diff --git a/src/securityinsight/HISTORY.rst b/src/securityinsight/HISTORY.rst new file mode 100644 index 00000000000..27f152061e8 --- /dev/null +++ b/src/securityinsight/HISTORY.rst @@ -0,0 +1,8 @@ +.. :changelog: + +Release History +=============== + +0.1.0 +++++++ +* Initial release. diff --git a/src/securityinsight/README.md b/src/securityinsight/README.md new file mode 100644 index 00000000000..e8a96719d21 --- /dev/null +++ b/src/securityinsight/README.md @@ -0,0 +1,5 @@ +Microsoft Azure CLI 'sentinel' Extension +========================================== + +This package is for the 'sentinel' extension. +i.e. 'az sentinel' diff --git a/src/securityinsight/azext_sentinel/__init__.py b/src/securityinsight/azext_sentinel/__init__.py new file mode 100644 index 00000000000..ff36aeb8c75 --- /dev/null +++ b/src/securityinsight/azext_sentinel/__init__.py @@ -0,0 +1,46 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.cli.core import AzCommandsLoader +from azext_sentinel.generated._help import helps # pylint: disable=unused-import + + +class SecurityInsightsCommandsLoader(AzCommandsLoader): + + def __init__(self, cli_ctx=None): + from azure.cli.core.commands import CliCommandType + from azext_sentinel.generated._client_factory import cf_sentinel + sentinel_custom = CliCommandType( + operations_tmpl='azext_sentinel.custom#{}', + client_factory=cf_sentinel) + super(SecurityInsightsCommandsLoader, self).__init__(cli_ctx=cli_ctx, + custom_command_type=sentinel_custom) + + def load_command_table(self, args): + from azext_sentinel.generated.commands import load_command_table + load_command_table(self, args) + try: + from azext_sentinel.manual.commands import load_command_table as load_command_table_manual + load_command_table_manual(self, args) + except ImportError: + pass + return self.command_table + + def load_arguments(self, command): + from azext_sentinel.generated._params import load_arguments + load_arguments(self, command) + try: + from azext_sentinel.manual._params import load_arguments as load_arguments_manual + load_arguments_manual(self, command) + except ImportError: + pass + + +COMMAND_LOADER_CLS = SecurityInsightsCommandsLoader diff --git a/src/securityinsight/azext_sentinel/action.py b/src/securityinsight/azext_sentinel/action.py new file mode 100644 index 00000000000..a846b2766c4 --- /dev/null +++ b/src/securityinsight/azext_sentinel/action.py @@ -0,0 +1,17 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=wildcard-import +# pylint: disable=unused-wildcard-import + +from .generated.action import * # noqa: F403 +try: + from .manual.action import * # noqa: F403 +except ImportError: + pass diff --git a/src/securityinsight/azext_sentinel/azext_metadata.json b/src/securityinsight/azext_sentinel/azext_metadata.json new file mode 100644 index 00000000000..7b56fb1e11a --- /dev/null +++ b/src/securityinsight/azext_sentinel/azext_metadata.json @@ -0,0 +1,4 @@ +{ + "azext.isExperimental": true, + "azext.minCliCoreVersion": "2.3.1" +} \ No newline at end of file diff --git a/src/securityinsight/azext_sentinel/custom.py b/src/securityinsight/azext_sentinel/custom.py new file mode 100644 index 00000000000..7f31674ce96 --- /dev/null +++ b/src/securityinsight/azext_sentinel/custom.py @@ -0,0 +1,17 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=wildcard-import +# pylint: disable=unused-wildcard-import + +from .generated.custom import * # noqa: F403 +try: + from .manual.custom import * # noqa: F403 +except ImportError: + pass diff --git a/src/securityinsight/azext_sentinel/generated/__init__.py b/src/securityinsight/azext_sentinel/generated/__init__.py new file mode 100644 index 00000000000..ee0c4f36bd0 --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/__init__.py @@ -0,0 +1,12 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +__path__ = __import__('pkgutil').extend_path(__path__, __name__) diff --git a/src/securityinsight/azext_sentinel/generated/_client_factory.py b/src/securityinsight/azext_sentinel/generated/_client_factory.py new file mode 100644 index 00000000000..f14bb112f38 --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/_client_factory.py @@ -0,0 +1,27 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + + +def cf_sentinel(cli_ctx, *_): + from azure.cli.core.commands.client_factory import get_mgmt_service_client + from ..vendored_sdks.securityinsight import SecurityInsights + return get_mgmt_service_client(cli_ctx, SecurityInsights) + + +def cf_alert_rule(cli_ctx, *_): + return cf_sentinel(cli_ctx).alert_rule + + +def cf_action(cli_ctx, *_): + return cf_sentinel(cli_ctx).action + + +def cf_data_connector(cli_ctx, *_): + return cf_sentinel(cli_ctx).data_connector diff --git a/src/securityinsight/azext_sentinel/generated/_help.py b/src/securityinsight/azext_sentinel/generated/_help.py new file mode 100644 index 00000000000..13b0bc18dd8 --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/_help.py @@ -0,0 +1,158 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=too-many-lines + +from knack.help_files import helps + + +helps['sentinel alert-rule'] = """ + type: group + short-summary: sentinel alert-rule +""" + +helps['sentinel alert-rule list'] = """ + type: command + short-summary: Gets all alert rules. + examples: + - name: Get all alert rules. + text: |- + az sentinel alert-rule list --resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel alert-rule show'] = """ + type: command + short-summary: Gets the alert rule. + examples: + - name: Get an action of alert rule. + text: |- + az sentinel alert-rule show --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" -\ +-rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +""" + +helps['sentinel alert-rule create'] = """ + type: command + short-summary: Creates or updates the alert rule. + examples: + - name: Creates or updates an action of alert rule. + text: |- + az sentinel alert-rule create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --logic-app-resource-i\ +d "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts\ +" --trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers\ +/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" --action-id "912bec42-c\ +b66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "\ +myWorkspace" +""" + +helps['sentinel alert-rule delete'] = """ + type: command + short-summary: Delete the alert rule. + examples: + - name: Delete an action of alert rule. + text: |- + az sentinel alert-rule delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg"\ + --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +""" + +helps['sentinel action'] = """ + type: group + short-summary: sentinel action +""" + +helps['sentinel action list'] = """ + type: command + short-summary: Gets all actions of alert rule. + examples: + - name: Get all actions of alert rule. + text: |- + az sentinel action list --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --works\ +pace-name "myWorkspace" +""" + +helps['sentinel data-connector'] = """ + type: group + short-summary: sentinel data-connector +""" + +helps['sentinel data-connector list'] = """ + type: command + short-summary: Gets all data connectors. + examples: + - name: Get all data connectors. + text: |- + az sentinel data-connector list --resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel data-connector show'] = """ + type: command + short-summary: Gets a data connector. + examples: + - name: Get a ASC data connector. + text: |- + az sentinel data-connector show --data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" --resource-gr\ +oup "myRg" --workspace-name "myWorkspace" + - name: Get a MCAS data connector. + text: |- + az sentinel data-connector show --data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" --resource-gr\ +oup "myRg" --workspace-name "myWorkspace" + - name: Get a MDATP data connector + text: |- + az sentinel data-connector show --data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" --resource-gr\ +oup "myRg" --workspace-name "myWorkspace" + - name: Get a TI data connector. + text: |- + az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-gr\ +oup "myRg" --workspace-name "myWorkspace" + - name: Get an AAD data connector. + text: |- + az sentinel data-connector show --data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" --resource-gr\ +oup "myRg" --workspace-name "myWorkspace" + - name: Get an AATP data connector. + text: |- + az sentinel data-connector show --data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" --resource-gr\ +oup "myRg" --workspace-name "myWorkspace" + - name: Get an AwsCloudTrail data connector. + text: |- + az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-gr\ +oup "myRg" --workspace-name "myWorkspace" + - name: Get an Office365 data connector. + text: |- + az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-gr\ +oup "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel data-connector create'] = """ + type: command + short-summary: Creates or updates the data connector. + examples: + - name: Creates or updates an Office365 data connector. + text: |- + az sentinel data-connector create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --kind "Office365"\ + --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel data-connector update'] = """ + type: command + short-summary: Creates or updates the data connector. + examples: + - name: Creates or updates an Office365 data connector. + text: |- + az sentinel data-connector update --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --kind "Office365"\ + --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +""" + +helps['sentinel data-connector delete'] = """ + type: command + short-summary: Delete the data connector. + examples: + - name: Delete an Office365 data connector. + text: |- + az sentinel data-connector delete --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-\ +group "myRg" --workspace-name "myWorkspace" +""" diff --git a/src/securityinsight/azext_sentinel/generated/_params.py b/src/securityinsight/azext_sentinel/generated/_params.py new file mode 100644 index 00000000000..3bd140af725 --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/_params.py @@ -0,0 +1,85 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=too-many-lines +# pylint: disable=too-many-statements + +from knack.arguments import CLIArgumentType +from azure.cli.core.commands.parameters import ( + get_enum_type, + resource_group_name_type +) + + +def load_arguments(self, _): + + with self.argument_context('sentinel alert-rule list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', help='The name of the workspace.') + + with self.argument_context('sentinel alert-rule show') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', help='The name of the workspace.') + c.argument('rule_id', help='Alert rule ID') + c.argument('action_id', help='Action ID') + + with self.argument_context('sentinel alert-rule create') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', help='The name of the workspace.') + c.argument('rule_id', help='Alert rule ID') + c.argument('action_id', help='Action ID') + c.argument('etag', help='Etag of the azure resource') + c.argument('logic_app_resource_id', help='Logic App Resource Id, providers/Microsoft.Logic/workflows/{WorkflowI' + 'D}.') + c.argument('trigger_uri', help='Logic App Callback URL for this specific workflow.') + c.argument('kind', arg_type=get_enum_type(['Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion']), help= + 'The kind of the alert rule') + + with self.argument_context('sentinel alert-rule delete') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', help='The name of the workspace.') + c.argument('rule_id', help='Alert rule ID') + c.argument('action_id', help='Action ID') + + with self.argument_context('sentinel action list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', help='The name of the workspace.') + c.argument('rule_id', help='Alert rule ID') + + with self.argument_context('sentinel data-connector list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', help='The name of the workspace.') + + with self.argument_context('sentinel data-connector show') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', help='The name of the workspace.') + c.argument('data_connector_id', help='Connector ID') + + with self.argument_context('sentinel data-connector create') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', help='The name of the workspace.') + c.argument('data_connector_id', help='Connector ID') + c.argument('etag', help='Etag of the azure resource') + c.argument('kind', arg_type=get_enum_type(['AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSec' + 'urity', 'ThreatIntelligence', 'Office365', 'AmazonWebServicesCloudTrail', 'AzureAdvancedThreatProte' + 'ction', 'MicrosoftDefenderAdvancedThreatProtection']), help='The kind of the data connector') + + with self.argument_context('sentinel data-connector update') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', help='The name of the workspace.') + c.argument('data_connector_id', help='Connector ID') + c.argument('etag', help='Etag of the azure resource') + c.argument('kind', arg_type=get_enum_type(['AzureActiveDirectory', 'AzureSecurityCenter', 'MicrosoftCloudAppSec' + 'urity', 'ThreatIntelligence', 'Office365', 'AmazonWebServicesCloudTrail', 'AzureAdvancedThreatProte' + 'ction', 'MicrosoftDefenderAdvancedThreatProtection']), help='The kind of the data connector') + + with self.argument_context('sentinel data-connector delete') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', help='The name of the workspace.') + c.argument('data_connector_id', help='Connector ID') diff --git a/src/securityinsight/azext_sentinel/generated/_validators.py b/src/securityinsight/azext_sentinel/generated/_validators.py new file mode 100644 index 00000000000..7536d0531ea --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/_validators.py @@ -0,0 +1,23 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + + +def example_name_or_id_validator(cmd, namespace): + from azure.cli.core.commands.client_factory import get_subscription_id + from msrestazure.tools import is_valid_resource_id, resource_id + if namespace.storage_account: + if not is_valid_resource_id(namespace.RESOURCE): + namespace.storage_account = resource_id( + subscription=get_subscription_id(cmd.cli_ctx), + resource_group=namespace.resource_group_name, + namespace='Microsoft.Storage', + type='storageAccounts', + name=namespace.storage_account + ) diff --git a/src/securityinsight/azext_sentinel/generated/action.py b/src/securityinsight/azext_sentinel/generated/action.py new file mode 100644 index 00000000000..01ed94902ce --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/action.py @@ -0,0 +1,14 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=protected-access + +import argparse +from knack.util import CLIError +from collections import defaultdict diff --git a/src/securityinsight/azext_sentinel/generated/commands.py b/src/securityinsight/azext_sentinel/generated/commands.py new file mode 100644 index 00000000000..d859e4c8265 --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/commands.py @@ -0,0 +1,47 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from azure.cli.core.commands import CliCommandType + + +def load_command_table(self, _): + + from azext_sentinel.generated._client_factory import cf_alert_rule + sentinel_alert_rule = CliCommandType( + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_operations#AlertRuleOperat' + 'ions.