List["DataConnector"], + **kwargs + ): + super(DataConnectorList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class DataConnectorTenantId(msrest.serialization.Model): + """Properties data connector on tenant level. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + } + + def __init__( + self, + *, + tenant_id: Optional[str] = None, + **kwargs + ): + super(DataConnectorTenantId, self).__init__(**kwargs) + self.tenant_id = tenant_id + + +class ErrorAdditionalInfo(msrest.serialization.Model): + """The resource management error additional info. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar type: The additional info type. + :vartype type: str + :ivar info: The additional info. + :vartype info: object + """ + + _validation = { + 'type': {'readonly': True}, + 'info': {'readonly': True}, + } + + _attribute_map = { + 'type': {'key': 'type', 'type': 'str'}, + 'info': {'key': 'info', 'type': 'object'}, + } + + def __init__( + self, + **kwargs + ): + super(ErrorAdditionalInfo, self).__init__(**kwargs) + self.type = None + self.info = None + + +class ErrorResponse(msrest.serialization.Model): + """Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar target: The error target. + :vartype target: str + :ivar details: The error details. + :vartype details: list[~security_insights.models.ErrorResponse] + :ivar additional_info: The error additional info. + :vartype additional_info: list[~security_insights.models.ErrorAdditionalInfo] + """ + + _validation = { + 'code': {'readonly': True}, + 'message': {'readonly': True}, + 'target': {'readonly': True}, + 'details': {'readonly': True}, + 'additional_info': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'message': {'key': 'message', 'type': 'str'}, + 'target': {'key': 'target', 'type': 'str'}, + 'details': {'key': 'details', 'type': '[ErrorResponse]'}, + 'additional_info': {'key': 'additionalInfo', 'type': '[ErrorAdditionalInfo]'}, + } + + def __init__( + self, + **kwargs + ): + super(ErrorResponse, self).__init__(**kwargs) + self.code = None + self.message = None + self.target = None + self.details = None + self.additional_info = None + + +class FusionAlertRule(AlertRule): + """Represents Fusion alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :vartype severity: str or ~security_insights.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'description': {'readonly': True}, + 'display_name': {'readonly': True}, + 'last_modified_utc': {'readonly': True}, + 'severity': {'readonly': True}, + 'tactics': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs + ): + super(FusionAlertRule, self).__init__(etag=etag, **kwargs) + self.kind = 'Fusion' # type: str + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.last_modified_utc = None + self.severity = None + self.tactics = None + + +class FusionAlertRuleTemplate(AlertRuleTemplate): + """Represents Fusion alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: list[~security_insights.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~security_insights.models.TemplateStatus + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.AlertSeverity + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "TemplateStatus"]] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + tactics: Optional[List[Union[str, "AttackTactic"]]] = None, + **kwargs + ): + super(FusionAlertRuleTemplate, self).__init__(**kwargs) + self.kind = 'Fusion' # type: str + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.severity = severity + self.tactics = tactics + + +class Incident(ResourceWithEtag): + """Represents an incident in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :ivar additional_data: Additional data on the incident. + :vartype additional_data: ~security_insights.models.IncidentAdditionalData + :param classification: The reason the incident was closed. Possible values include: + "Undetermined", "TruePositive", "BenignPositive", "FalsePositive". + :type classification: str or ~security_insights.models.IncidentClassification + :param classification_comment: Describes the reason the incident was closed. + :type classification_comment: str + :param classification_reason: The classification reason the incident was closed with. Possible + values include: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", + "InaccurateData". + :type classification_reason: str or ~security_insights.models.IncidentClassificationReason + :ivar created_time_utc: The time the incident was created. + :vartype created_time_utc: ~datetime.datetime + :param description: The description of the incident. + :type description: str + :param first_activity_time_utc: The time of the first activity in the incident. + :type first_activity_time_utc: ~datetime.datetime + :ivar incident_url: The deep-link url to the incident in Azure portal. + :vartype incident_url: str + :ivar incident_number: A sequential number. + :vartype incident_number: int + :param labels: List of labels relevant to this incident. + :type labels: list[~security_insights.models.IncidentLabel] + :param last_activity_time_utc: The time of the last activity in the incident. + :type last_activity_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The last time the incident was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :param owner: Describes a user that the incident is assigned to. + :type owner: ~security_insights.models.IncidentOwnerInfo + :ivar related_analytic_rule_ids: List of resource ids of Analytic rules related to the + incident. + :vartype related_analytic_rule_ids: list[str] + :param severity: The severity of the incident. Possible values include: "High", "Medium", + "Low", "Informational". + :type severity: str or ~security_insights.models.IncidentSeverity + :param status: The status of the incident. Possible values include: "New", "Active", "Closed". + :type status: str or ~security_insights.models.IncidentStatus + :param title: The title of the incident. + :type title: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'additional_data': {'readonly': True}, + 'created_time_utc': {'readonly': True}, + 'incident_url': {'readonly': True}, + 'incident_number': {'readonly': True}, + 'last_modified_time_utc': {'readonly': True}, + 'related_analytic_rule_ids': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'additional_data': {'key': 'properties.additionalData', 'type': 'IncidentAdditionalData'}, + 'classification': {'key': 'properties.classification', 'type': 'str'}, + 'classification_comment': {'key': 'properties.classificationComment', 'type': 'str'}, + 'classification_reason': {'key': 'properties.classificationReason', 'type': 'str'}, + 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'first_activity_time_utc': {'key': 'properties.firstActivityTimeUtc', 'type': 'iso-8601'}, + 'incident_url': {'key': 'properties.incidentUrl', 'type': 'str'}, + 'incident_number': {'key': 'properties.incidentNumber', 'type': 'int'}, + 'labels': {'key': 'properties.labels', 'type': '[IncidentLabel]'}, + 'last_activity_time_utc': {'key': 'properties.lastActivityTimeUtc', 'type': 'iso-8601'}, + 'last_modified_time_utc': {'key': 'properties.lastModifiedTimeUtc', 'type': 'iso-8601'}, + 'owner': {'key': 'properties.owner', 'type': 'IncidentOwnerInfo'}, + 'related_analytic_rule_ids': {'key': 'properties.relatedAnalyticRuleIds', 'type': '[str]'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'title': {'key': 'properties.title', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + classification: Optional[Union[str, "IncidentClassification"]] = None, + classification_comment: Optional[str] = None, + classification_reason: Optional[Union[str, "IncidentClassificationReason"]] = None, + description: Optional[str] = None, + first_activity_time_utc: Optional[datetime.datetime] = None, + labels: Optional[List["IncidentLabel"]] = None, + last_activity_time_utc: Optional[datetime.datetime] = None, + owner: Optional["IncidentOwnerInfo"] = None, + severity: Optional[Union[str, "IncidentSeverity"]] = None, + status: Optional[Union[str, "IncidentStatus"]] = None, + title: Optional[str] = None, + **kwargs + ): + super(Incident, self).__init__(etag=etag, **kwargs) + self.additional_data = None + self.classification = classification + self.classification_comment = classification_comment + self.classification_reason = classification_reason + self.created_time_utc = None + self.description = description + self.first_activity_time_utc = first_activity_time_utc + self.incident_url = None + self.incident_number = None + self.labels = labels + self.last_activity_time_utc = last_activity_time_utc + self.last_modified_time_utc = None + self.owner = owner + self.related_analytic_rule_ids = None + self.severity = severity + self.status = status + self.title = title + + +class IncidentAdditionalData(msrest.serialization.Model): + """Incident additional data property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar alerts_count: The number of alerts in the incident. + :vartype alerts_count: int + :ivar bookmarks_count: The number of bookmarks in the incident. + :vartype bookmarks_count: int + :ivar comments_count: The number of comments in the incident. + :vartype comments_count: int + :ivar alert_product_names: List of product names of alerts in the incident. + :vartype alert_product_names: list[str] + :ivar tactics: The tactics associated with incident. + :vartype tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'alerts_count': {'readonly': True}, + 'bookmarks_count': {'readonly': True}, + 'comments_count': {'readonly': True}, + 'alert_product_names': {'readonly': True}, + 'tactics': {'readonly': True}, + } + + _attribute_map = { + 'alerts_count': {'key': 'alertsCount', 'type': 'int'}, + 'bookmarks_count': {'key': 'bookmarksCount', 'type': 'int'}, + 'comments_count': {'key': 'commentsCount', 'type': 'int'}, + 'alert_product_names': {'key': 'alertProductNames', 'type': '[str]'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(IncidentAdditionalData, self).__init__(**kwargs) + self.alerts_count = None + self.bookmarks_count = None + self.comments_count = None + self.alert_product_names = None + self.tactics = None + + +class IncidentComment(Resource): + """Represents an incident comment. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :ivar created_time_utc: The time the comment was created. + :vartype created_time_utc: ~datetime.datetime + :param message: The comment message. + :type message: str + :ivar author: Describes the client that created the comment. + :vartype author: ~security_insights.models.ClientInfo + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'created_time_utc': {'readonly': True}, + 'author': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'message': {'key': 'properties.message', 'type': 'str'}, + 'author': {'key': 'properties.author', 'type': 'ClientInfo'}, + } + + def __init__( + self, + *, + message: Optional[str] = None, + **kwargs + ): + super(IncidentComment, self).__init__(**kwargs) + self.created_time_utc = None + self.message = message + self.author = None + + +class IncidentCommentList(msrest.serialization.Model): + """List of incident comments. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of comments. + :vartype next_link: str + :param value: Required. Array of comments. + :type value: list[~security_insights.models.IncidentComment] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[IncidentComment]'}, + } + + def __init__( + self, + *, + value: List["IncidentComment"], + **kwargs + ): + super(IncidentCommentList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class IncidentInfo(msrest.serialization.Model): + """Describes related incident information for the bookmark. + + All required parameters must be populated in order to send to Azure. + + :param incident_id: Required. Incident Id. + :type incident_id: str + :param severity: Required. The severity of the incident. Possible values include: "Critical", + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.CaseSeverity + :param title: Required. The title of the incident. + :type title: str + :param relation_name: Required. Relation Name. + :type relation_name: str + """ + + _validation = { + 'incident_id': {'required': True}, + 'severity': {'required': True}, + 'title': {'required': True}, + 'relation_name': {'required': True}, + } + + _attribute_map = { + 'incident_id': {'key': 'incidentId', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'title': {'key': 'title', 'type': 'str'}, + 'relation_name': {'key': 'relationName', 'type': 'str'}, + } + + def __init__( + self, + *, + incident_id: str, + severity: Union[str, "CaseSeverity"], + title: str, + relation_name: str, + **kwargs + ): + super(IncidentInfo, self).__init__(**kwargs) + self.incident_id = incident_id + self.severity = severity + self.title = title + self.relation_name = relation_name + + +class IncidentLabel(msrest.serialization.Model): + """Represents an incident label. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param label_name: Required. The name of the label. + :type label_name: str + :ivar label_type: The type of the label. Possible values include: "User", "System". + :vartype label_type: str or ~security_insights.models.IncidentLabelType + """ + + _validation = { + 'label_name': {'required': True}, + 'label_type': {'readonly': True}, + } + + _attribute_map = { + 'label_name': {'key': 'labelName', 'type': 'str'}, + 'label_type': {'key': 'labelType', 'type': 'str'}, + } + + def __init__( + self, + *, + label_name: str, + **kwargs + ): + super(IncidentLabel, self).__init__(**kwargs) + self.label_name = label_name + self.label_type = None + + +class IncidentList(msrest.serialization.Model): + """List all the incidents. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of incidents. + :vartype next_link: str + :param value: Required. Array of incidents. + :type value: list[~security_insights.models.Incident] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[Incident]'}, + } + + def __init__( + self, + *, + value: List["Incident"], + **kwargs + ): + super(IncidentList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class IncidentOwnerInfo(msrest.serialization.Model): + """Information on the user an incident is assigned to. + + :param email: The email of the user the incident is assigned to. + :type email: str + :param assigned_to: The name of the user the incident is assigned to. + :type assigned_to: str + :param object_id: The object id of the user the incident is assigned to. + :type object_id: str + :param user_principal_name: The user principal name of the user the incident is assigned to. + :type user_principal_name: str + """ + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'assigned_to': {'key': 'assignedTo', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, + } + + def __init__( + self, + *, + email: Optional[str] = None, + assigned_to: Optional[str] = None, + object_id: Optional[str] = None, + user_principal_name: Optional[str] = None, + **kwargs + ): + super(IncidentOwnerInfo, self).__init__(**kwargs) + self.email = email + self.assigned_to = assigned_to + self.object_id = object_id + self.user_principal_name = user_principal_name + + +class MCASDataConnector(DataConnector): + """Represents MCAS (Microsoft Cloud App Security) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state_data_types_alerts_state: Describe whether this data type connection is enabled or + not. Possible values include: "Enabled", "Disabled". + :type state_data_types_alerts_state: str or ~security_insights.models.DataTypeState + :param state_data_types_discovery_logs_state: Describe whether this data type connection is + enabled or not. Possible values include: "Enabled", "Disabled". + :type state_data_types_discovery_logs_state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state_data_types_alerts_state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'state_data_types_discovery_logs_state': {'key': 'dataTypes.discoveryLogs.state', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + state_data_types_alerts_state: Optional[Union[str, "DataTypeState"]] = None, + state_data_types_discovery_logs_state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(MCASDataConnector, self).__init__(etag=etag, **kwargs) + self.kind = 'MicrosoftCloudAppSecurity' # type: str + self.tenant_id = tenant_id + self.state_data_types_alerts_state = state_data_types_alerts_state + self.state_data_types_discovery_logs_state = state_data_types_discovery_logs_state + + +class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data connector. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + :param state_discovery_logs_state: Describe whether this data type connection is enabled or + not. Possible values include: "Enabled", "Disabled". + :type state_discovery_logs_state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'alerts.state', 'type': 'str'}, + 'state_discovery_logs_state': {'key': 'discoveryLogs.state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + state_discovery_logs_state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(MCASDataConnectorDataTypes, self).__init__(state=state, **kwargs) + self.state_discovery_logs_state = state_discovery_logs_state + + +class MDATPDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(MDATPDataConnector, self).__init__(etag=etag, **kwargs) + self.kind = 'MicrosoftDefenderAdvancedThreatProtection' # type: str + self.tenant_id = tenant_id + self.state = state + + +class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): + """Represents MicrosoftSecurityIncidentCreation rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :type display_names_exclude_filter: list[str] + :param product_filter: The alerts' productName on which the cases will be generated. Possible + values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". + :type product_filter: str or ~security_insights.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~security_insights.models.AlertSeverity] + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'properties.displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRule, self).__init__(etag=etag, **kwargs) + self.kind = 'MicrosoftSecurityIncidentCreation' # type: str + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(msrest.serialization.Model): + """MicrosoftSecurityIncidentCreation rule common property bag. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :type display_names_exclude_filter: list[str] + :param product_filter: Required. The alerts' productName on which the cases will be generated. + Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT". + :type product_filter: str or ~security_insights.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~security_insights.models.AlertSeverity] + """ + + _validation = { + 'product_filter': {'required': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + } + + def __init__( + self, + *, + product_filter: Union[str, "MicrosoftSecurityProductName"], + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "AlertSeverity"]]] = None, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties, self).__init__(**kwargs) + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): + """MicrosoftSecurityIncidentCreation rule property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :type display_names_exclude_filter: list[str] + :param product_filter: Required. The alerts' productName on which the cases will be generated. + Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT". + :type product_filter: str or ~security_insights.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~security_insights.models.AlertSeverity] + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + 'product_filter': {'required': True}, + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + 'alert_rule_template_name': {'key': 'alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'lastModifiedUtc', 'type': 'iso-8601'}, + } + + def __init__( + self, + *, + product_filter: Union[str, "MicrosoftSecurityProductName"], + display_name: str, + enabled: bool, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleProperties, self).__init__(display_names_filter=display_names_filter, display_names_exclude_filter=display_names_exclude_filter, product_filter=product_filter, severities_filter=severities_filter, **kwargs) + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplate(AlertRuleTemplate): + """Represents MicrosoftSecurityIncidentCreation rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: list[~security_insights.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~security_insights.models.TemplateStatus + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :type display_names_exclude_filter: list[str] + :param product_filter: The alerts' productName on which the cases will be generated. Possible + values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". + :type product_filter: str or ~security_insights.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~security_insights.models.AlertSeverity] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'display_names_exclude_filter': {'key': 'properties.displayNamesExcludeFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "TemplateStatus"]] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "AlertSeverity"]]] = None, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleTemplate, self).__init__(**kwargs) + self.kind = 'MicrosoftSecurityIncidentCreation' # type: str + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class OfficeConsent(Resource): + """Consent for Office365 tenant that already made. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param tenant_id: The tenantId of the Office365 with the consent. + :type tenant_id: str + :ivar tenant_name: The tenant name of the Office365 with the consent. + :vartype tenant_name: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'tenant_name': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'tenant_name': {'key': 'properties.tenantName', 'type': 'str'}, + } + + def __init__( + self, + *, + tenant_id: Optional[str] = None, + **kwargs + ): + super(OfficeConsent, self).__init__(**kwargs) + self.tenant_id = tenant_id + self.tenant_name = None + + +class OfficeConsentList(msrest.serialization.Model): + """List of all the office365 consents. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of office consents. + :vartype next_link: str + :param value: Required. Array of the consents. + :type value: list[~security_insights.models.OfficeConsent] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[OfficeConsent]'}, + } + + def __init__( + self, + *, + value: List["OfficeConsent"], + **kwargs + ): + super(OfficeConsentList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class OfficeDataConnector(DataConnector): + """Represents office data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state_data_types_share_point_state: Describe whether this data type connection is + enabled or not. Possible values include: "Enabled", "Disabled". + :type state_data_types_share_point_state: str or ~security_insights.models.DataTypeState + :param state_data_types_exchange_state: Describe whether this data type connection is enabled + or not. Possible values include: "Enabled", "Disabled". + :type state_data_types_exchange_state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state_data_types_share_point_state': {'key': 'dataTypes.sharePoint.state', 'type': 'str'}, + 'state_data_types_exchange_state': {'key': 'dataTypes.exchange.state', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + state_data_types_share_point_state: Optional[Union[str, "DataTypeState"]] = None, + state_data_types_exchange_state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(OfficeDataConnector, self).__init__(etag=etag, **kwargs) + self.kind = 'Office365' # type: str + self.tenant_id = tenant_id + self.state_data_types_share_point_state = state_data_types_share_point_state + self.state_data_types_exchange_state = state_data_types_exchange_state + + +class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): + """Exchange data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(OfficeDataConnectorDataTypesExchange, self).__init__(state=state, **kwargs) + + +class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): + """SharePoint data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(OfficeDataConnectorDataTypesSharePoint, self).__init__(state=state, **kwargs) + + +class Operation(msrest.serialization.Model): + """Operation provided by provider. + + :param display: Properties of the operation. + :type display: ~security_insights.models.OperationDisplay + :param name: Name of the operation. + :type name: str + """ + + _attribute_map = { + 'display': {'key': 'display', 'type': 'OperationDisplay'}, + 'name': {'key': 'name', 'type': 'str'}, + } + + def __init__( + self, + *, + display: Optional["OperationDisplay"] = None, + name: Optional[str] = None, + **kwargs + ): + super(Operation, self).__init__(**kwargs) + self.display = display + self.name = name + + +class OperationDisplay(msrest.serialization.Model): + """Properties of the operation. + + :param description: Description of the operation. + :type description: str + :param operation: Operation name. + :type operation: str + :param provider: Provider name. + :type provider: str + :param resource: Resource name. + :type resource: str + """ + + _attribute_map = { + 'description': {'key': 'description', 'type': 'str'}, + 'operation': {'key': 'operation', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'resource': {'key': 'resource', 'type': 'str'}, + } + + def __init__( + self, + *, + description: Optional[str] = None, + operation: Optional[str] = None, + provider: Optional[str] = None, + resource: Optional[str] = None, + **kwargs + ): + super(OperationDisplay, self).__init__(**kwargs) + self.description = description + self.operation = operation + self.provider = provider + self.resource = resource + + +class OperationsList(msrest.serialization.Model): + """Lists the operations available in the SecurityInsights RP. + + All required parameters must be populated in order to send to Azure. + + :param next_link: URL to fetch the next set of operations. + :type next_link: str + :param value: Required. Array of operations. + :type value: list[~security_insights.models.Operation] + """ + + _validation = { + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[Operation]'}, + } + + def __init__( + self, + *, + value: List["Operation"], + next_link: Optional[str] = None, + **kwargs + ): + super(OperationsList, self).__init__(**kwargs) + self.next_link = next_link + self.value = value + + +class ScheduledAlertRule(AlertRule): + """Represents scheduled alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~security_insights.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :param suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :type suppression_duration: ~datetime.timedelta + :param suppression_enabled: Determines whether the suppression for this alert rule is enabled + or disabled. + :type suppression_enabled: bool + :param tactics: The tactics of the alert rule. + :type tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'suppression_duration': {'key': 'properties.suppressionDuration', 'type': 'duration'}, + 'suppression_enabled': {'key': 'properties.suppressionEnabled', 'type': 'bool'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + suppression_duration: Optional[datetime.timedelta] = None, + suppression_enabled: Optional[bool] = None, + tactics: Optional[List[Union[str, "AttackTactic"]]] = None, + **kwargs + ): + super(ScheduledAlertRule, self).__init__(etag=etag, **kwargs) + self.kind = 'Scheduled' # type: str + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + self.suppression_duration = suppression_duration + self.suppression_enabled = suppression_enabled + self.tactics = tactics + + +class ScheduledAlertRuleCommonProperties(msrest.serialization.Model): + """Schedule alert rule template property bag. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~security_insights.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + """ + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + } + + def __init__( + self, + *, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + **kwargs + ): + super(ScheduledAlertRuleCommonProperties, self).__init__(**kwargs) + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + + +class ScheduledAlertRuleProperties(ScheduledAlertRuleCommonProperties): + """Scheduled alert rule base property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~security_insights.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :param suppression_duration: Required. The suppression (in ISO 8601 duration format) to wait + since last time this alert rule been triggered. + :type suppression_duration: ~datetime.timedelta + :param suppression_enabled: Required. Determines whether the suppression for this alert rule is + enabled or disabled. + :type suppression_enabled: bool + :param tactics: The tactics of the alert rule. + :type tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + 'suppression_duration': {'required': True}, + 'suppression_enabled': {'required': True}, + } + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + 'alert_rule_template_name': {'key': 'alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'lastModifiedUtc', 'type': 'iso-8601'}, + 'suppression_duration': {'key': 'suppressionDuration', 'type': 'duration'}, + 'suppression_enabled': {'key': 'suppressionEnabled', 'type': 'bool'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + display_name: str, + enabled: bool, + suppression_duration: datetime.timedelta, + suppression_enabled: bool, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + tactics: Optional[List[Union[str, "AttackTactic"]]] = None, + **kwargs + ): + super(ScheduledAlertRuleProperties, self).__init__(query=query, query_frequency=query_frequency, query_period=query_period, severity=severity, trigger_operator=trigger_operator, trigger_threshold=trigger_threshold, **kwargs) + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + self.suppression_duration = suppression_duration + self.suppression_enabled = suppression_enabled + self.tactics = tactics + + +class ScheduledAlertRuleTemplate(AlertRuleTemplate): + """Represents scheduled alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param kind: Required. The alert rule kind.Constant filled by server. Possible values include: + "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~security_insights.models.AlertRuleKind + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: list[~security_insights.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~security_insights.models.TemplateStatus + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~security_insights.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~security_insights.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~security_insights.models.AttackTactic] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "TemplateStatus"]] = None, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + tactics: Optional[List[Union[str, "AttackTactic"]]] = None, + **kwargs + ): + super(ScheduledAlertRuleTemplate, self).__init__(**kwargs) + self.kind = 'Scheduled' # type: str + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + self.tactics = tactics + + +class Settings(ResourceWithEtag): + """The Settings. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ToggleSettings, UebaSettings. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "UebaSettings", "ToggleSettings". + :type kind: str or ~security_insights.models.SettingKind + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'ToggleSettings': 'ToggleSettings', 'UebaSettings': 'UebaSettings'} + } + + def __init__( + self, + *, + etag: Optional[str] = None, + **kwargs + ): + super(Settings, self).__init__(etag=etag, **kwargs) + self.kind = 'Settings' # type: str + + +class ThreatIntelligence(msrest.serialization.Model): + """ThreatIntelligence property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar confidence: Confidence (must be between 0 and 1). + :vartype confidence: float + :ivar provider_name: Name of the provider from whom this Threat Intelligence information was + received. + :vartype provider_name: str + :ivar report_link: Report link. + :vartype report_link: str + :ivar threat_description: Threat description (free text). + :vartype threat_description: str + :ivar threat_name: Threat name (e.g. "Jedobot malware"). + :vartype threat_name: str + :ivar threat_type: Threat type (e.g. "Botnet"). + :vartype threat_type: str + """ + + _validation = { + 'confidence': {'readonly': True}, + 'provider_name': {'readonly': True}, + 'report_link': {'readonly': True}, + 'threat_description': {'readonly': True}, + 'threat_name': {'readonly': True}, + 'threat_type': {'readonly': True}, + } + + _attribute_map = { + 'confidence': {'key': 'confidence', 'type': 'float'}, + 'provider_name': {'key': 'providerName', 'type': 'str'}, + 'report_link': {'key': 'reportLink', 'type': 'str'}, + 'threat_description': {'key': 'threatDescription', 'type': 'str'}, + 'threat_name': {'key': 'threatName', 'type': 'str'}, + 'threat_type': {'key': 'threatType', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ThreatIntelligence, self).__init__(**kwargs) + self.confidence = None + self.provider_name = None + self.report_link = None + self.threat_description = None + self.threat_name = None + self.threat_type = None + + +class TIDataConnector(DataConnector): + """Represents threat intelligence data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~security_insights.models.DataConnectorKind + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'state': {'key': 'dataTypes.indicators.state', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(TIDataConnector, self).__init__(etag=etag, **kwargs) + self.kind = 'ThreatIntelligence' # type: str + self.tenant_id = tenant_id + self.state = state + + +class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + """Data type for indicators connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(TIDataConnectorDataTypesIndicators, self).__init__(state=state, **kwargs) + + +class ToggleSettings(Settings): + """Settings with single toggle. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "UebaSettings", "ToggleSettings". + :type kind: str or ~security_insights.models.SettingKind + :param is_enabled: Determines whether the setting is enable or disabled. + :type is_enabled: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + is_enabled: Optional[bool] = None, + **kwargs + ): + super(ToggleSettings, self).__init__(etag=etag, **kwargs) + self.kind = 'ToggleSettings' # type: str + self.is_enabled = is_enabled + + +class UebaSettings(Settings): + """Represents settings for User and Entity Behavior Analytics enablement. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: Required. The data connector kind.Constant filled by server. Possible values + include: "UebaSettings", "ToggleSettings". + :type kind: str or ~security_insights.models.SettingKind + :ivar atp_license_status: Determines whether the tenant has ATP (Advanced Threat Protection) + license. Possible values include: "Enabled", "Disabled". + :vartype atp_license_status: str or ~security_insights.models.LicenseStatus + :param is_enabled: Determines whether User and Entity Behavior Analytics is enabled for this + workspace. + :type is_enabled: bool + :ivar status_in_mcas: Determines whether User and Entity Behavior Analytics is enabled from + MCAS (Microsoft Cloud App Security). Possible values include: "Enabled", "Disabled". + :vartype status_in_mcas: str or ~security_insights.models.StatusInMCAS + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, + 'atp_license_status': {'readonly': True}, + 'status_in_mcas': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'atp_license_status': {'key': 'properties.atpLicenseStatus', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + 'status_in_mcas': {'key': 'properties.statusInMcas', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + is_enabled: Optional[bool] = None, + **kwargs + ): + super(UebaSettings, self).__init__(etag=etag, **kwargs) + self.kind = 'UebaSettings' # type: str + self.atp_license_status = None + self.is_enabled = is_enabled + self.status_in_mcas = None diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py new file mode 100644 index 00000000000..ff1e2d1db57 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py @@ -0,0 +1,182 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from enum import Enum, EnumMeta +from six import with_metaclass + +class _CaseInsensitiveEnumMeta(EnumMeta): + def __getitem__(self, name): + return super().__getitem__(name.upper()) + + def __getattr__(cls, name): + """Return the enum member matching `name` + We use __getattr__ instead of descriptors or inserting into the enum + class' __dict__ in order to support `name` and `value` being both + properties for enum members (which live in the class' __dict__) and + enum members themselves. + """ + try: + return cls._member_map_[name.upper()] + except KeyError: + raise AttributeError(name) + + +class AlertRuleKind(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The kind of the alert rule + """ + + SCHEDULED = "Scheduled" + MICROSOFT_SECURITY_INCIDENT_CREATION = "MicrosoftSecurityIncidentCreation" + FUSION = "Fusion" + +class AlertSeverity(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The severity of the alert + """ + + HIGH = "High" #: High severity. + MEDIUM = "Medium" #: Medium severity. + LOW = "Low" #: Low severity. + INFORMATIONAL = "Informational" #: Informational severity. + +class AttackTactic(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The severity for alerts created by this alert rule. + """ + + INITIAL_ACCESS = "InitialAccess" + EXECUTION = "Execution" + PERSISTENCE = "Persistence" + PRIVILEGE_ESCALATION = "PrivilegeEscalation" + DEFENSE_EVASION = "DefenseEvasion" + CREDENTIAL_ACCESS = "CredentialAccess" + DISCOVERY = "Discovery" + LATERAL_MOVEMENT = "LateralMovement" + COLLECTION = "Collection" + EXFILTRATION = "Exfiltration" + COMMAND_AND_CONTROL = "CommandAndControl" + IMPACT = "Impact" + +class CaseSeverity(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The severity of the incident + """ + + CRITICAL = "Critical" #: Critical severity. + HIGH = "High" #: High severity. + MEDIUM = "Medium" #: Medium severity. + LOW = "Low" #: Low severity. + INFORMATIONAL = "Informational" #: Informational severity. + +class DataConnectorKind(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The kind of the data connector + """ + + AZURE_ACTIVE_DIRECTORY = "AzureActiveDirectory" + AZURE_SECURITY_CENTER = "AzureSecurityCenter" + MICROSOFT_CLOUD_APP_SECURITY = "MicrosoftCloudAppSecurity" + THREAT_INTELLIGENCE = "ThreatIntelligence" + OFFICE365 = "Office365" + AMAZON_WEB_SERVICES_CLOUD_TRAIL = "AmazonWebServicesCloudTrail" + AZURE_ADVANCED_THREAT_PROTECTION = "AzureAdvancedThreatProtection" + MICROSOFT_DEFENDER_ADVANCED_THREAT_PROTECTION = "MicrosoftDefenderAdvancedThreatProtection" + +class DataTypeState(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """Describe whether this data type connection is enabled or not. + """ + + ENABLED = "Enabled" + DISABLED = "Disabled" + +class IncidentClassification(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The reason the incident was closed + """ + + UNDETERMINED = "Undetermined" #: Incident classification was undetermined. + TRUE_POSITIVE = "TruePositive" #: Incident was true positive. + BENIGN_POSITIVE = "BenignPositive" #: Incident was benign positive. + FALSE_POSITIVE = "FalsePositive" #: Incident was false positive. + +class IncidentClassificationReason(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The classification reason the incident was closed with + """ + + SUSPICIOUS_ACTIVITY = "SuspiciousActivity" #: Classification reason was suspicious activity. + SUSPICIOUS_BUT_EXPECTED = "SuspiciousButExpected" #: Classification reason was suspicious but expected. + INCORRECT_ALERT_LOGIC = "IncorrectAlertLogic" #: Classification reason was incorrect alert logic. + INACCURATE_DATA = "InaccurateData" #: Classification reason was inaccurate data. + +class IncidentLabelType(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The type of the label + """ + + USER = "User" #: Label manually created by a user. + SYSTEM = "System" #: Label automatically created by the system. + +class IncidentSeverity(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The severity of the incident + """ + + HIGH = "High" #: High severity. + MEDIUM = "Medium" #: Medium severity. + LOW = "Low" #: Low severity. + INFORMATIONAL = "Informational" #: Informational severity. + +class IncidentStatus(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The status of the incident + """ + + NEW = "New" #: An active incident which isn't being handled currently. + ACTIVE = "Active" #: An active incident which is being handled. + CLOSED = "Closed" #: A non-active incident. + +class LicenseStatus(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """Determines whether the tenant has ATP (Advanced Threat Protection) license. + """ + + ENABLED = "Enabled" + DISABLED = "Disabled" + +class MicrosoftSecurityProductName(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The alerts' productName on which the cases will be generated + """ + + MICROSOFT_CLOUD_APP_SECURITY = "Microsoft Cloud App Security" + AZURE_SECURITY_CENTER = "Azure Security Center" + AZURE_ADVANCED_THREAT_PROTECTION = "Azure Advanced Threat Protection" + AZURE_ACTIVE_DIRECTORY_IDENTITY_PROTECTION = "Azure Active Directory Identity Protection" + AZURE_SECURITY_CENTER_FOR_IO_T = "Azure Security Center for IoT" + +class SettingKind(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The kind of the setting + """ + + UEBA_SETTINGS = "UebaSettings" + TOGGLE_SETTINGS = "ToggleSettings" + +class StatusInMCAS(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App + Security). + """ + + ENABLED = "Enabled" + DISABLED = "Disabled" + +class TemplateStatus(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The alert rule template status. + """ + + INSTALLED = "Installed" #: Alert rule template installed. and can not use more then once. + AVAILABLE = "Available" #: Alert rule template is available. + NOT_AVAILABLE = "NotAvailable" #: Alert rule template is not available. + +class TriggerOperator(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): + """The operation against the threshold that triggers alert rule. + """ + + GREATER_THAN = "GreaterThan" + LESS_THAN = "LessThan" + EQUAL = "Equal" + NOT_EQUAL = "NotEqual" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py new file mode 100644 index 00000000000..5e67996dcd4 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py @@ -0,0 +1,27 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from ._operation_operations import OperationOperations +from ._alert_rule_operations import AlertRuleOperations +from ._action_operations import ActionOperations +from ._alert_rule_template_operations import AlertRuleTemplateOperations +from ._bookmark_operations import BookmarkOperations +from ._data_connector_operations import DataConnectorOperations +from ._incident_operations import IncidentOperations +from ._incident_comment_operations import IncidentCommentOperations + +__all__ = [ + 'OperationOperations', + 'AlertRuleOperations', + 'ActionOperations', + 'AlertRuleTemplateOperations', + 'BookmarkOperations', + 'DataConnectorOperations', + 'IncidentOperations', + 'IncidentCommentOperations', +] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py new file mode 100644 index 00000000000..a0eaa43cf9a --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py @@ -0,0 +1,126 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class ActionOperations(object): + """ActionOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list_by_alert_rule( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> Iterable["models.ActionsList"] + """Gets all actions of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ActionsList or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.ActionsList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionsList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list_by_alert_rule.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('ActionsList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py new file mode 100644 index 00000000000..f91eef2b673 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py @@ -0,0 +1,546 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class AlertRuleOperations(object): + """AlertRuleOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name, # type: str + workspace_name, # type: str + **kwargs # type: Any + ): + # type: (...) -> Iterable["models.AlertRulesList"] + """Gets all alert rules. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either AlertRulesList or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.AlertRulesList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRulesList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('AlertRulesList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} # type: ignore + + def get( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.AlertRule" + """Gets the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule, or the result of cls(response) + :rtype: ~security_insights.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore + + def create_or_update( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + alert_rule, # type: "models.AlertRule" + **kwargs # type: Any + ): + # type: (...) -> "models.AlertRule" + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param alert_rule: The alert rule. + :type alert_rule: ~security_insights.models.AlertRule + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule, or the result of cls(response) + :rtype: ~security_insights.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(alert_rule, 'AlertRule') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore + + def delete( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + """Delete the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore + + def get_action( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + action_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.ActionResponse" + """Gets the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse, or the result of cls(response) + :rtype: ~security_insights.