{}', + client_factory=cf_alert_rule) + with self.command_group('sentinel alert-rule', sentinel_alert_rule, client_factory=cf_alert_rule, + is_experimental=True) as g: + g.custom_command('list', 'sentinel_alert_rule_list') + g.custom_show_command('show', 'sentinel_alert_rule_show') + g.custom_command('create', 'sentinel_alert_rule_create') + g.custom_command('delete', 'sentinel_alert_rule_delete') + + from azext_sentinel.generated._client_factory import cf_action + sentinel_action = CliCommandType( + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._action_operations#ActionOperations.{}' + '', + client_factory=cf_action) + with self.command_group('sentinel action', sentinel_action, client_factory=cf_action, is_experimental=True) as g: + g.custom_command('list', 'sentinel_action_list') + + from azext_sentinel.generated._client_factory import cf_data_connector + sentinel_data_connector = CliCommandType( + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._data_connector_operations#DataConnect' + 'orOperations.{}', + client_factory=cf_data_connector) + with self.command_group('sentinel data-connector', sentinel_data_connector, client_factory=cf_data_connector, + is_experimental=True) as g: + g.custom_command('list', 'sentinel_data_connector_list') + g.custom_show_command('show', 'sentinel_data_connector_show') + g.custom_command('create', 'sentinel_data_connector_create') + g.custom_command('update', 'sentinel_data_connector_update') + g.custom_command('delete', 'sentinel_data_connector_delete') diff --git a/src/securityinsight/azext_sentinel/generated/custom.py b/src/securityinsight/azext_sentinel/generated/custom.py new file mode 100644 index 00000000000..7788f85c4dc --- /dev/null +++ b/src/securityinsight/azext_sentinel/generated/custom.py @@ -0,0 +1,132 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +# pylint: disable=line-too-long +# pylint: disable=too-many-lines + + +def sentinel_alert_rule_list(cmd, client, + resource_group_name, + workspace_name): + return client.list(resource_group_name=resource_group_name, + workspace_name=workspace_name) + + +def sentinel_alert_rule_show(cmd, client, + resource_group_name, + workspace_name, + rule_id, + action_id=None): + if resource_group_name is not None and workspace_name is not None and rule_id is not None and action_id is not None: + return client.get_action(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + action_id=action_id) + return client.get(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id) + + +def sentinel_alert_rule_create(cmd, client, + resource_group_name, + workspace_name, + rule_id, + action_id=None, + etag=None, + logic_app_resource_id=None, + trigger_uri=None, + kind=None): + if resource_group_name is not None and workspace_name is not None and rule_id is not None and action_id is not None and _action is not None: + return client.create_or_update_action(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + action_id=action_id, + etag=etag, + logic_app_resource_id=logic_app_resource_id, + trigger_uri=trigger_uri) + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + etag=etag, + kind=kind) + + +def sentinel_alert_rule_delete(cmd, client, + resource_group_name, + workspace_name, + rule_id, + action_id=None): + if resource_group_name is not None and workspace_name is not None and rule_id is not None and action_id is not None: + return client.delete_action(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + action_id=action_id) + return client.delete(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id) + + +def sentinel_action_list(cmd, client, + resource_group_name, + workspace_name, + rule_id): + return client.list_by_alert_rule(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id) + + +def sentinel_data_connector_list(cmd, client, + resource_group_name, + workspace_name): + return client.list(resource_group_name=resource_group_name, + workspace_name=workspace_name) + + +def sentinel_data_connector_show(cmd, client, + resource_group_name, + workspace_name, + data_connector_id): + return client.get(resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id) + + +def sentinel_data_connector_create(cmd, client, + resource_group_name, + workspace_name, + data_connector_id, + etag=None, + kind=None): + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id, + etag=etag, + kind=kind) + + +def sentinel_data_connector_update(cmd, client, + resource_group_name, + workspace_name, + data_connector_id, + etag=None, + kind=None): + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id, + etag=etag, + kind=kind) + + +def sentinel_data_connector_delete(cmd, client, + resource_group_name, + workspace_name, + data_connector_id): + return client.delete(resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id) diff --git a/src/securityinsight/azext_sentinel/manual/__init__.py b/src/securityinsight/azext_sentinel/manual/__init__.py new file mode 100644 index 00000000000..ee0c4f36bd0 --- /dev/null +++ b/src/securityinsight/azext_sentinel/manual/__init__.py @@ -0,0 +1,12 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +__path__ = __import__('pkgutil').extend_path(__path__, __name__) diff --git a/src/securityinsight/azext_sentinel/tests/__init__.py b/src/securityinsight/azext_sentinel/tests/__init__.py new file mode 100644 index 00000000000..fe1bd438b46 --- /dev/null +++ b/src/securityinsight/azext_sentinel/tests/__init__.py @@ -0,0 +1,49 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- +import inspect +import os + + +__path__ = __import__('pkgutil').extend_path(__path__, __name__) + + +def try_manual(func): + def import_manual_function(origin_func): + from importlib import import_module + decorated_path = inspect.getfile(origin_func) + module_path = __path__[0] + if not decorated_path.startswith(module_path): + raise Exception("Decorator can only be used in submodules!") + manual_path = os.path.join( + decorated_path[module_path.rfind(os.path.sep) + 1:]) + manual_file_path, manual_file_name = os.path.split(manual_path) + module_name, _ = os.path.splitext(manual_file_name) + manual_module = "..manual." + \ + ".".join(manual_file_path.split(os.path.sep) + [module_name, ]) + return getattr(import_module(manual_module, package=__name__), origin_func.__name__) + + def get_func_to_call(): + func_to_call = func + try: + func_to_call = import_manual_function(func) + except (ImportError, AttributeError): + pass + return func_to_call + + def wrapper(*args, **kwargs): + func_to_call = get_func_to_call() + print("running {}()...".format(func.__name__)) + return func_to_call(*args, **kwargs) + + if inspect.isclass(func): + return get_func_to_call() + else: + return wrapper diff --git a/src/securityinsight/azext_sentinel/tests/latest/__init__.py b/src/securityinsight/azext_sentinel/tests/latest/__init__.py new file mode 100644 index 00000000000..ee0c4f36bd0 --- /dev/null +++ b/src/securityinsight/azext_sentinel/tests/latest/__init__.py @@ -0,0 +1,12 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +__path__ = __import__('pkgutil').extend_path(__path__, __name__) diff --git a/src/securityinsight/azext_sentinel/tests/latest/preparers.py b/src/securityinsight/azext_sentinel/tests/latest/preparers.py new file mode 100644 index 00000000000..3d6672de64f --- /dev/null +++ b/src/securityinsight/azext_sentinel/tests/latest/preparers.py @@ -0,0 +1,116 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import os +from datetime import datetime +from azure.cli.testsdk.preparers import NoTrafficRecordingPreparer +from azure_devtools.scenario_tests import SingleValueReplacer +from azure.cli.testsdk.exceptions import CliTestError +from azure.cli.testsdk.reverse_dependency import get_dummy_cli + + +KEY_RESOURCE_GROUP = 'rg' +KEY_VIRTUAL_NETWORK = 'vnet' +KEY_VNET_SUBNET = 'subnet' + + +class VirtualNetworkPreparer(NoTrafficRecordingPreparer, SingleValueReplacer): + def __init__(self, name_prefix='clitest.vn', + parameter_name='virtual_network', + resource_group_name=None, + resource_group_key=KEY_RESOURCE_GROUP, + dev_setting_name='AZURE_CLI_TEST_DEV_VIRTUAL_NETWORK_NAME', + random_name_length=24, key=KEY_VIRTUAL_NETWORK): + if ' ' in name_prefix: + raise CliTestError( + 'Error: Space character in name prefix \'%s\'' % name_prefix) + super(VirtualNetworkPreparer, self).__init__( + name_prefix, random_name_length) + self.cli_ctx = get_dummy_cli() + self.parameter_name = parameter_name + self.key = key + self.resource_group_name = resource_group_name + self.resource_group_key = resource_group_key + self.dev_setting_name = os.environ.get(dev_setting_name, None) + + def create_resource(self, name, **kwargs): + if self.dev_setting_name: + return {self.parameter_name: self.dev_setting_name, } + + if not self.resource_group_name: + self.resource_group_name = self.test_class_instance.kwargs.get( + self.resource_group_key) + if not self.resource_group_name: + raise CliTestError("Error: No resource group configured!") + + tags = {'product': 'azurecli', 'cause': 'automation', + 'date': datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%SZ')} + if 'ENV_JOB_NAME' in os.environ: + tags['job'] = os.environ['ENV_JOB_NAME'] + tags = ' '.join(['{}={}'.format(key, value) + for key, value in tags.items()]) + template = 'az network vnet create --resource-group {} --name {} --tag ' + tags + self.live_only_execute(self.cli_ctx, template.format( + self.resource_group_name, name)) + + self.test_class_instance.kwargs[self.key] = name + return {self.parameter_name: name} + + def remove_resource(self, name, **kwargs): + # delete vnet if test is being recorded and if the vnet is not a dev rg + if not self.dev_setting_name: + self.live_only_execute( + self.cli_ctx, 'az network vnet delete --name {} --resource-group {}'.format(name, self.resource_group_name)) + + +class VnetSubnetPreparer(NoTrafficRecordingPreparer, SingleValueReplacer): + def __init__(self, name_prefix='clitest.vn', + parameter_name='subnet', + resource_group_name=None, + resource_group_key=KEY_RESOURCE_GROUP, + vnet_name=None, + vnet_key=KEY_VIRTUAL_NETWORK, + address_prefixes="11.0.0.0/24", + dev_setting_name='AZURE_CLI_TEST_DEV_VNET_SUBNET_NAME', + random_name_length=24, key=KEY_VNET_SUBNET): + if ' ' in name_prefix: + raise CliTestError( + 'Error: Space character in name prefix \'%s\'' % name_prefix) + super(VnetSubnetPreparer, self).__init__( + name_prefix, random_name_length) + self.cli_ctx = get_dummy_cli() + self.parameter_name = parameter_name + self.key = key + self.resource_group_name = resource_group_name + self.resource_group_key = resource_group_key + self.vnet_name = vnet_name + self.vnet_key = vnet_key + self.address_prefixes = address_prefixes + self.dev_setting_name = os.environ.get(dev_setting_name, None) + + def create_resource(self, name, **kwargs): + if self.dev_setting_name: + return {self.parameter_name: self.dev_setting_name, } + + if not self.resource_group_name: + self.resource_group_name = self.test_class_instance.kwargs.get( + self.resource_group_key) + if not self.resource_group_name: + raise CliTestError("Error: No resource group configured!") + if not self.vnet_name: + self.vnet_name = self.test_class_instance.kwargs.get(self.vnet_key) + if not self.vnet_name: + raise CliTestError("Error: No vnet configured!") + + self.test_class_instance.kwargs[self.key] = 'default' + return {self.parameter_name: name} + + def remove_resource(self, name, **kwargs): + pass diff --git a/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py b/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py new file mode 100644 index 00000000000..64b149a7055 --- /dev/null +++ b/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py @@ -0,0 +1,317 @@ +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import os +import unittest + +from azure_devtools.scenario_tests import AllowLargeResponse +from azure.cli.testsdk import ScenarioTest +from .. import try_manual +from azure.cli.testsdk import ResourceGroupPreparer + + +TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..')) + + +@try_manual +def setup(test, rg): + pass + + +# EXAMPLE: /Actions/get/Get all actions of alert rule. +@try_manual +def step__actions_get_get_all_actions_of_alert_rule_(test, rg): + test.cmd('az sentinel action list ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/put/Creates or updates a Fusion alert rule. +@try_manual +def step__alertrules_put_creates_or_updates_a_fusion_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule create ' + '--etag "3d00c3ca-0000-0100-0000-5d42d5010000" ' + '--kind "Fusion" ' + '--resource-group "{rg}" ' + '--rule-id "myFirstFusionRule" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/put/Creates or updates a MicrosoftSecurityIncidentCreation rule. +@try_manual +def step__alertrules_put_creates_or_updates_a_microsoftsecurityincidentcreation_rule_(test, rg): + test.cmd('az sentinel alert-rule create ' + '--etag "\\"260097e0-0000-0d00-0000-5d6fa88f0000\\"" ' + '--kind "MicrosoftSecurityIncidentCreation" ' + '--resource-group "{rg}" ' + '--rule-id "microsoftSecurityIncidentCreationRuleExample" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/put/Creates or updates a Scheduled alert rule. +@try_manual +def step__alertrules_put_creates_or_updates_a_scheduled_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule create ' + '--etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" ' + '--kind "Scheduled" ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/put/Creates or updates an action of alert rule. +@try_manual +def step__alertrules_put_creates_or_updates_an_action_of_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule create ' + '--etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" ' + '--logic-app-resource-id "/subscriptions/{subscription_id}/resourceGroups/{rg}/providers/Microsoft.Logic/w' + 'orkflows/MyAlerts" ' + '--trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d4' + '8d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signatur' + 'e" ' + '--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/get/Get a Fusion alert rule. +@try_manual +def step__alertrules_get_get_a_fusion_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule show ' + '--resource-group "{rg}" ' + '--rule-id "myFirstFusionRule" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/get/Get a MicrosoftSecurityIncidentCreation rule. +@try_manual +def step__alertrules_get_get_a_microsoftsecurityincidentcreation_rule_(test, rg): + test.cmd('az sentinel alert-rule show ' + '--resource-group "{rg}" ' + '--rule-id "microsoftSecurityIncidentCreationRuleExample" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/get/Get a Scheduled alert rule. +@try_manual +def step__alertrules_get_get_a_scheduled_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule show ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/get/Get all alert rules. +@try_manual +def step__alertrules_get_get_all_alert_rules_(test, rg): + test.cmd('az sentinel alert-rule list ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/get/Get an action of alert rule. +@try_manual +def step__alertrules_get_get_an_action_of_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule show ' + '--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/put/Creates or updates an Office365 data connector. +@try_manual +def step__dataconnectors_put_creates_or_updates_an_office365_data_connector_(test, rg): + test.cmd('az sentinel data-connector create ' + '--etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" ' + '--kind "Office365" ' + '--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get a ASC data connector. +@try_manual +def step__dataconnectors_get_get_a_asc_data_connector_(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get a MCAS data connector. +@try_manual +def step__dataconnectors_get_get_a_mcas_data_connector_(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get a MDATP data connector +@try_manual +def step__dataconnectors_get_get_a_mdatp_data_connector(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get a TI data connector. +@try_manual +def step__dataconnectors_get_get_a_ti_data_connector_(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get all data connectors. +@try_manual +def step__dataconnectors_get_get_all_data_connectors_(test, rg): + test.cmd('az sentinel data-connector list ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get an AAD data connector. +@try_manual +def step__dataconnectors_get_get_an_aad_data_connector_(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get an AATP data connector. +@try_manual +def step__dataconnectors_get_get_an_aatp_data_connector_(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get an AwsCloudTrail data connector. +@try_manual +def step__dataconnectors_get_get_an_awscloudtrail_data_connector_(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/get/Get an Office365 data connector. +@try_manual +def step__dataconnectors_get_get_an_office365_data_connector_(test, rg): + test.cmd('az sentinel data-connector show ' + '--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/delete/Delete an alert rule. +@try_manual +def step__alertrules_delete_delete_an_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule delete ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /AlertRules/delete/Delete an action of alert rule. +@try_manual +def step__alertrules_delete_delete_an_action_of_alert_rule_(test, rg): + test.cmd('az sentinel alert-rule delete ' + '--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" ' + '--resource-group "{rg}" ' + '--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +# EXAMPLE: /DataConnectors/delete/Delete an Office365 data connector. +@try_manual +def step__dataconnectors_delete_delete_an_office365_data_connector_(test, rg): + test.cmd('az sentinel data-connector delete ' + '--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" ' + '--resource-group "{rg}" ' + '--workspace-name "myWorkspace"', + checks=[]) + + +@try_manual +def cleanup(test, rg): + pass + + +@try_manual +def call_scenario(test, rg): + setup(test, rg) + step__actions_get_get_all_actions_of_alert_rule_(test, rg) + step__alertrules_put_creates_or_updates_a_fusion_alert_rule_(test, rg) + step__alertrules_put_creates_or_updates_a_microsoftsecurityincidentcreation_rule_(test, rg) + step__alertrules_put_creates_or_updates_a_scheduled_alert_rule_(test, rg) + step__alertrules_put_creates_or_updates_an_action_of_alert_rule_(test, rg) + step__alertrules_get_get_a_fusion_alert_rule_(test, rg) + step__alertrules_get_get_a_microsoftsecurityincidentcreation_rule_(test, rg) + step__alertrules_get_get_a_scheduled_alert_rule_(test, rg) + step__alertrules_get_get_all_alert_rules_(test, rg) + step__alertrules_get_get_an_action_of_alert_rule_(test, rg) + step__dataconnectors_put_creates_or_updates_an_office365_data_connector_(test, rg) + step__dataconnectors_get_get_a_asc_data_connector_(test, rg) + step__dataconnectors_get_get_a_mcas_data_connector_(test, rg) + step__dataconnectors_get_get_a_mdatp_data_connector(test, rg) + step__dataconnectors_get_get_a_ti_data_connector_(test, rg) + step__dataconnectors_get_get_all_data_connectors_(test, rg) + step__dataconnectors_get_get_an_aad_data_connector_(test, rg) + step__dataconnectors_get_get_an_aatp_data_connector_(test, rg) + step__dataconnectors_get_get_an_awscloudtrail_data_connector_(test, rg) + step__dataconnectors_get_get_an_office365_data_connector_(test, rg) + step__alertrules_delete_delete_an_alert_rule_(test, rg) + step__alertrules_delete_delete_an_action_of_alert_rule_(test, rg) + step__dataconnectors_delete_delete_an_office365_data_connector_(test, rg) + cleanup(test, rg) + + +@try_manual +class SecurityInsightsScenarioTest(ScenarioTest): + + @ResourceGroupPreparer(name_prefix='clitestsentinel_myRg'[:7], key='rg', parameter_name='rg') + def test_sentinel(self, rg): + + self.kwargs.update({ + 'subscription_id': self.get_subscription_id() + }) + + call_scenario(self, rg) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/__init__.py new file mode 100644 index 00000000000..ee0c4f36bd0 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/__init__.py @@ -0,0 +1,12 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +__path__ = __import__('pkgutil').extend_path(__path__, __name__) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/__init__.py new file mode 100644 index 00000000000..917de69fcdc --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/__init__.py @@ -0,0 +1,19 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from ._security_insights import SecurityInsights +from ._version import VERSION + +__version__ = VERSION +__all__ = ['SecurityInsights'] + +try: + from .patch import patch_sdk + patch_sdk() +except ImportError: + pass diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_configuration.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_configuration.py new file mode 100644 index 00000000000..6e9fe325582 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_configuration.py @@ -0,0 +1,69 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from typing import TYPE_CHECKING + +from azure.core.configuration import Configuration +from azure.core.pipeline import policies + +from ._version import VERSION + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any + + from azure.core.credentials import TokenCredential + + +class SecurityInsightsConfiguration(Configuration): + """Configuration for SecurityInsights. + + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credential: Credential needed for the client to connect to Azure. + :type credential: ~azure.core.credentials.TokenCredential + :param subscription_id: Azure subscription ID. + :type subscription_id: str + """ + + def __init__( + self, + credential, # type: "TokenCredential" + subscription_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + if credential is None: + raise ValueError("Parameter 'credential' must not be None.") + if subscription_id is None: + raise ValueError("Parameter 'subscription_id' must not be None.") + super(SecurityInsightsConfiguration, self).__init__(**kwargs) + + self.credential = credential + self.subscription_id = subscription_id + self.api_version = "2020-01-01" + self.credential_scopes = ['https://management.azure.com/.default'] + kwargs.setdefault('sdk_moniker', 'mgmt-securityinsight/{}'.format(VERSION)) + self._configure(**kwargs) + + def _configure( + self, + **kwargs # type: Any + ): + # type: (...) -> None + self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get('retry_policy') or policies.RetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs) + self.authentication_policy = kwargs.get('authentication_policy') + if self.credential and not self.authentication_policy: + self.authentication_policy = policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py new file mode 100644 index 00000000000..2a1c0d76cbf --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py @@ -0,0 +1,81 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from typing import TYPE_CHECKING + +from azure.mgmt.core import ARMPipelineClient +from msrest import Deserializer, Serializer + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Optional + +from ._configuration import SecurityInsightsConfiguration +from .operations import OperationOperations +from .operations import AlertRuleOperations +from .operations import ActionOperations +from .operations import DataConnectorOperations +from . import models + + +class SecurityInsights(object): + """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. + + :ivar operation: OperationOperations operations + :vartype operation: azure.mgmt.securityinsight.operations.OperationOperations + :ivar alert_rule: AlertRuleOperations operations + :vartype alert_rule: azure.mgmt.securityinsight.operations.AlertRuleOperations + :ivar action: ActionOperations operations + :vartype action: azure.mgmt.securityinsight.operations.ActionOperations + :ivar data_connector: DataConnectorOperations operations + :vartype data_connector: azure.mgmt.securityinsight.operations.DataConnectorOperations + :param credential: Credential needed for the client to connect to Azure. + :type credential: ~azure.core.credentials.TokenCredential + :param subscription_id: Azure subscription ID. + :type subscription_id: str + :param str base_url: Service URL + """ + + def __init__( + self, + credential, # type: "TokenCredential" + subscription_id, # type: str + base_url=None, # type: Optional[str] + **kwargs # type: Any + ): + # type: (...) -> None + if not base_url: + base_url = 'https://management.azure.com' + self._config = SecurityInsightsConfiguration(credential, subscription_id, **kwargs) + self._client = ARMPipelineClient(base_url=base_url, config=self._config, **kwargs) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + self.operation = OperationOperations( + self._client, self._config, self._serialize, self._deserialize) + self.alert_rule = AlertRuleOperations( + self._client, self._config, self._serialize, self._deserialize) + self.action = ActionOperations( + self._client, self._config, self._serialize, self._deserialize) + self.data_connector = DataConnectorOperations( + self._client, self._config, self._serialize, self._deserialize) + + def close(self): + # type: () -> None + self._client.close() + + def __enter__(self): + # type: () -> SecurityInsights + self._client.__enter__() + return self + + def __exit__(self, *exc_details): + # type: (Any) -> None + self._client.__exit__(*exc_details) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_version.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_version.py new file mode 100644 index 00000000000..eae7c95b6fb --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_version.py @@ -0,0 +1,9 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +VERSION = "0.1.0" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/__init__.py new file mode 100644 index 00000000000..3f1f9829e61 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/__init__.py @@ -0,0 +1,10 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from ._security_insights_async import SecurityInsights +__all__ = ['SecurityInsights'] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_configuration_async.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_configuration_async.py new file mode 100644 index 00000000000..48c151e8865 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_configuration_async.py @@ -0,0 +1,65 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from typing import Any, TYPE_CHECKING + +from azure.core.configuration import Configuration +from azure.core.pipeline import policies + +from .._version import VERSION + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from azure.core.credentials import TokenCredential + + +class SecurityInsightsConfiguration(Configuration): + """Configuration for SecurityInsights. + + Note that all parameters used to create this instance are saved as instance + attributes. + + :param credential: Credential needed for the client to connect to Azure. + :type credential: ~azure.core.credentials_async.AsyncTokenCredential + :param subscription_id: Azure subscription ID. + :type subscription_id: str + """ + + def __init__( + self, + credential: "AsyncTokenCredential", + subscription_id: str, + **kwargs: Any + ) -> None: + if credential is None: + raise ValueError("Parameter 'credential' must not be None.") + if subscription_id is None: + raise ValueError("Parameter 'subscription_id' must not be None.") + super(SecurityInsightsConfiguration, self).__init__(**kwargs) + + self.credential = credential + self.subscription_id = subscription_id + self.api_version = "2020-01-01" + self.credential_scopes = ['https://management.azure.com/.default'] + kwargs.setdefault('sdk_moniker', 'mgmt-securityinsight/{}'.format(VERSION)) + self._configure(**kwargs) + + def _configure( + self, + **kwargs: Any + ) -> None: + self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get('retry_policy') or policies.AsyncRetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs) + self.authentication_policy = kwargs.get('authentication_policy') + if self.credential and not self.authentication_policy: + self.authentication_policy = policies.AsyncBearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights_async.