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get_action.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore + + def create_or_update_action( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + action_id, # type: str + etag=None, # type: Optional[str] + logic_app_resource_id=None, # type: Optional[str] + trigger_uri=None, # type: Optional[str] + **kwargs # type: Any + ): + # type: (...) -> "models.ActionResponse" + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :param etag: Etag of the azure resource. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my- + subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- + workflow-id}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse, or the result of cls(response) + :rtype: ~security_insights.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + + action = models.ActionRequest(etag=etag, logic_app_resource_id=logic_app_resource_id, trigger_uri=trigger_uri) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update_action.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(action, 'ActionRequest') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore + + def delete_action( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + action_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + """Delete the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete_action.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py new file mode 100644 index 00000000000..2dad458b3f7 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py @@ -0,0 +1,186 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class AlertRuleTemplateOperations(object): + """AlertRuleTemplateOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name, # type: str + workspace_name, # type: str + **kwargs # type: Any + ): + # type: (...) -> Iterable["models.AlertRuleTemplatesList"] + """Gets all alert rule templates. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either AlertRuleTemplatesList or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.AlertRuleTemplatesList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRuleTemplatesList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('AlertRuleTemplatesList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates'} # type: ignore + + def get( + self, + resource_group_name, # type: str + workspace_name, # type: str + alert_rule_template_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.AlertRuleTemplate" + """Gets the alert rule template. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param alert_rule_template_id: Alert rule template ID. + :type alert_rule_template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRuleTemplate, or the result of cls(response) + :rtype: ~security_insights.models.AlertRuleTemplate + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRuleTemplate"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'alertRuleTemplateId': self._serialize.url("alert_rule_template_id", alert_rule_template_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('AlertRuleTemplate', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py new file mode 100644 index 00000000000..0121790c420 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py @@ -0,0 +1,353 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +import datetime +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Iterable, List, Optional, TypeVar, Union + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class BookmarkOperations(object): + """BookmarkOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name, # type: str + workspace_name, # type: str + **kwargs # type: Any + ): + # type: (...) -> Iterable["models.BookmarkList"] + """Gets all bookmarks. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either BookmarkList or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.BookmarkList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.BookmarkList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('BookmarkList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks'} # type: ignore + + def get( + self, + resource_group_name, # type: str + workspace_name, # type: str + bookmark_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.Bookmark" + """Gets a bookmark. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param bookmark_id: Bookmark ID. + :type bookmark_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Bookmark, or the result of cls(response) + :rtype: ~security_insights.models.Bookmark + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.Bookmark"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('Bookmark', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore + + def create_or_update( + self, + resource_group_name, # type: str + workspace_name, # type: str + bookmark_id, # type: str + etag=None, # type: Optional[str] + created=None, # type: Optional[datetime.datetime] + display_name=None, # type: Optional[str] + labels=None, # type: Optional[List[str]] + notes=None, # type: Optional[str] + query=None, # type: Optional[str] + query_result=None, # type: Optional[str] + updated=None, # type: Optional[datetime.datetime] + incident_info=None, # type: Optional["models.IncidentInfo"] + object_id=None, # type: Optional[str] + **kwargs # type: Any + ): + # type: (...) -> "models.Bookmark" + """Creates or updates the bookmark. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param bookmark_id: Bookmark ID. + :type bookmark_id: str + :param etag: Etag of the azure resource. + :type etag: str + :param created: The time the bookmark was created. + :type created: ~datetime.datetime + :param display_name: The display name of the bookmark. + :type display_name: str + :param labels: List of labels relevant to this bookmark. + :type labels: list[str] + :param notes: The notes of the bookmark. + :type notes: str + :param query: The query of the bookmark. + :type query: str + :param query_result: The query result of the bookmark. + :type query_result: str + :param updated: The last time the bookmark was updated. + :type updated: ~datetime.datetime + :param incident_info: Describes an incident that relates to bookmark. + :type incident_info: ~security_insights.models.IncidentInfo + :param object_id: The object id of the user. + :type object_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Bookmark, or the result of cls(response) + :rtype: ~security_insights.models.Bookmark + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.Bookmark"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + + bookmark = models.Bookmark(etag=etag, created=created, display_name=display_name, labels=labels, notes=notes, query=query, query_result=query_result, updated=updated, incident_info=incident_info, object_id_updated_by_object_id=object_id) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(bookmark, 'Bookmark') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('Bookmark', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('Bookmark', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore + + def delete( + self, + resource_group_name, # type: str + workspace_name, # type: str + bookmark_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + """Delete the bookmark. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param bookmark_id: Bookmark ID. + :type bookmark_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py new file mode 100644 index 00000000000..8fd8df7be38 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py @@ -0,0 +1,323 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class DataConnectorOperations(object): + """DataConnectorOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name, # type: str + workspace_name, # type: str + **kwargs # type: Any + ): + # type: (...) -> Iterable["models.DataConnectorList"] + """Gets all data connectors. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either DataConnectorList or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.DataConnectorList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnectorList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('DataConnectorList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors'} # type: ignore + + def get( + self, + resource_group_name, # type: str + workspace_name, # type: str + data_connector_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.DataConnector" + """Gets a data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector, or the result of cls(response) + :rtype: ~security_insights.models.DataConnector + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('DataConnector', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore + + def create_or_update( + self, + resource_group_name, # type: str + workspace_name, # type: str + data_connector_id, # type: str + data_connector, # type: "models.DataConnector" + **kwargs # type: Any + ): + # type: (...) -> "models.DataConnector" + """Creates or updates the data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :param data_connector: The data connector. + :type data_connector: ~security_insights.models.DataConnector + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector, or the result of cls(response) + :rtype: ~security_insights.models.DataConnector + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(data_connector, 'DataConnector') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('DataConnector', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('DataConnector', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore + + def delete( + self, + resource_group_name, # type: str + workspace_name, # type: str + data_connector_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + """Delete the data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py new file mode 100644 index 00000000000..ebed41e74ae --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py @@ -0,0 +1,294 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class IncidentCommentOperations(object): + """IncidentCommentOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list_by_incident( + self, + resource_group_name, # type: str + workspace_name, # type: str + incident_id, # type: str + filter=None, # type: Optional[str] + orderby=None, # type: Optional[str] + top=None, # type: Optional[int] + skip_token=None, # type: Optional[str] + **kwargs # type: Any + ): + # type: (...) -> Iterable["models.IncidentCommentList"] + """Gets all incident comments. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. + :type filter: str + :param orderby: Sorts the results. Optional. + :type orderby: str + :param top: Returns only the first n results. Optional. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either IncidentCommentList or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.IncidentCommentList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentCommentList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list_by_incident.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + if orderby is not None: + query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str') + if top is not None: + query_parameters['$top'] = self._serialize.query("top", top, 'int') + if skip_token is not None: + query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('IncidentCommentList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list_by_incident.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments'} # type: ignore + + def get( + self, + resource_group_name, # type: str + workspace_name, # type: str + incident_id, # type: str + incident_comment_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.IncidentComment" + """Gets an incident comment. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :param incident_comment_id: Incident comment ID. + :type incident_comment_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: IncidentComment, or the result of cls(response) + :rtype: ~security_insights.models.IncidentComment + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentComment"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + 'incidentCommentId': self._serialize.url("incident_comment_id", incident_comment_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('IncidentComment', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}'} # type: ignore + + def create_comment( + self, + resource_group_name, # type: str + workspace_name, # type: str + incident_id, # type: str + incident_comment_id, # type: str + message=None, # type: Optional[str] + **kwargs # type: Any + ): + # type: (...) -> "models.IncidentComment" + """Creates the incident comment. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :param incident_comment_id: Incident comment ID. + :type incident_comment_id: str + :param message: The comment message. + :type message: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: IncidentComment, or the result of cls(response) + :rtype: ~security_insights.models.IncidentComment + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentComment"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + + incident_comment = models.IncidentComment(message=message) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_comment.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + 'incidentCommentId': self._serialize.url("incident_comment_id", incident_comment_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(incident_comment, 'IncidentComment') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('IncidentComment', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_comment.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py new file mode 100644 index 00000000000..0a2071ac198 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py @@ -0,0 +1,381 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +import datetime +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Iterable, List, Optional, TypeVar, Union + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class IncidentOperations(object): + """IncidentOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name, # type: str + workspace_name, # type: str + filter=None, # type: Optional[str] + orderby=None, # type: Optional[str] + top=None, # type: Optional[int] + skip_token=None, # type: Optional[str] + **kwargs # type: Any + ): + # type: (...) -> Iterable["models.IncidentList"] + """Gets all incidents. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. + :type filter: str + :param orderby: Sorts the results. Optional. + :type orderby: str + :param top: Returns only the first n results. Optional. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either IncidentList or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.IncidentList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + if orderby is not None: + query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str') + if top is not None: + query_parameters['$top'] = self._serialize.query("top", top, 'int') + if skip_token is not None: + query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('IncidentList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents'} # type: ignore + + def get( + self, + resource_group_name, # type: str + workspace_name, # type: str + incident_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.Incident" + """Gets an incident. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Incident, or the result of cls(response) + :rtype: ~security_insights.models.Incident + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.Incident"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('Incident', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore + + def create_or_update( + self, + resource_group_name, # type: str + workspace_name, # type: str + incident_id, # type: str + etag=None, # type: Optional[str] + classification=None, # type: Optional[Union[str, "models.IncidentClassification"]] + classification_comment=None, # type: Optional[str] + classification_reason=None, # type: Optional[Union[str, "models.IncidentClassificationReason"]] + description=None, # type: Optional[str] + first_activity_time_utc=None, # type: Optional[datetime.datetime] + labels=None, # type: Optional[List["models.IncidentLabel"]] + last_activity_time_utc=None, # type: Optional[datetime.datetime] + owner=None, # type: Optional["models.IncidentOwnerInfo"] + severity=None, # type: Optional[Union[str, "models.IncidentSeverity"]] + status=None, # type: Optional[Union[str, "models.IncidentStatus"]] + title=None, # type: Optional[str] + **kwargs # type: Any + ): + # type: (...) -> "models.Incident" + """Creates or updates the incident. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :param etag: Etag of the azure resource. + :type etag: str + :param classification: The reason the incident was closed. + :type classification: str or ~security_insights.models.IncidentClassification + :param classification_comment: Describes the reason the incident was closed. + :type classification_comment: str + :param classification_reason: The classification reason the incident was closed with. + :type classification_reason: str or ~security_insights.models.IncidentClassificationReason + :param description: The description of the incident. + :type description: str + :param first_activity_time_utc: The time of the first activity in the incident. + :type first_activity_time_utc: ~datetime.datetime + :param labels: List of labels relevant to this incident. + :type labels: list[~security_insights.models.IncidentLabel] + :param last_activity_time_utc: The time of the last activity in the incident. + :type last_activity_time_utc: ~datetime.datetime + :param owner: Describes a user that the incident is assigned to. + :type owner: ~security_insights.models.IncidentOwnerInfo + :param severity: The severity of the incident. + :type severity: str or ~security_insights.models.IncidentSeverity + :param status: The status of the incident. + :type status: str or ~security_insights.models.IncidentStatus + :param title: The title of the incident. + :type title: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Incident, or the result of cls(response) + :rtype: ~security_insights.models.Incident + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.Incident"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + + incident = models.Incident(etag=etag, classification=classification, classification_comment=classification_comment, classification_reason=classification_reason, description=description, first_activity_time_utc=first_activity_time_utc, labels=labels, last_activity_time_utc=last_activity_time_utc, owner=owner, severity=severity, status=status, title=title) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(incident, 'Incident') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('Incident', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('Incident', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore + + def delete( + self, + resource_group_name, # type: str + workspace_name, # type: str + incident_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + """Delete the incident. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param incident_id: Incident ID. + :type incident_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'incidentId': self._serialize.url("incident_id", incident_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py new file mode 100644 index 00000000000..b1d3c09bbf3 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py @@ -0,0 +1,109 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class OperationOperations(object): + """OperationOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + **kwargs # type: Any + ): + # type: (...) -> Iterable["models.OperationsList"] + """Lists all operations available Azure Security Insights Resource Provider. + + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either OperationsList or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.OperationsList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.OperationsList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('OperationsList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/providers/Microsoft.SecurityInsights/operations'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/py.typed b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/py.typed new file mode 100644 index 00000000000..e5aff4f83af --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/py.typed @@ -0,0 +1 @@ +# Marker file for PEP 561. \ No newline at end of file diff --git a/src/securityinsight/report.md b/src/securityinsight/report.md new file mode 100644 index 00000000000..d2f533d3f36 --- /dev/null +++ b/src/securityinsight/report.md @@ -0,0 +1,610 @@ +# Azure CLI Module Creation Report + +## EXTENSION +|CLI Extension|Command Groups| +|---------|------------| +|az sentinel|[groups](#CommandGroups) + +## GROUPS +### Command groups in `az sentinel` extension +|CLI Command Group|Group Swagger name|Commands| +|---------|------------|--------| +|az sentinel alert-rule|AlertRules|[commands](#CommandsInAlertRules)| +|az sentinel action|Actions|[commands](#CommandsInActions)| +|az sentinel alert-rule-template|AlertRuleTemplates|[commands](#CommandsInAlertRuleTemplates)| +|az sentinel bookmark|Bookmarks|[commands](#CommandsInBookmarks)| +|az sentinel data-connector|DataConnectors|[commands](#CommandsInDataConnectors)| +|az sentinel incident|Incidents|[commands](#CommandsInIncidents)| +|az sentinel incident-comment|IncidentComments|[commands](#CommandsInIncidentComments)| + +## COMMANDS +### Commands in `az sentinel action` group +|CLI Command|Operation Swagger name|Parameters|Examples| +|---------|------------|--------|-----------| +|[az sentinel action list](#ActionsListByAlertRule)|ListByAlertRule|[Parameters](#ParametersActionsListByAlertRule)|[Example](#ExamplesActionsListByAlertRule)| + +### Commands in `az sentinel alert-rule` group +|CLI Command|Operation Swagger name|Parameters|Examples| +|---------|------------|--------|-----------| +|[az sentinel alert-rule list](#AlertRulesList)|List|[Parameters](#ParametersAlertRulesList)|[Example](#ExamplesAlertRulesList)| +|[az sentinel alert-rule show](#AlertRulesGet)|Get|[Parameters](#ParametersAlertRulesGet)|[Example](#ExamplesAlertRulesGet)| +|[az sentinel alert-rule create](#AlertRulesCreateOrUpdateAction)|CreateOrUpdateAction|[Parameters](#ParametersAlertRulesCreateOrUpdateAction)|[Example](#ExamplesAlertRulesCreateOrUpdateAction)| +|[az sentinel alert-rule create](#AlertRulesCreateOrUpdate#Create)|CreateOrUpdate#Create|[Parameters](#ParametersAlertRulesCreateOrUpdate#Create)|[Example](#ExamplesAlertRulesCreateOrUpdate#Create)| +|[az sentinel alert-rule update](#AlertRulesCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersAlertRulesCreateOrUpdate#Update)|Not Found| +|[az sentinel alert-rule delete](#AlertRulesDeleteAction)|DeleteAction|[Parameters](#ParametersAlertRulesDeleteAction)|[Example](#ExamplesAlertRulesDeleteAction)| +|[az sentinel alert-rule delete](#AlertRulesDelete)|Delete|[Parameters](#ParametersAlertRulesDelete)|[Example](#ExamplesAlertRulesDelete)| +|[az sentinel