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights_async.py new file mode 100644 index 00000000000..2bf9b373cc9 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights_async.py @@ -0,0 +1,73 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from typing import Any, Optional + +from azure.mgmt.core import AsyncARMPipelineClient +from msrest import Deserializer, Serializer + +from ._configuration_async import SecurityInsightsConfiguration +from .operations_async import OperationOperations +from .operations_async import AlertRuleOperations +from .operations_async import ActionOperations +from .operations_async import DataConnectorOperations +from .. import models + + +class SecurityInsights(object): + """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. + + :ivar operation: OperationOperations operations + :vartype operation: azure.mgmt.securityinsight.aio.operations_async.OperationOperations + :ivar alert_rule: AlertRuleOperations operations + :vartype alert_rule: azure.mgmt.securityinsight.aio.operations_async.AlertRuleOperations + :ivar action: ActionOperations operations + :vartype action: azure.mgmt.securityinsight.aio.operations_async.ActionOperations + :ivar data_connector: DataConnectorOperations operations + :vartype data_connector: azure.mgmt.securityinsight.aio.operations_async.DataConnectorOperations + :param credential: Credential needed for the client to connect to Azure. + :type credential: ~azure.core.credentials_async.AsyncTokenCredential + :param subscription_id: Azure subscription ID. + :type subscription_id: str + :param str base_url: Service URL + """ + + def __init__( + self, + credential: "AsyncTokenCredential", + subscription_id: str, + base_url: Optional[str] = None, + **kwargs: Any + ) -> None: + if not base_url: + base_url = 'https://management.azure.com' + self._config = SecurityInsightsConfiguration(credential, subscription_id, **kwargs) + self._client = AsyncARMPipelineClient(base_url=base_url, config=self._config, **kwargs) + + client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)} + self._serialize = Serializer(client_models) + self._deserialize = Deserializer(client_models) + + self.operation = OperationOperations( + self._client, self._config, self._serialize, self._deserialize) + self.alert_rule = AlertRuleOperations( + self._client, self._config, self._serialize, self._deserialize) + self.action = ActionOperations( + self._client, self._config, self._serialize, self._deserialize) + self.data_connector = DataConnectorOperations( + self._client, self._config, self._serialize, self._deserialize) + + async def close(self) -> None: + await self._client.close() + + async def __aenter__(self) -> "SecurityInsights": + await self._client.__aenter__() + return self + + async def __aexit__(self, *exc_details) -> None: + await self._client.__aexit__(*exc_details) diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/__init__.py new file mode 100644 index 00000000000..cf3fbf02464 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/__init__.py @@ -0,0 +1,19 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from ._operation_operations_async import OperationOperations +from ._alert_rule_operations_async import AlertRuleOperations +from ._action_operations_async import ActionOperations +from ._data_connector_operations_async import DataConnectorOperations + +__all__ = [ + 'OperationOperations', + 'AlertRuleOperations', + 'ActionOperations', + 'DataConnectorOperations', +] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_action_operations_async.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_action_operations_async.py new file mode 100644 index 00000000000..35a1eaae38f --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_action_operations_async.py @@ -0,0 +1,117 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Generic, Optional, TypeVar +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class ActionOperations: + """ActionOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~azure.mgmt.securityinsight.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list_by_alert_rule( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + **kwargs + ) -> "models.ActionsList": + """Gets all actions of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionsList or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ActionsList + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionsList"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_alert_rule.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + else: + url = next_link + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('ActionsList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_alert_rule_operations_async.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_alert_rule_operations_async.py new file mode 100644 index 00000000000..ad38776c736 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_alert_rule_operations_async.py @@ -0,0 +1,519 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Generic, Optional, TypeVar, Union +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class AlertRuleOperations: + """AlertRuleOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~azure.mgmt.securityinsight.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name: str, + workspace_name: str, + **kwargs + ) -> "models.AlertRulesList": + """Gets all alert rules. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRulesList or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AlertRulesList + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRulesList"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + else: + url = next_link + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('AlertRulesList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} + + async def get( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + **kwargs + ) -> "models.AlertRule": + """Gets the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} + + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + kind: Union[str, "models.AlertRuleKindEnum"], + etag: Optional[str] = None, + **kwargs + ) -> "models.AlertRule": + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param kind: The kind of the alert rule. + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param etag: Etag of the azure resource. + :type etag: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AlertRule or ~azure.mgmt.securityinsight.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + + _alert_rule = models.AlertRule(etag=etag, kind=kind) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = 'application/json' + + # Construct and send request + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(_alert_rule, 'AlertRule') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} + + async def delete( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + **kwargs + ) -> None: + """Delete the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} + + async def get_action( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + **kwargs + ) -> "models.ActionResponse": + """Gets the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.get_action.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} + + async def create_or_update_action( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + etag: Optional[str] = None, + logic_app_resource_id: Optional[str] = None, + trigger_uri: Optional[str] = None, + **kwargs + ) -> "models.ActionResponse": + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :param etag: Etag of the azure resource. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ActionResponse or ~azure.mgmt.securityinsight.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + + _action = models.ActionRequest(etag=etag, logic_app_resource_id=logic_app_resource_id, trigger_uri=trigger_uri) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + + # Construct URL + url = self.create_or_update_action.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = 'application/json' + + # Construct and send request + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(_action, 'ActionRequest') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} + + async def delete_action( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + **kwargs + ) -> None: + """Delete the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.delete_action.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_data_connector_operations_async.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_data_connector_operations_async.py new file mode 100644 index 00000000000..7ea18e5a090 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_data_connector_operations_async.py @@ -0,0 +1,308 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Generic, Optional, TypeVar, Union +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class DataConnectorOperations: + """DataConnectorOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~azure.mgmt.securityinsight.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name: str, + workspace_name: str, + **kwargs + ) -> "models.DataConnectorList": + """Gets all data connectors. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorList or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorList + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnectorList"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + else: + url = next_link + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('DataConnectorList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors'} + + async def get( + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + **kwargs + ) -> "models.DataConnector": + """Gets a data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnector + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('DataConnector', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} + + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + etag: Optional[str] = None, + kind: Optional[Union[str, "models.DataConnectorKindEnum"]] = None, + **kwargs + ) -> "models.DataConnector": + """Creates or updates the data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: The kind of the data connector. + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnector or ~azure.mgmt.securityinsight.models.DataConnector + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + + _data_connector = models.DataConnector(etag=etag, kind=kind) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = 'application/json' + + # Construct and send request + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(_data_connector, 'DataConnector') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DataConnector', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('DataConnector', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} + + async def delete( + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + **kwargs + ) -> None: + """Delete the data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_operation_operations_async.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_operation_operations_async.py new file mode 100644 index 00000000000..77dde3c8103 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations_async/_operation_operations_async.py @@ -0,0 +1,100 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Generic, Optional, TypeVar +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class OperationOperations: + """OperationOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~azure.mgmt.securityinsight.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + **kwargs + ) -> "models.OperationsList": + """Lists all operations available Azure Security Insights Resource Provider. + + :keyword callable cls: A custom type or function that will be passed the direct response + :return: OperationsList or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.OperationsList + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.OperationsList"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + else: + url = next_link + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('OperationsList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/providers/Microsoft.SecurityInsights/operations'} diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py new file mode 100644 index 00000000000..6c372e7a5b4 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py @@ -0,0 +1,253 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +try: + from ._models_py3 import AadDataConnector + from ._models_py3 import AadDataConnectorProperties + from ._models_py3 import AatpDataConnector + from ._models_py3 import AatpDataConnectorProperties + from ._models_py3 import ActionPropertiesBase + from ._models_py3 import ActionRequest + from ._models_py3 import ActionRequestProperties + from ._models_py3 import ActionResponse + from ._models_py3 import ActionResponseProperties + from ._models_py3 import ActionsList + from ._models_py3 import AlertRule + from ._models_py3 import AlertRuleKind + from ._models_py3 import AlertRuleTemplate + from ._models_py3 import AlertRuleTemplateDataSource + from ._models_py3 import AlertRuleTemplatePropertiesBase + from ._models_py3 import AlertRulesList + from ._models_py3 import AlertsDataTypeOfDataConnector + from ._models_py3 import AlertsDataTypeOfDataConnectorAlerts + from ._models_py3 import AscDataConnector + from ._models_py3 import AscDataConnectorProperties + from ._models_py3 import AwsCloudTrailDataConnector + from ._models_py3 import AwsCloudTrailDataConnectorDataTypes + from ._models_py3 import AwsCloudTrailDataConnectorDataTypesLogs + from ._models_py3 import DataConnector + from ._models_py3 import DataConnectorDataTypeCommon + from ._models_py3 import DataConnectorKind + from ._models_py3 import DataConnectorList + from ._models_py3 import DataConnectorTenantId + from ._models_py3 import DataConnectorWithAlertsProperties + from ._models_py3 import FusionAlertRule + from ._models_py3 import FusionAlertRuleTemplate + from ._models_py3 import FusionAlertRuleTemplateProperties + from ._models_py3 import IncidentInfo + from ._models_py3 import McasDataConnector + from ._models_py3 import McasDataConnectorDataTypes + from ._models_py3 import McasDataConnectorDataTypesDiscoveryLogs + from ._models_py3 import McasDataConnectorProperties + from ._models_py3 import MdatpDataConnector + from ._models_py3 import MdatpDataConnectorProperties + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRule + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleProperties + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplate + from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties + from ._models_py3 import OfficeConsent + from ._models_py3 import OfficeConsentList + from ._models_py3 import OfficeDataConnector + from ._models_py3 import OfficeDataConnectorDataTypes + from ._models_py3 import OfficeDataConnectorDataTypesExchange + from ._models_py3 import OfficeDataConnectorDataTypesSharePoint + from ._models_py3 import OfficeDataConnectorProperties + from ._models_py3 import Operation + from ._models_py3 import OperationDisplay + from ._models_py3 import OperationsList + from ._models_py3 import Resource + from ._models_py3 import ResourceWithEtag + from ._models_py3 import ScheduledAlertRule + from ._models_py3 import ScheduledAlertRuleCommonProperties + from ._models_py3 import ScheduledAlertRuleProperties + from ._models_py3 import ScheduledAlertRuleTemplate + from ._models_py3 import ScheduledAlertRuleTemplateProperties + from ._models_py3 import Settings + from ._models_py3 import SettingsKind + from ._models_py3 import ThreatIntelligence + from ._models_py3 import TiDataConnector + from ._models_py3 import TiDataConnectorDataTypes + from ._models_py3 import TiDataConnectorDataTypesIndicators + from ._models_py3 import TiDataConnectorProperties + from ._models_py3 import ToggleSettings + from ._models_py3 import UebaSettings + from ._models_py3 import UserInfo +except (SyntaxError, ImportError): + from ._models import AadDataConnector # type: ignore + from ._models import AadDataConnectorProperties # type: ignore + from ._models import AatpDataConnector # type: ignore + from ._models import AatpDataConnectorProperties # type: ignore + from ._models import ActionPropertiesBase # type: ignore + from ._models import ActionRequest # type: ignore + from ._models import ActionRequestProperties # type: ignore + from ._models import ActionResponse # type: ignore + from ._models import ActionResponseProperties # type: ignore + from ._models import ActionsList # type: ignore + from ._models import AlertRule # type: ignore + from ._models import AlertRuleKind # type: ignore + from ._models import AlertRuleTemplate # type: ignore + from ._models import AlertRuleTemplateDataSource # type: ignore + from ._models import AlertRuleTemplatePropertiesBase # type: ignore + from ._models import AlertRulesList # type: ignore + from ._models import AlertsDataTypeOfDataConnector # type: ignore + from ._models import AlertsDataTypeOfDataConnectorAlerts # type: ignore + from ._models import AscDataConnector # type: ignore + from ._models import AscDataConnectorProperties # type: ignore + from ._models import AwsCloudTrailDataConnector # type: ignore + from ._models import AwsCloudTrailDataConnectorDataTypes # type: ignore + from ._models import AwsCloudTrailDataConnectorDataTypesLogs # type: ignore + from ._models import DataConnector # type: ignore + from ._models import DataConnectorDataTypeCommon # type: ignore + from ._models import DataConnectorKind # type: ignore + from ._models import DataConnectorList # type: ignore + from ._models import DataConnectorTenantId # type: ignore + from ._models import DataConnectorWithAlertsProperties # type: ignore + from ._models import FusionAlertRule # type: ignore + from ._models import FusionAlertRuleTemplate # type: ignore + from ._models import FusionAlertRuleTemplateProperties # type: ignore + from ._models import IncidentInfo # type: ignore + from ._models import McasDataConnector # type: ignore + from ._models import McasDataConnectorDataTypes # type: ignore + from ._models import McasDataConnectorDataTypesDiscoveryLogs # type: ignore + from ._models import McasDataConnectorProperties # type: ignore + from ._models import MdatpDataConnector # type: ignore + from ._models import MdatpDataConnectorProperties # type: ignore + from ._models import MicrosoftSecurityIncidentCreationAlertRule # type: ignore + from ._models import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties # type: ignore + from ._models import MicrosoftSecurityIncidentCreationAlertRuleProperties # type: ignore + from ._models import MicrosoftSecurityIncidentCreationAlertRuleTemplate # type: ignore + from ._models import MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties # type: ignore + from ._models import OfficeConsent # type: ignore + from ._models import OfficeConsentList # type: ignore + from ._models import OfficeDataConnector # type: ignore + from ._models import OfficeDataConnectorDataTypes # type: ignore + from ._models import OfficeDataConnectorDataTypesExchange # type: ignore + from ._models import OfficeDataConnectorDataTypesSharePoint # type: ignore + from ._models import OfficeDataConnectorProperties # type: ignore + from ._models import Operation # type: ignore + from ._models import OperationDisplay # type: ignore + from ._models import OperationsList # type: ignore + from ._models import Resource # type: ignore + from ._models import ResourceWithEtag # type: ignore + from ._models import ScheduledAlertRule # type: ignore + from ._models import ScheduledAlertRuleCommonProperties # type: ignore + from ._models import ScheduledAlertRuleProperties # type: ignore + from ._models import ScheduledAlertRuleTemplate # type: ignore + from ._models import ScheduledAlertRuleTemplateProperties # type: ignore + from ._models import Settings # type: ignore + from ._models import SettingsKind # type: ignore + from ._models import ThreatIntelligence # type: ignore + from ._models import TiDataConnector # type: ignore + from ._models import TiDataConnectorDataTypes # type: ignore + from ._models import TiDataConnectorDataTypesIndicators # type: ignore + from ._models import TiDataConnectorProperties # type: ignore + from ._models import ToggleSettings # type: ignore + from ._models import UebaSettings # type: ignore + from ._models import UserInfo # type: ignore + +from ._security_insights_enums import ( + AlertRuleKindEnum, + AlertSeverity, + AttackTactic, + DataConnectorKindEnum, + DataTypeState, + IncidentSeverity, + LicenseStatus, + MicrosoftSecurityProductName, + SettingKind, + StatusInMcas, + TemplateStatus, + TriggerOperator, +) + +__all__ = [ + 'AadDataConnector', + 'AadDataConnectorProperties', + 'AatpDataConnector', + 'AatpDataConnectorProperties', + 'ActionPropertiesBase', + 'ActionRequest', + 'ActionRequestProperties', + 'ActionResponse', + 'ActionResponseProperties', + 'ActionsList', + 'AlertRule', + 'AlertRuleKind', + 'AlertRuleTemplate', + 'AlertRuleTemplateDataSource', + 'AlertRuleTemplatePropertiesBase', + 'AlertRulesList', + 'AlertsDataTypeOfDataConnector', + 'AlertsDataTypeOfDataConnectorAlerts', + 'AscDataConnector', + 'AscDataConnectorProperties', + 'AwsCloudTrailDataConnector', + 'AwsCloudTrailDataConnectorDataTypes', + 'AwsCloudTrailDataConnectorDataTypesLogs', + 'DataConnector', + 'DataConnectorDataTypeCommon', + 'DataConnectorKind', + 'DataConnectorList', + 'DataConnectorTenantId', + 'DataConnectorWithAlertsProperties', + 'FusionAlertRule', + 'FusionAlertRuleTemplate', + 'FusionAlertRuleTemplateProperties', + 'IncidentInfo', + 'McasDataConnector', + 'McasDataConnectorDataTypes', + 'McasDataConnectorDataTypesDiscoveryLogs', + 'McasDataConnectorProperties', + 'MdatpDataConnector', + 'MdatpDataConnectorProperties', + 'MicrosoftSecurityIncidentCreationAlertRule', + 'MicrosoftSecurityIncidentCreationAlertRuleCommonProperties', + 'MicrosoftSecurityIncidentCreationAlertRuleProperties', + 'MicrosoftSecurityIncidentCreationAlertRuleTemplate', + 'MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties', + 'OfficeConsent', + 'OfficeConsentList', + 'OfficeDataConnector', + 'OfficeDataConnectorDataTypes', + 'OfficeDataConnectorDataTypesExchange', + 'OfficeDataConnectorDataTypesSharePoint', + 'OfficeDataConnectorProperties', + 'Operation', + 'OperationDisplay', + 'OperationsList', + 'Resource', + 'ResourceWithEtag', + 'ScheduledAlertRule', + 'ScheduledAlertRuleCommonProperties', + 'ScheduledAlertRuleProperties', + 'ScheduledAlertRuleTemplate', + 'ScheduledAlertRuleTemplateProperties', + 'Settings', + 'SettingsKind', + 'ThreatIntelligence', + 'TiDataConnector', + 'TiDataConnectorDataTypes', + 'TiDataConnectorDataTypesIndicators', + 'TiDataConnectorProperties', + 'ToggleSettings', + 'UebaSettings', + 'UserInfo', + 'AlertRuleKindEnum', + 'AlertSeverity', + 'AttackTactic', + 'DataConnectorKindEnum', + 'DataTypeState', + 'IncidentSeverity', + 'LicenseStatus', + 'MicrosoftSecurityProductName', + 'SettingKind', + 'StatusInMcas', + 'TemplateStatus', + 'TriggerOperator', +] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py new file mode 100644 index 00000000000..18fb9bc0952 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py @@ -0,0 +1,2351 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +import msrest.serialization + + +class DataConnectorKind(msrest.serialization.Model): + """Describes an Azure resource with kind. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(DataConnectorKind, self).__init__(**kwargs) + self.kind = kwargs.get('kind', None) + + +class DataConnector(DataConnectorKind): + """Data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(DataConnector, self).__init__(**kwargs) + + +class AadDataConnector(DataConnector): + """Represents AAD (Azure Active Directory) data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + **kwargs + ): + super(AadDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + + +class DataConnectorWithAlertsProperties(msrest.serialization.Model): + """Data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + **kwargs + ): + super(DataConnectorWithAlertsProperties, self).__init__(**kwargs) + self.data_types = kwargs.get('data_types', None) + + +class AadDataConnectorProperties(DataConnectorWithAlertsProperties): + """AAD (Azure Active Directory) data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + **kwargs + ): + super(AadDataConnectorProperties, self).__init__(**kwargs) + + +class AatpDataConnector(DataConnector): + """Represents AATP (Azure Advanced Threat Protection) data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + **kwargs + ): + super(AatpDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + + +class AatpDataConnectorProperties(DataConnectorWithAlertsProperties): + """AATP (Azure Advanced Threat Protection) data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + **kwargs + ): + super(AatpDataConnectorProperties, self).__init__(**kwargs) + + +class ActionPropertiesBase(msrest.serialization.Model): + """Action property bag base. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionPropertiesBase, self).__init__(**kwargs) + self.logic_app_resource_id = kwargs['logic_app_resource_id'] + + +class ResourceWithEtag(msrest.serialization.Model): + """An azure resource object with an Etag property. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ResourceWithEtag, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + self.etag = kwargs.get('etag', None) + + +class ActionRequest(ResourceWithEtag): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'trigger_uri': {'key': 'properties.triggerUri', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionRequest, self).__init__(**kwargs) + self.logic_app_resource_id = kwargs.get('logic_app_resource_id', None) + self.trigger_uri = kwargs.get('trigger_uri', None) + + +class ActionRequestProperties(ActionPropertiesBase): + """Action property bag. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + 'trigger_uri': {'key': 'triggerUri', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionRequestProperties, self).__init__(**kwargs) + self.trigger_uri = kwargs.get('trigger_uri', None) + + +class Resource(msrest.serialization.Model): + """An azure resource object. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(Resource, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + + +class ActionResponse(Resource): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the action. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + :param workflow_id: The name of the logic app's workflow. + :type workflow_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'workflow_id': {'key': 'properties.workflowId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionResponse, self).__init__(**kwargs) + self.etag = kwargs.get('etag', None) + self.logic_app_resource_id = kwargs.get('logic_app_resource_id', None) + self.workflow_id = kwargs.get('workflow_id', None) + + +class ActionResponseProperties(ActionPropertiesBase): + """Action property bag. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + :param workflow_id: The name of the logic app's workflow. + :type workflow_id: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + 'workflow_id': {'key': 'workflowId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionResponseProperties, self).__init__(**kwargs) + self.workflow_id = kwargs.get('workflow_id', None) + + +class ActionsList(msrest.serialization.Model): + """List all the actions. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of actions. + :vartype next_link: str + :param value: Required. Array of actions. + :type value: list[~azure.mgmt.securityinsight.models.ActionResponse] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[ActionResponse]'}, + } + + def __init__( + self, + **kwargs + ): + super(ActionsList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class AlertRuleKind(msrest.serialization.Model): + """Describes an Azure resource with kind. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + """ + + _validation = { + 'kind': {'required': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertRuleKind, self).__init__(**kwargs) + self.kind = kwargs['kind'] + + +class AlertRule(AlertRuleKind): + """Alert rule. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + """ + + _validation = { + 'kind': {'required': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertRule, self).__init__(**kwargs) + + +class AlertRulesList(msrest.serialization.Model): + """List all the alert rules. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of alert rules. + :vartype next_link: str + :param value: Required. Array of alert rules. + :type value: list[~azure.mgmt.securityinsight.models.AlertRule] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[AlertRule]'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertRulesList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class AlertRuleTemplate(AlertRuleKind): + """Alert rule template. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + """ + + _validation = { + 'kind': {'required': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertRuleTemplate, self).__init__(**kwargs) + + +class AlertRuleTemplateDataSource(msrest.serialization.Model): + """alert rule template data sources. + + :param connector_id: The connector id that provides the following data types. + :type connector_id: str + :param data_types: The data types used by the alert rule template. + :type data_types: list[str] + """ + + _attribute_map = { + 'connector_id': {'key': 'connectorId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertRuleTemplateDataSource, self).__init__(**kwargs) + self.connector_id = kwargs.get('connector_id', None) + self.data_types = kwargs.get('data_types', None) + + +class AlertRuleTemplatePropertiesBase(msrest.serialization.Model): + """Base alert rule template property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + """ + + _validation = { + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'alert_rules_created_by_template_count': {'key': 'alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'status', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertRuleTemplatePropertiesBase, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.created_date_utc = None + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.status = kwargs.get('status', None) + + +class AlertsDataTypeOfDataConnector(msrest.serialization.Model): + """Alerts data type for data connectors. + + :param alerts: Alerts data type connection. + :type alerts: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnectorAlerts + """ + + _attribute_map = { + 'alerts': {'key': 'alerts', 'type': 'AlertsDataTypeOfDataConnectorAlerts'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) + self.alerts = kwargs.get('alerts', None) + + +class DataConnectorDataTypeCommon(msrest.serialization.Model): + """Common field for data type in data connectors. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(DataConnectorDataTypeCommon, self).__init__(**kwargs) + self.state = kwargs.get('state', None) + + +class AlertsDataTypeOfDataConnectorAlerts(DataConnectorDataTypeCommon): + """Alerts data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AlertsDataTypeOfDataConnectorAlerts, self).