alert-rule get-action](#AlertRulesGetAction)|GetAction|[Parameters](#ParametersAlertRulesGetAction)|[Example](#ExamplesAlertRulesGetAction)| + +### Commands in `az sentinel alert-rule-template` group +|CLI Command|Operation Swagger name|Parameters|Examples| +|---------|------------|--------|-----------| +|[az sentinel alert-rule-template list](#AlertRuleTemplatesList)|List|[Parameters](#ParametersAlertRuleTemplatesList)|[Example](#ExamplesAlertRuleTemplatesList)| +|[az sentinel alert-rule-template show](#AlertRuleTemplatesGet)|Get|[Parameters](#ParametersAlertRuleTemplatesGet)|[Example](#ExamplesAlertRuleTemplatesGet)| + +### Commands in `az sentinel bookmark` group +|CLI Command|Operation Swagger name|Parameters|Examples| +|---------|------------|--------|-----------| +|[az sentinel bookmark list](#BookmarksList)|List|[Parameters](#ParametersBookmarksList)|[Example](#ExamplesBookmarksList)| +|[az sentinel bookmark show](#BookmarksGet)|Get|[Parameters](#ParametersBookmarksGet)|[Example](#ExamplesBookmarksGet)| +|[az sentinel bookmark create](#BookmarksCreateOrUpdate#Create)|CreateOrUpdate#Create|[Parameters](#ParametersBookmarksCreateOrUpdate#Create)|[Example](#ExamplesBookmarksCreateOrUpdate#Create)| +|[az sentinel bookmark update](#BookmarksCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersBookmarksCreateOrUpdate#Update)|Not Found| +|[az sentinel bookmark delete](#BookmarksDelete)|Delete|[Parameters](#ParametersBookmarksDelete)|[Example](#ExamplesBookmarksDelete)| + +### Commands in `az sentinel data-connector` group +|CLI Command|Operation Swagger name|Parameters|Examples| +|---------|------------|--------|-----------| +|[az sentinel data-connector list](#DataConnectorsList)|List|[Parameters](#ParametersDataConnectorsList)|[Example](#ExamplesDataConnectorsList)| +|[az sentinel data-connector show](#DataConnectorsGet)|Get|[Parameters](#ParametersDataConnectorsGet)|[Example](#ExamplesDataConnectorsGet)| +|[az sentinel data-connector create](#DataConnectorsCreateOrUpdate#Create)|CreateOrUpdate#Create|[Parameters](#ParametersDataConnectorsCreateOrUpdate#Create)|[Example](#ExamplesDataConnectorsCreateOrUpdate#Create)| +|[az sentinel data-connector update](#DataConnectorsCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersDataConnectorsCreateOrUpdate#Update)|Not Found| +|[az sentinel data-connector delete](#DataConnectorsDelete)|Delete|[Parameters](#ParametersDataConnectorsDelete)|[Example](#ExamplesDataConnectorsDelete)| + +### Commands in `az sentinel incident` group +|CLI Command|Operation Swagger name|Parameters|Examples| +|---------|------------|--------|-----------| +|[az sentinel incident list](#IncidentsList)|List|[Parameters](#ParametersIncidentsList)|[Example](#ExamplesIncidentsList)| +|[az sentinel incident show](#IncidentsGet)|Get|[Parameters](#ParametersIncidentsGet)|[Example](#ExamplesIncidentsGet)| +|[az sentinel incident create](#IncidentsCreateOrUpdate#Create)|CreateOrUpdate#Create|[Parameters](#ParametersIncidentsCreateOrUpdate#Create)|[Example](#ExamplesIncidentsCreateOrUpdate#Create)| +|[az sentinel incident update](#IncidentsCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersIncidentsCreateOrUpdate#Update)|Not Found| +|[az sentinel incident delete](#IncidentsDelete)|Delete|[Parameters](#ParametersIncidentsDelete)|[Example](#ExamplesIncidentsDelete)| + +### Commands in `az sentinel incident-comment` group +|CLI Command|Operation Swagger name|Parameters|Examples| +|---------|------------|--------|-----------| +|[az sentinel incident-comment list](#IncidentCommentsListByIncident)|ListByIncident|[Parameters](#ParametersIncidentCommentsListByIncident)|[Example](#ExamplesIncidentCommentsListByIncident)| +|[az sentinel incident-comment show](#IncidentCommentsGet)|Get|[Parameters](#ParametersIncidentCommentsGet)|[Example](#ExamplesIncidentCommentsGet)| +|[az sentinel incident-comment create](#IncidentCommentsCreateComment)|CreateComment|[Parameters](#ParametersIncidentCommentsCreateComment)|[Example](#ExamplesIncidentCommentsCreateComment)| + + +## COMMAND DETAILS + +### group `az sentinel action` +#### Command `az sentinel action list` + +##### Example +``` +az sentinel action list --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name \ +"myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| + +### group `az sentinel alert-rule` +#### Command `az sentinel alert-rule list` + +##### Example +``` +az sentinel alert-rule list --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| + +#### Command `az sentinel alert-rule show` + +##### Example +``` +az sentinel alert-rule show --resource-group "myRg" --rule-id "myFirstFusionRule" --workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel alert-rule show --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" \ +--workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel alert-rule show --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name \ +"myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| + +#### Command `az sentinel alert-rule create` + +##### Example +``` +az sentinel alert-rule create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --logic-app-resource-id \ +"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" \ +--trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/m\ +anual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" --action-id \ +"912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| +|**--action-id**|string|Action ID|action_id|actionId| +|**--etag**|string|Etag of the azure resource|etag|etag| +|**--logic-app-resource-id**|string|Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.|logic_app_resource_id|logicAppResourceId| +|**--trigger-uri**|string|Logic App Callback URL for this specific workflow.|trigger_uri|triggerUri| + +#### Command `az sentinel alert-rule create` + +##### Example +``` +az sentinel alert-rule create --fusion-alert-rule etag="3d00c3ca-0000-0100-0000-5d42d5010000" \ +alert-rule-template-name="f71aba3d-28fb-450b-b192-4e76a83015c8" enabled=true --resource-group "myRg" --rule-id \ +"myFirstFusionRule" --workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel alert-rule create --microsoft-security-incident-creation-alert-rule etag="\\"260097e0-0000-0d00-0000-5d6fa8\ +8f0000\\"" product-filter="Microsoft Cloud App Security" display-name="testing displayname" enabled=true \ +--resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" --workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel alert-rule create --scheduled-alert-rule etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ +query="ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden" \ +query-frequency="PT1H" query-period="P2DT1H30M" severity="High" trigger-operator="GreaterThan" trigger-threshold=0 \ +description="" display-name="Rule2" enabled=true suppression-duration="PT1H" suppression-enabled=false \ +tactics="Persistence" tactics="LateralMovement" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5\ +" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--fusion-alert-rule**|object|Represents Fusion alert rule.|fusion_alert_rule|FusionAlertRule| +|**--microsoft-security-incident-creation-alert-rule**|object|Represents MicrosoftSecurityIncidentCreation rule.|microsoft_security_incident_creation_alert_rule|MicrosoftSecurityIncidentCreationAlertRule| +|**--scheduled-alert-rule**|object|Represents scheduled alert rule.|scheduled_alert_rule|ScheduledAlertRule| + +#### Command `az sentinel alert-rule update` + +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| +|**--fusion-alert-rule**|object|Represents Fusion alert rule.|fusion_alert_rule|FusionAlertRule| +|**--microsoft-security-incident-creation-alert-rule**|object|Represents MicrosoftSecurityIncidentCreation rule.|microsoft_security_incident_creation_alert_rule|MicrosoftSecurityIncidentCreationAlertRule| +|**--scheduled-alert-rule**|object|Represents scheduled alert rule.|scheduled_alert_rule|ScheduledAlertRule| + +#### Command `az sentinel alert-rule delete` + +##### Example +``` +az sentinel alert-rule delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id \ +"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| +|**--action-id**|string|Action ID|action_id|actionId| + +#### Command `az sentinel alert-rule delete` + +##### Example +``` +az sentinel alert-rule delete --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +#### Command `az sentinel alert-rule get-action` + +##### Example +``` +az sentinel alert-rule get-action --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id \ +"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| +|**--action-id**|string|Action ID|action_id|actionId| + +### group `az sentinel alert-rule-template` +#### Command `az sentinel alert-rule-template list` + +##### Example +``` +az sentinel alert-rule-template list --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| + +#### Command `az sentinel alert-rule-template show` + +##### Example +``` +az sentinel alert-rule-template show --alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" --resource-group \ +"myRg" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--alert-rule-template-id**|string|Alert rule template ID|alert_rule_template_id|alertRuleTemplateId| + +### group `az sentinel bookmark` +#### Command `az sentinel bookmark list` + +##### Example +``` +az sentinel bookmark list --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| + +#### Command `az sentinel bookmark show` + +##### Example +``` +az sentinel bookmark show --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--bookmark-id**|string|Bookmark ID|bookmark_id|bookmarkId| + +#### Command `az sentinel bookmark create` + +##### Example +``` +az sentinel bookmark create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --created "2019-01-01T13:15:30Z" \ +--display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious activity" --query \ +"SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" --query-result "Security Event query \ +result" --updated "2019-01-01T13:15:30Z" --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--bookmark-id**|string|Bookmark ID|bookmark_id|bookmarkId| +|**--etag**|string|Etag of the azure resource|etag|etag| +|**--created**|date-time|The time the bookmark was created|created|created| +|**--display-name**|string|The display name of the bookmark|display_name|displayName| +|**--labels**|array|List of labels relevant to this bookmark|labels|labels| +|**--notes**|string|The notes of the bookmark|notes|notes| +|**--query**|string|The query of the bookmark.|query|query| +|**--query-result**|string|The query result of the bookmark.|query_result|queryResult| +|**--updated**|date-time|The last time the bookmark was updated|updated|updated| +|**--incident-info**|object|Describes an incident that relates to bookmark|incident_info|incidentInfo| +|**--updated-by-object-id**|uuid|The object id of the user.|object_id|objectId| + +#### Command `az sentinel bookmark update` + +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--bookmark-id**|string|Bookmark ID|bookmark_id|bookmarkId| +|**--etag**|string|Etag of the azure resource|etag|etag| +|**--created**|date-time|The time the bookmark was created|created|created| +|**--display-name**|string|The display name of the bookmark|display_name|displayName| +|**--labels**|array|List of labels relevant to this bookmark|labels|labels| +|**--notes**|string|The notes of the bookmark|notes|notes| +|**--query**|string|The query of the bookmark.|query|query| +|**--query-result**|string|The query result of the bookmark.