__init__(**kwargs) + + +class AscDataConnector(DataConnector): + """Represents ASC (Azure Security Center) data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :param subscription_id: The subscription id to connect to, and get the data from. + :type subscription_id: str + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AscDataConnector, self).__init__(**kwargs) + self.data_types = kwargs.get('data_types', None) + self.subscription_id = kwargs.get('subscription_id', None) + + +class AscDataConnectorProperties(DataConnectorWithAlertsProperties): + """ASC (Azure Security Center) data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :param subscription_id: The subscription id to connect to, and get the data from. + :type subscription_id: str + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + 'subscription_id': {'key': 'subscriptionId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AscDataConnectorProperties, self).__init__(**kwargs) + self.subscription_id = kwargs.get('subscription_id', None) + + +class AwsCloudTrailDataConnector(DataConnector): + """Represents Amazon Web Services CloudTrail data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access + the Aws account. + :type aws_role_arn: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AwsCloudTrailDataConnectorDataTypes'}, + } + + def __init__( + self, + **kwargs + ): + super(AwsCloudTrailDataConnector, self).__init__(**kwargs) + self.aws_role_arn = kwargs.get('aws_role_arn', None) + self.data_types = kwargs.get('data_types', None) + + +class AwsCloudTrailDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for Amazon Web Services CloudTrail data connector. + + :param logs: Logs data type. + :type logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs + """ + + _attribute_map = { + 'logs': {'key': 'logs', 'type': 'AwsCloudTrailDataConnectorDataTypesLogs'}, + } + + def __init__( + self, + **kwargs + ): + super(AwsCloudTrailDataConnectorDataTypes, self).__init__(**kwargs) + self.logs = kwargs.get('logs', None) + + +class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(AwsCloudTrailDataConnectorDataTypesLogs, self).__init__(**kwargs) + + +class DataConnectorList(msrest.serialization.Model): + """List all the data connectors. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of data connectors. + :vartype next_link: str + :param value: Required. Array of data connectors. + :type value: list[~azure.mgmt.securityinsight.models.DataConnector] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[DataConnector]'}, + } + + def __init__( + self, + **kwargs + ): + super(DataConnectorList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class DataConnectorTenantId(msrest.serialization.Model): + """Properties data connector on tenant level. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(DataConnectorTenantId, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + + +class FusionAlertRule(AlertRule): + """Represents Fusion alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'kind': {'required': True}, + 'description': {'readonly': True}, + 'display_name': {'readonly': True}, + 'last_modified_utc': {'readonly': True}, + 'severity': {'readonly': True}, + 'tactics': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(FusionAlertRule, self).__init__(**kwargs) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = None + self.display_name = None + self.enabled = kwargs.get('enabled', None) + self.last_modified_utc = None + self.severity = None + self.tactics = None + + +class FusionAlertRuleTemplate(AlertRuleTemplate): + """Represents Fusion alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(FusionAlertRuleTemplate, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.created_date_utc = None + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.status = kwargs.get('status', None) + self.severity = kwargs.get('severity', None) + self.tactics = kwargs.get('tactics', None) + + +class FusionAlertRuleTemplateProperties(AlertRuleTemplatePropertiesBase): + """Fusion alert rule template properties. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param severity: Required. The severity for alerts created by this alert rule. Possible values + include: "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'created_date_utc': {'readonly': True}, + 'severity': {'required': True}, + } + + _attribute_map = { + 'alert_rules_created_by_template_count': {'key': 'alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'status', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(FusionAlertRuleTemplateProperties, self).__init__(**kwargs) + self.severity = kwargs['severity'] + self.tactics = kwargs.get('tactics', None) + + +class IncidentInfo(msrest.serialization.Model): + """Describes related incident information for the bookmark. + + All required parameters must be populated in order to send to Azure. + + :param incident_id: Required. Incident Id. + :type incident_id: str + :param severity: Required. The severity of the incident. Possible values include: "Critical", + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :param title: Required. The title of the incident. + :type title: str + :param relation_name: Required. Relation Name. + :type relation_name: str + """ + + _validation = { + 'incident_id': {'required': True}, + 'severity': {'required': True}, + 'title': {'required': True}, + 'relation_name': {'required': True}, + } + + _attribute_map = { + 'incident_id': {'key': 'incidentId', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'title': {'key': 'title', 'type': 'str'}, + 'relation_name': {'key': 'relationName', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(IncidentInfo, self).__init__(**kwargs) + self.incident_id = kwargs['incident_id'] + self.severity = kwargs['severity'] + self.title = kwargs['title'] + self.relation_name = kwargs['relation_name'] + + +class McasDataConnector(DataConnector): + """Represents MCAS (Microsoft Cloud App Security) data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.McasDataConnectorDataTypes + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'McasDataConnectorDataTypes'}, + } + + def __init__( + self, + **kwargs + ): + super(McasDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + + +class McasDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data connector. + + :param alerts: Alerts data type connection. + :type alerts: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnectorAlerts + :param discovery_logs: Discovery log data type connection. + :type discovery_logs: + ~azure.mgmt.securityinsight.models.McasDataConnectorDataTypesDiscoveryLogs + """ + + _attribute_map = { + 'alerts': {'key': 'alerts', 'type': 'AlertsDataTypeOfDataConnectorAlerts'}, + 'discovery_logs': {'key': 'discoveryLogs', 'type': 'McasDataConnectorDataTypesDiscoveryLogs'}, + } + + def __init__( + self, + **kwargs + ): + super(McasDataConnectorDataTypes, self).__init__(**kwargs) + self.discovery_logs = kwargs.get('discovery_logs', None) + + +class McasDataConnectorDataTypesDiscoveryLogs(DataConnectorDataTypeCommon): + """Discovery log data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(McasDataConnectorDataTypesDiscoveryLogs, self).__init__(**kwargs) + + +class McasDataConnectorProperties(DataConnectorTenantId): + """MCAS (Microsoft Cloud App Security) data connector properties. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.McasDataConnectorDataTypes + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': 'McasDataConnectorDataTypes'}, + } + + def __init__( + self, + **kwargs + ): + super(McasDataConnectorProperties, self).__init__(**kwargs) + self.data_types = kwargs.get('data_types', None) + + +class MdatpDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + **kwargs + ): + super(MdatpDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + + +class MdatpDataConnectorProperties(DataConnectorWithAlertsProperties): + """MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + **kwargs + ): + super(MdatpDataConnectorProperties, self).__init__(**kwargs) + + +class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): + """Represents MicrosoftSecurityIncidentCreation rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param product_filter: The alerts' productName on which the cases will be generated. Possible + values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". + :type product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + 'kind': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + } + + def __init__( + self, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRule, self).__init__(**kwargs) + self.display_names_filter = kwargs.get('display_names_filter', None) + self.product_filter = kwargs.get('product_filter', None) + self.severities_filter = kwargs.get('severities_filter', None) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.enabled = kwargs.get('enabled', None) + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(msrest.serialization.Model): + """MicrosoftSecurityIncidentCreation rule common property bag. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param product_filter: Required. The alerts' productName on which the cases will be generated. + Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT". + :type product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + 'product_filter': {'required': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties, self).__init__(**kwargs) + self.display_names_filter = kwargs.get('display_names_filter', None) + self.product_filter = kwargs['product_filter'] + self.severities_filter = kwargs.get('severities_filter', None) + + +class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): + """MicrosoftSecurityIncidentCreation rule property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param product_filter: Required. The alerts' productName on which the cases will be generated. + Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT". + :type product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + 'product_filter': {'required': True}, + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + 'alert_rule_template_name': {'key': 'alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'lastModifiedUtc', 'type': 'iso-8601'}, + } + + def __init__( + self, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleProperties, self).__init__(**kwargs) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = kwargs.get('description', None) + self.display_name = kwargs['display_name'] + self.enabled = kwargs['enabled'] + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplate(AlertRuleTemplate): + """Represents MicrosoftSecurityIncidentCreation rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param product_filter: The alerts' productName on which the cases will be generated. Possible + values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". + :type product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleTemplate, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.created_date_utc = None + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.status = kwargs.get('status', None) + self.display_names_filter = kwargs.get('display_names_filter', None) + self.product_filter = kwargs.get('product_filter', None) + self.severities_filter = kwargs.get('severities_filter', None) + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): + """MicrosoftSecurityIncidentCreation rule template properties. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param product_filter: Required. The alerts' productName on which the cases will be generated. + Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT". + :type product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + 'product_filter': {'required': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties, self).__init__(**kwargs) + + +class OfficeConsent(Resource): + """Consent for Office365 tenant that already made. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param tenant_id: The tenantId of the Office365 with the consent. + :type tenant_id: str + :ivar tenant_name: The tenant name of the Office365 with the consent. + :vartype tenant_name: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'tenant_name': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'tenant_name': {'key': 'properties.tenantName', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeConsent, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.tenant_name = None + + +class OfficeConsentList(msrest.serialization.Model): + """List of all the office365 consents. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of office consents. + :vartype next_link: str + :param value: Required. Array of the consents. + :type value: list[~azure.mgmt.securityinsight.models.OfficeConsent] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[OfficeConsent]'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeConsentList, self).__init__(**kwargs) + self.next_link = None + self.value = kwargs['value'] + + +class OfficeDataConnector(DataConnector): + """Represents office data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + + +class OfficeDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for office data connector. + + :param exchange: Exchange data type connection. + :type exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :param share_point: SharePoint data type connection. + :type share_point: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + """ + + _attribute_map = { + 'exchange': {'key': 'exchange', 'type': 'OfficeDataConnectorDataTypesExchange'}, + 'share_point': {'key': 'sharePoint', 'type': 'OfficeDataConnectorDataTypesSharePoint'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnectorDataTypes, self).__init__(**kwargs) + self.exchange = kwargs.get('exchange', None) + self.share_point = kwargs.get('share_point', None) + + +class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): + """Exchange data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnectorDataTypesExchange, self).__init__(**kwargs) + + +class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): + """SharePoint data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnectorDataTypesSharePoint, self).__init__(**kwargs) + + +class OfficeDataConnectorProperties(DataConnectorTenantId): + """Office data connector properties. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnectorProperties, self).__init__(**kwargs) + self.data_types = kwargs.get('data_types', None) + + +class Operation(msrest.serialization.Model): + """Operation provided by provider. + + :param display: Properties of the operation. + :type display: ~azure.mgmt.securityinsight.models.OperationDisplay + :param name: Name of the operation. + :type name: str + """ + + _attribute_map = { + 'display': {'key': 'display', 'type': 'OperationDisplay'}, + 'name': {'key': 'name', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(Operation, self).