|query_result|queryResult| +|**--updated**|date-time|The last time the bookmark was updated|updated|updated| +|**--incident-info**|object|Describes an incident that relates to bookmark|incident_info|incidentInfo| +|**--updated-by-object-id**|uuid|The object id of the user.|object_id|objectId| + +#### Command `az sentinel bookmark delete` + +##### Example +``` +az sentinel bookmark delete --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--bookmark-id**|string|Bookmark ID|bookmark_id|bookmarkId| + +### group `az sentinel data-connector` +#### Command `az sentinel data-connector list` + +##### Example +``` +az sentinel data-connector list --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| + +#### Command `az sentinel data-connector show` + +##### Example +``` +az sentinel data-connector show --data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel data-connector show --data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel data-connector show --data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel data-connector show --data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel data-connector show --data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--data-connector-id**|string|Connector ID|data_connector_id|dataConnectorId| + +#### Command `az sentinel data-connector create` + +##### Example +``` +az sentinel data-connector create --office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ +tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--data-connector-id**|string|Connector ID|data_connector_id|dataConnectorId| +|**--aad-data-connector**|object|Represents AAD (Azure Active Directory) data connector.|aad_data_connector|AADDataConnector| +|**--aatp-data-connector**|object|Represents AATP (Azure Advanced Threat Protection) data connector.|aatp_data_connector|AATPDataConnector| +|**--asc-data-connector**|object|Represents ASC (Azure Security Center) data connector.|asc_data_connector|ASCDataConnector| +|**--aws-cloud-trail-data-connector**|object|Represents Amazon Web Services CloudTrail data connector.|aws_cloud_trail_data_connector|AwsCloudTrailDataConnector| +|**--mcas-data-connector**|object|Represents MCAS (Microsoft Cloud App Security) data connector.|mcas_data_connector|MCASDataConnector| +|**--mdatp-data-connector**|object|Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.|mdatp_data_connector|MDATPDataConnector| +|**--office-data-connector**|object|Represents office data connector.|office_data_connector|OfficeDataConnector| +|**--ti-data-connector**|object|Represents threat intelligence data connector.|ti_data_connector|TIDataConnector| + +#### Command `az sentinel data-connector update` + +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--data-connector-id**|string|Connector ID|data_connector_id|dataConnectorId| +|**--aad-data-connector**|object|Represents AAD (Azure Active Directory) data connector.|aad_data_connector|AADDataConnector| +|**--aatp-data-connector**|object|Represents AATP (Azure Advanced Threat Protection) data connector.|aatp_data_connector|AATPDataConnector| +|**--asc-data-connector**|object|Represents ASC (Azure Security Center) data connector.|asc_data_connector|ASCDataConnector| +|**--aws-cloud-trail-data-connector**|object|Represents Amazon Web Services CloudTrail data connector.|aws_cloud_trail_data_connector|AwsCloudTrailDataConnector| +|**--mcas-data-connector**|object|Represents MCAS (Microsoft Cloud App Security) data connector.|mcas_data_connector|MCASDataConnector| +|**--mdatp-data-connector**|object|Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.|mdatp_data_connector|MDATPDataConnector| +|**--office-data-connector**|object|Represents office data connector.|office_data_connector|OfficeDataConnector| +|**--ti-data-connector**|object|Represents threat intelligence data connector.|ti_data_connector|TIDataConnector| + +#### Command `az sentinel data-connector delete` + +##### Example +``` +az sentinel data-connector delete --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--data-connector-id**|string|Connector ID|data_connector_id|dataConnectorId| + +### group `az sentinel incident` +#### Command `az sentinel incident list` + +##### Example +``` +az sentinel incident list --orderby "properties/createdTimeUtc desc" --top 1 --resource-group "myRg" --workspace-name \ +"myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--filter**|string|Filters the results, based on a Boolean condition. Optional.|filter|$filter| +|**--orderby**|string|Sorts the results. Optional.|orderby|$orderby| +|**--top**|integer|Returns only the first n results. Optional.|top|$top| +|**--skip-token**|string|Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.|skip_token|$skipToken| + +#### Command `az sentinel incident show` + +##### Example +``` +az sentinel incident show --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--incident-id**|string|Incident ID|incident_id|incidentId| + +#### Command `az sentinel incident create` + +##### Example +``` +az sentinel incident create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --description "This is a demo \ +incident" --classification "FalsePositive" --classification-comment "Not a malicious activity" --classification-reason \ +"IncorrectAlertLogic" --first-activity-time-utc "2019-01-01T13:00:30Z" --last-activity-time-utc "2019-01-01T13:05:30Z" \ +--owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" --severity "High" --status "Closed" --title "My incident" \ +--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--incident-id**|string|Incident ID|incident_id|incidentId| +|**--etag**|string|Etag of the azure resource|etag|etag| +|**--classification**|choice|The reason the incident was closed|classification|classification| +|**--classification-comment**|string|Describes the reason the incident was closed|classification_comment|classificationComment| +|**--classification-reason**|choice|The classification reason the incident was closed with|classification_reason|classificationReason| +|**--description**|string|The description of the incident|description|description| +|**--first-activity-time-utc**|date-time|The time of the first activity in the incident|first_activity_time_utc|firstActivityTimeUtc| +|**--labels**|array|List of labels relevant to this incident|labels|labels| +|**--last-activity-time-utc**|date-time|The time of the last activity in the incident|last_activity_time_utc|lastActivityTimeUtc| +|**--owner**|object|Describes a user that the incident is assigned to|owner|owner| +|**--severity**|choice|The severity of the incident|severity|severity| +|**--status**|choice|The status of the incident|status|status| +|**--title**|string|The title of the incident|title|title| + +#### Command `az sentinel incident update` + +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--incident-id**|string|Incident ID|incident_id|incidentId| +|**--etag**|string|Etag of the azure resource|etag|etag| +|**--classification**|choice|The reason the incident was closed|classification|classification| +|**--classification-comment**|string|Describes the reason the incident was closed|classification_comment|classificationComment| +|**--classification-reason**|choice|The classification reason the incident was closed with|classification_reason|classificationReason| +|**--description**|string|The description of the incident|description|description| +|**--first-activity-time-utc**|date-time|The time of the first activity in the incident|first_activity_time_utc|firstActivityTimeUtc| +|**--labels**|array|List of labels relevant to this incident|labels|labels| +|**--last-activity-time-utc**|date-time|The time of the last activity in the incident|last_activity_time_utc|lastActivityTimeUtc| +|**--owner**|object|Describes a user that the incident is assigned to|owner|owner| +|**--severity**|choice|The severity of the incident|severity|severity| +|**--status**|choice|The status of the incident|status|status| +|**--title**|string|The title of the incident|title|title| + +#### Command `az sentinel incident delete` + +##### Example +``` +az sentinel incident delete --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--incident-id**|string|Incident ID|incident_id|incidentId| + +### group `az sentinel incident-comment` +#### Command `az sentinel incident-comment list` + +##### Example +``` +az sentinel incident-comment list --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--incident-id**|string|Incident ID|incident_id|incidentId| +|**--filter**|string|Filters the results, based on a Boolean condition. Optional.|filter|$filter| +|**--orderby**|string|Sorts the results. Optional.|orderby|$orderby| +|**--top**|integer|Returns only the first n results. Optional.|top|$top| +|**--skip-token**|string|Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.|skip_token|$skipToken| + +#### Command `az sentinel incident-comment show` + +##### Example +``` +az sentinel incident-comment show --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id \ +"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--incident-id**|string|Incident ID|incident_id|incidentId| +|**--incident-comment-id**|string|Incident comment ID|incident_comment_id|incidentCommentId| + +#### Command `az sentinel incident-comment create` + +##### Example +``` +az sentinel incident-comment create --message "Some message" --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da001\ +4" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--incident-id**|string|Incident ID|incident_id|incidentId| +|**--incident-comment-id**|string|Incident comment ID|incident_comment_id|incidentCommentId| +|**--message**|string|The comment message|message|message| diff --git a/src/securityinsight/setup.cfg b/src/securityinsight/setup.cfg new file mode 100644 index 00000000000..2fdd96e5d39 --- /dev/null +++ b/src/securityinsight/setup.cfg @@ -0,0 +1 @@ +#setup.cfg \ No newline at end of file diff --git a/src/securityinsight/setup.py b/src/securityinsight/setup.py new file mode 100644 index 00000000000..ee9e18c7003 --- /dev/null +++ b/src/securityinsight/setup.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python + +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + + +from codecs import open +from setuptools import setup, find_packages + +# HISTORY.rst entry. +VERSION = '0.1.0' +try: + from azext_sentinel.manual.version import VERSION +except ImportError: + pass + +# The full list of classifiers is available at +# https://pypi.python.org/pypi?%3Aaction=list_classifiers +CLASSIFIERS = [ + 'Development Status :: 4 - Beta', + 'Intended Audience :: Developers', + 'Intended Audience :: System Administrators', + 'Programming Language :: Python', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.6', + 'Programming Language :: Python :: 3.7', + 'Programming Language :: Python :: 3.8', + 'License :: OSI Approved :: MIT License', +] + +DEPENDENCIES = [] + +try: + from azext_sentinel.manual.dependency import DEPENDENCIES +except ImportError: + pass + +with open('README.md', 'r', encoding='utf-8') as f: + README = f.read() +with open('HISTORY.rst', 'r', encoding='utf-8') as f: + HISTORY = f.read() + +setup( + name='sentinel', + version=VERSION, + description='Microsoft Azure Command-Line Tools SecurityInsights Extension', + author='Microsoft Corporation', + author_email='azpycli@microsoft.com', + url='https://github.com/Azure/azure-cli-extensions/tree/master/src/sentinel', + long_description=README + '\n\n' + HISTORY, + license='MIT', + classifiers=CLASSIFIERS, + packages=find_packages(), + install_requires=DEPENDENCIES, + package_data={'azext_sentinel': ['azext_metadata.json']}, +)