__init__(**kwargs) + self.display = kwargs.get('display', None) + self.name = kwargs.get('name', None) + + +class OperationDisplay(msrest.serialization.Model): + """Properties of the operation. + + :param description: Description of the operation. + :type description: str + :param operation: Operation name. + :type operation: str + :param provider: Provider name. + :type provider: str + :param resource: Resource name. + :type resource: str + """ + + _attribute_map = { + 'description': {'key': 'description', 'type': 'str'}, + 'operation': {'key': 'operation', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'resource': {'key': 'resource', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OperationDisplay, self).__init__(**kwargs) + self.description = kwargs.get('description', None) + self.operation = kwargs.get('operation', None) + self.provider = kwargs.get('provider', None) + self.resource = kwargs.get('resource', None) + + +class OperationsList(msrest.serialization.Model): + """Lists the operations available in the SecurityInsights RP. + + All required parameters must be populated in order to send to Azure. + + :param next_link: URL to fetch the next set of operations. + :type next_link: str + :param value: Required. Array of operations. + :type value: list[~azure.mgmt.securityinsight.models.Operation] + """ + + _validation = { + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[Operation]'}, + } + + def __init__( + self, + **kwargs + ): + super(OperationsList, self).__init__(**kwargs) + self.next_link = kwargs.get('next_link', None) + self.value = kwargs['value'] + + +class ScheduledAlertRule(AlertRule): + """Represents scheduled alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :param suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :type suppression_duration: ~datetime.timedelta + :param suppression_enabled: Determines whether the suppression for this alert rule is enabled + or disabled. + :type suppression_enabled: bool + :param tactics: The tactics of the alert rule. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'kind': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'suppression_duration': {'key': 'properties.suppressionDuration', 'type': 'duration'}, + 'suppression_enabled': {'key': 'properties.suppressionEnabled', 'type': 'bool'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(ScheduledAlertRule, self).__init__(**kwargs) + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.severity = kwargs.get('severity', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.enabled = kwargs.get('enabled', None) + self.last_modified_utc = None + self.suppression_duration = kwargs.get('suppression_duration', None) + self.suppression_enabled = kwargs.get('suppression_enabled', None) + self.tactics = kwargs.get('tactics', None) + + +class ScheduledAlertRuleCommonProperties(msrest.serialization.Model): + """Schedule alert rule template property bag. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + """ + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + } + + def __init__( + self, + **kwargs + ): + super(ScheduledAlertRuleCommonProperties, self).__init__(**kwargs) + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.severity = kwargs.get('severity', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) + + +class ScheduledAlertRuleProperties(ScheduledAlertRuleCommonProperties): + """Scheduled alert rule base property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :param suppression_duration: Required. The suppression (in ISO 8601 duration format) to wait + since last time this alert rule been triggered. + :type suppression_duration: ~datetime.timedelta + :param suppression_enabled: Required. Determines whether the suppression for this alert rule is + enabled or disabled. + :type suppression_enabled: bool + :param tactics: The tactics of the alert rule. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + 'suppression_duration': {'required': True}, + 'suppression_enabled': {'required': True}, + } + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + 'alert_rule_template_name': {'key': 'alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'lastModifiedUtc', 'type': 'iso-8601'}, + 'suppression_duration': {'key': 'suppressionDuration', 'type': 'duration'}, + 'suppression_enabled': {'key': 'suppressionEnabled', 'type': 'bool'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(ScheduledAlertRuleProperties, self).__init__(**kwargs) + self.alert_rule_template_name = kwargs.get('alert_rule_template_name', None) + self.description = kwargs.get('description', None) + self.display_name = kwargs['display_name'] + self.enabled = kwargs['enabled'] + self.last_modified_utc = None + self.suppression_duration = kwargs['suppression_duration'] + self.suppression_enabled = kwargs['suppression_enabled'] + self.tactics = kwargs.get('tactics', None) + + +class ScheduledAlertRuleTemplate(AlertRuleTemplate): + """Represents scheduled alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(ScheduledAlertRuleTemplate, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.created_date_utc = None + self.description = kwargs.get('description', None) + self.display_name = kwargs.get('display_name', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.status = kwargs.get('status', None) + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.severity = kwargs.get('severity', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) + self.tactics = kwargs.get('tactics', None) + + +class ScheduledAlertRuleTemplateProperties(ScheduledAlertRuleCommonProperties): + """Scheduled alert rule template properties. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__( + self, + **kwargs + ): + super(ScheduledAlertRuleTemplateProperties, self).__init__(**kwargs) + self.tactics = kwargs.get('tactics', None) + + +class SettingsKind(msrest.serialization.Model): + """Describes an Azure resource with kind. + + :param kind: The kind of the setting. Possible values include: "UebaSettings", + "ToggleSettings". + :type kind: str or ~azure.mgmt.securityinsight.models.SettingKind + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(SettingsKind, self).__init__(**kwargs) + self.kind = kwargs.get('kind', None) + + +class Settings(SettingsKind): + """The Setting. + + :param kind: The kind of the setting. Possible values include: "UebaSettings", + "ToggleSettings". + :type kind: str or ~azure.mgmt.securityinsight.models.SettingKind + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(Settings, self).__init__(**kwargs) + + +class ThreatIntelligence(msrest.serialization.Model): + """ThreatIntelligence property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar confidence: Confidence (must be between 0 and 1). + :vartype confidence: float + :ivar provider_name: Name of the provider from whom this Threat Intelligence information was + received. + :vartype provider_name: str + :ivar report_link: Report link. + :vartype report_link: str + :ivar threat_description: Threat description (free text). + :vartype threat_description: str + :ivar threat_name: Threat name (e.g. "Jedobot malware"). + :vartype threat_name: str + :ivar threat_type: Threat type (e.g. "Botnet"). + :vartype threat_type: str + """ + + _validation = { + 'confidence': {'readonly': True}, + 'provider_name': {'readonly': True}, + 'report_link': {'readonly': True}, + 'threat_description': {'readonly': True}, + 'threat_name': {'readonly': True}, + 'threat_type': {'readonly': True}, + } + + _attribute_map = { + 'confidence': {'key': 'confidence', 'type': 'float'}, + 'provider_name': {'key': 'providerName', 'type': 'str'}, + 'report_link': {'key': 'reportLink', 'type': 'str'}, + 'threat_description': {'key': 'threatDescription', 'type': 'str'}, + 'threat_name': {'key': 'threatName', 'type': 'str'}, + 'threat_type': {'key': 'threatType', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ThreatIntelligence, self).__init__(**kwargs) + self.confidence = None + self.provider_name = None + self.report_link = None + self.threat_description = None + self.threat_name = None + self.threat_type = None + + +class TiDataConnector(DataConnector): + """Represents threat intelligence data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.TiDataConnectorDataTypes + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'TiDataConnectorDataTypes'}, + } + + def __init__( + self, + **kwargs + ): + super(TiDataConnector, self).__init__(**kwargs) + self.tenant_id = kwargs.get('tenant_id', None) + self.data_types = kwargs.get('data_types', None) + + +class TiDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for TI (Threat Intelligence) data connector. + + :param indicators: Data type for indicators connection. + :type indicators: ~azure.mgmt.securityinsight.models.TiDataConnectorDataTypesIndicators + """ + + _attribute_map = { + 'indicators': {'key': 'indicators', 'type': 'TiDataConnectorDataTypesIndicators'}, + } + + def __init__( + self, + **kwargs + ): + super(TiDataConnectorDataTypes, self).__init__(**kwargs) + self.indicators = kwargs.get('indicators', None) + + +class TiDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + """Data type for indicators connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(TiDataConnectorDataTypesIndicators, self).__init__(**kwargs) + + +class TiDataConnectorProperties(DataConnectorTenantId): + """TI (Threat Intelligence) data connector properties. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.TiDataConnectorDataTypes + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': 'TiDataConnectorDataTypes'}, + } + + def __init__( + self, + **kwargs + ): + super(TiDataConnectorProperties, self).__init__(**kwargs) + self.data_types = kwargs.get('data_types', None) + + +class ToggleSettings(Settings): + """Settings with single toggle. + + :param kind: The kind of the setting. Possible values include: "UebaSettings", + "ToggleSettings". + :type kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :param is_enabled: Determines whether the setting is enable or disabled. + :type is_enabled: bool + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + } + + def __init__( + self, + **kwargs + ): + super(ToggleSettings, self).__init__(**kwargs) + self.is_enabled = kwargs.get('is_enabled', None) + + +class UebaSettings(Settings): + """Represents settings for User and Entity Behavior Analytics enablement. + + Variables are only populated by the server, and will be ignored when sending a request. + + :param kind: The kind of the setting. Possible values include: "UebaSettings", + "ToggleSettings". + :type kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar atp_license_status: Determines whether the tenant has ATP (Advanced Threat Protection) + license. Possible values include: "Enabled", "Disabled". + :vartype atp_license_status: str or ~azure.mgmt.securityinsight.models.LicenseStatus + :param is_enabled: Determines whether User and Entity Behavior Analytics is enabled for this + workspace. + :type is_enabled: bool + :ivar status_in_mcas: Determines whether User and Entity Behavior Analytics is enabled from + MCAS (Microsoft Cloud App Security). Possible values include: "Enabled", "Disabled". + :vartype status_in_mcas: str or ~azure.mgmt.securityinsight.models.StatusInMcas + """ + + _validation = { + 'atp_license_status': {'readonly': True}, + 'status_in_mcas': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'atp_license_status': {'key': 'properties.atpLicenseStatus', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + 'status_in_mcas': {'key': 'properties.statusInMcas', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(UebaSettings, self).__init__(**kwargs) + self.atp_license_status = None + self.is_enabled = kwargs.get('is_enabled', None) + self.status_in_mcas = None + + +class UserInfo(msrest.serialization.Model): + """User information that made some action. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str + :param object_id: Required. The object id of the user. + :type object_id: str + """ + + _validation = { + 'email': {'readonly': True}, + 'name': {'readonly': True}, + 'object_id': {'required': True}, + } + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(UserInfo, self).__init__(**kwargs) + self.email = None + self.name = None + self.object_id = kwargs['object_id'] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py new file mode 100644 index 00000000000..3b59f51509b --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py @@ -0,0 +1,2623 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +import datetime +from typing import List, Optional, Union + +import msrest.serialization + + +class DataConnectorKind(msrest.serialization.Model): + """Describes an Azure resource with kind. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "DataConnectorKindEnum"]] = None, + **kwargs + ): + super(DataConnectorKind, self).__init__(**kwargs) + self.kind = kind + + +class DataConnector(DataConnectorKind): + """Data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "DataConnectorKindEnum"]] = None, + **kwargs + ): + super(DataConnector, self).__init__(kind=kind, **kwargs) + + +class AadDataConnector(DataConnector): + """Represents AAD (Azure Active Directory) data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "DataConnectorKindEnum"]] = None, + tenant_id: Optional[str] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + **kwargs + ): + super(AadDataConnector, self).__init__(kind=kind, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + + +class DataConnectorWithAlertsProperties(msrest.serialization.Model): + """Data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + *, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + **kwargs + ): + super(DataConnectorWithAlertsProperties, self).__init__(**kwargs) + self.data_types = data_types + + +class AadDataConnectorProperties(DataConnectorWithAlertsProperties): + """AAD (Azure Active Directory) data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + *, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + **kwargs + ): + super(AadDataConnectorProperties, self).__init__(data_types=data_types, **kwargs) + + +class AatpDataConnector(DataConnector): + """Represents AATP (Azure Advanced Threat Protection) data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "DataConnectorKindEnum"]] = None, + tenant_id: Optional[str] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + **kwargs + ): + super(AatpDataConnector, self).__init__(kind=kind, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + + +class AatpDataConnectorProperties(DataConnectorWithAlertsProperties): + """AATP (Azure Advanced Threat Protection) data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + *, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + **kwargs + ): + super(AatpDataConnectorProperties, self).__init__(data_types=data_types, **kwargs) + + +class ActionPropertiesBase(msrest.serialization.Model): + """Action property bag base. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + } + + def __init__( + self, + *, + logic_app_resource_id: str, + **kwargs + ): + super(ActionPropertiesBase, self).__init__(**kwargs) + self.logic_app_resource_id = logic_app_resource_id + + +class ResourceWithEtag(msrest.serialization.Model): + """An azure resource object with an Etag property. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + **kwargs + ): + super(ResourceWithEtag, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + self.etag = etag + + +class ActionRequest(ResourceWithEtag): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the azure resource. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'trigger_uri': {'key': 'properties.triggerUri', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + logic_app_resource_id: Optional[str] = None, + trigger_uri: Optional[str] = None, + **kwargs + ): + super(ActionRequest, self).__init__(etag=etag, **kwargs) + self.logic_app_resource_id = logic_app_resource_id + self.trigger_uri = trigger_uri + + +class ActionRequestProperties(ActionPropertiesBase): + """Action property bag. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + 'trigger_uri': {'key': 'triggerUri', 'type': 'str'}, + } + + def __init__( + self, + *, + logic_app_resource_id: str, + trigger_uri: Optional[str] = None, + **kwargs + ): + super(ActionRequestProperties, self).__init__(logic_app_resource_id=logic_app_resource_id, **kwargs) + self.trigger_uri = trigger_uri + + +class Resource(msrest.serialization.Model): + """An azure resource object. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(Resource, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + + +class ActionResponse(Resource): + """Action for alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param etag: Etag of the action. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + :param workflow_id: The name of the logic app's workflow. + :type workflow_id: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, + 'workflow_id': {'key': 'properties.workflowId', 'type': 'str'}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + logic_app_resource_id: Optional[str] = None, + workflow_id: Optional[str] = None, + **kwargs + ): + super(ActionResponse, self).__init__(**kwargs) + self.etag = etag + self.logic_app_resource_id = logic_app_resource_id + self.workflow_id = workflow_id + + +class ActionResponseProperties(ActionPropertiesBase): + """Action property bag. + + All required parameters must be populated in order to send to Azure. + + :param logic_app_resource_id: Required. Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + :param workflow_id: The name of the logic app's workflow. + :type workflow_id: str + """ + + _validation = { + 'logic_app_resource_id': {'required': True}, + } + + _attribute_map = { + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + 'workflow_id': {'key': 'workflowId', 'type': 'str'}, + } + + def __init__( + self, + *, + logic_app_resource_id: str, + workflow_id: Optional[str] = None, + **kwargs + ): + super(ActionResponseProperties, self).__init__(logic_app_resource_id=logic_app_resource_id, **kwargs) + self.workflow_id = workflow_id + + +class ActionsList(msrest.serialization.Model): + """List all the actions. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of actions. + :vartype next_link: str + :param value: Required. Array of actions. + :type value: list[~azure.mgmt.securityinsight.models.ActionResponse] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[ActionResponse]'}, + } + + def __init__( + self, + *, + value: List["ActionResponse"], + **kwargs + ): + super(ActionsList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class AlertRuleKind(msrest.serialization.Model): + """Describes an Azure resource with kind. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + """ + + _validation = { + 'kind': {'required': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + *, + kind: Union[str, "AlertRuleKindEnum"], + **kwargs + ): + super(AlertRuleKind, self).__init__(**kwargs) + self.kind = kind + + +class AlertRule(AlertRuleKind): + """Alert rule. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + """ + + _validation = { + 'kind': {'required': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + *, + kind: Union[str, "AlertRuleKindEnum"], + **kwargs + ): + super(AlertRule, self).__init__(kind=kind, **kwargs) + + +class AlertRulesList(msrest.serialization.Model): + """List all the alert rules. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of alert rules. + :vartype next_link: str + :param value: Required. Array of alert rules. + :type value: list[~azure.mgmt.securityinsight.models.AlertRule] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[AlertRule]'}, + } + + def __init__( + self, + *, + value: List["AlertRule"], + **kwargs + ): + super(AlertRulesList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class AlertRuleTemplate(AlertRuleKind): + """Alert rule template. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + """ + + _validation = { + 'kind': {'required': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + *, + kind: Union[str, "AlertRuleKindEnum"], + **kwargs + ): + super(AlertRuleTemplate, self).__init__(kind=kind, **kwargs) + + +class AlertRuleTemplateDataSource(msrest.serialization.Model): + """alert rule template data sources. + + :param connector_id: The connector id that provides the following data types. + :type connector_id: str + :param data_types: The data types used by the alert rule template. + :type data_types: list[str] + """ + + _attribute_map = { + 'connector_id': {'key': 'connectorId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': '[str]'}, + } + + def __init__( + self, + *, + connector_id: Optional[str] = None, + data_types: Optional[List[str]] = None, + **kwargs + ): + super(AlertRuleTemplateDataSource, self).__init__(**kwargs) + self.connector_id = connector_id + self.data_types = data_types + + +class AlertRuleTemplatePropertiesBase(msrest.serialization.Model): + """Base alert rule template property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + """ + + _validation = { + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'alert_rules_created_by_template_count': {'key': 'alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'status', 'type': 'str'}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "TemplateStatus"]] = None, + **kwargs + ): + super(AlertRuleTemplatePropertiesBase, self).__init__(**kwargs) + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + + +class AlertsDataTypeOfDataConnector(msrest.serialization.Model): + """Alerts data type for data connectors. + + :param alerts: Alerts data type connection. + :type alerts: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnectorAlerts + """ + + _attribute_map = { + 'alerts': {'key': 'alerts', 'type': 'AlertsDataTypeOfDataConnectorAlerts'}, + } + + def __init__( + self, + *, + alerts: Optional["AlertsDataTypeOfDataConnectorAlerts"] = None, + **kwargs + ): + super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) + self.alerts = alerts + + +class DataConnectorDataTypeCommon(msrest.serialization.Model): + """Common field for data type in data connectors. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(DataConnectorDataTypeCommon, self).__init__(**kwargs) + self.state = state + + +class AlertsDataTypeOfDataConnectorAlerts(DataConnectorDataTypeCommon): + """Alerts data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(AlertsDataTypeOfDataConnectorAlerts, self).__init__(state=state, **kwargs) + + +class AscDataConnector(DataConnector): + """Represents ASC (Azure Security Center) data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :param subscription_id: The subscription id to connect to, and get the data from. + :type subscription_id: str + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "DataConnectorKindEnum"]] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs + ): + super(AscDataConnector, self).__init__(kind=kind, **kwargs) + self.data_types = data_types + self.subscription_id = subscription_id + + +class AscDataConnectorProperties(DataConnectorWithAlertsProperties): + """ASC (Azure Security Center) data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :param subscription_id: The subscription id to connect to, and get the data from. + :type subscription_id: str + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + 'subscription_id': {'key': 'subscriptionId', 'type': 'str'}, + } + + def __init__( + self, + *, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs + ): + super(AscDataConnectorProperties, self).__init__(data_types=data_types, **kwargs) + self.subscription_id = subscription_id + + +class AwsCloudTrailDataConnector(DataConnector): + """Represents Amazon Web Services CloudTrail data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access + the Aws account. + :type aws_role_arn: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AwsCloudTrailDataConnectorDataTypes'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "DataConnectorKindEnum"]] = None, + aws_role_arn: Optional[str] = None, + data_types: Optional["AwsCloudTrailDataConnectorDataTypes"] = None, + **kwargs + ): + super(AwsCloudTrailDataConnector, self).__init__(kind=kind, **kwargs) + self.aws_role_arn = aws_role_arn + self.data_types = data_types + + +class AwsCloudTrailDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for Amazon Web Services CloudTrail data connector. + + :param logs: Logs data type. + :type logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs + """ + + _attribute_map = { + 'logs': {'key': 'logs', 'type': 'AwsCloudTrailDataConnectorDataTypesLogs'}, + } + + def __init__( + self, + *, + logs: Optional["AwsCloudTrailDataConnectorDataTypesLogs"] = None, + **kwargs + ): + super(AwsCloudTrailDataConnectorDataTypes, self).__init__(**kwargs) + self.logs = logs + + +class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(AwsCloudTrailDataConnectorDataTypesLogs, self).__init__(state=state, **kwargs) + + +class DataConnectorList(msrest.serialization.Model): + """List all the data connectors. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of data connectors. + :vartype next_link: str + :param value: Required. Array of data connectors. + :type value: list[~azure.mgmt.securityinsight.models.DataConnector] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[DataConnector]'}, + } + + def __init__( + self, + *, + value: List["DataConnector"], + **kwargs + ): + super(DataConnectorList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class DataConnectorTenantId(msrest.serialization.Model): + """Properties data connector on tenant level. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + } + + def __init__( + self, + *, + tenant_id: Optional[str] = None, + **kwargs + ): + super(DataConnectorTenantId, self).__init__(**kwargs) + self.tenant_id = tenant_id + + +class FusionAlertRule(AlertRule): + """Represents Fusion alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'kind': {'required': True}, + 'description': {'readonly': True}, + 'display_name': {'readonly': True}, + 'last_modified_utc': {'readonly': True}, + 'severity': {'readonly': True}, + 'tactics': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + kind: Union[str, "AlertRuleKindEnum"], + alert_rule_template_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs + ): + super(FusionAlertRule, self).__init__(kind=kind, **kwargs) + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.last_modified_utc = None + self.severity = None + self.tactics = None + + +class FusionAlertRuleTemplate(AlertRuleTemplate): + """Represents Fusion alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + kind: Union[str, "AlertRuleKindEnum"], + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "TemplateStatus"]] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + tactics: Optional[List[Union[str, "AttackTactic"]]] = None, + **kwargs + ): + super(FusionAlertRuleTemplate, self).__init__(kind=kind, **kwargs) + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.severity = severity + self.tactics = tactics + + +class FusionAlertRuleTemplateProperties(AlertRuleTemplatePropertiesBase): + """Fusion alert rule template properties. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param severity: Required. The severity for alerts created by this alert rule. Possible values + include: "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'created_date_utc': {'readonly': True}, + 'severity': {'required': True}, + } + + _attribute_map = { + 'alert_rules_created_by_template_count': {'key': 'alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'status', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + severity: Union[str, "AlertSeverity"], + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "AttackTactic"]]] = None, + **kwargs + ): + super(FusionAlertRuleTemplateProperties, self).__init__(alert_rules_created_by_template_count=alert_rules_created_by_template_count, description=description, display_name=display_name, required_data_connectors=required_data_connectors, status=status, **kwargs) + self.severity = severity + self.tactics = tactics + + +class IncidentInfo(msrest.serialization.Model): + """Describes related incident information for the bookmark. + + All required parameters must be populated in order to send to Azure. + + :param incident_id: Required. Incident Id. + :type incident_id: str + :param severity: Required. The severity of the incident. Possible values include: "Critical", + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :param title: Required. The title of the incident. + :type title: str + :param relation_name: Required. Relation Name. + :type relation_name: str + """ + + _validation = { + 'incident_id': {'required': True}, + 'severity': {'required': True}, + 'title': {'required': True}, + 'relation_name': {'required': True}, + } + + _attribute_map = { + 'incident_id': {'key': 'incidentId', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'title': {'key': 'title', 'type': 'str'}, + 'relation_name': {'key': 'relationName', 'type': 'str'}, + } + + def __init__( + self, + *, + incident_id: str, + severity: Union[str, "IncidentSeverity"], + title: str, + relation_name: str, + **kwargs + ): + super(IncidentInfo, self).__init__(**kwargs) + self.incident_id = incident_id + self.severity = severity + self.title = title + self.relation_name = relation_name + + +class McasDataConnector(DataConnector): + """Represents MCAS (Microsoft Cloud App Security) data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.McasDataConnectorDataTypes + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'McasDataConnectorDataTypes'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "DataConnectorKindEnum"]] = None, + tenant_id: Optional[str] = None, + data_types: Optional["McasDataConnectorDataTypes"] = None, + **kwargs + ): + super(McasDataConnector, self).__init__(kind=kind, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + + +class McasDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data connector. + + :param alerts: Alerts data type connection. + :type alerts: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnectorAlerts + :param discovery_logs: Discovery log data type connection. + :type discovery_logs: + ~azure.mgmt.securityinsight.models.McasDataConnectorDataTypesDiscoveryLogs + """ + + _attribute_map = { + 'alerts': {'key': 'alerts', 'type': 'AlertsDataTypeOfDataConnectorAlerts'}, + 'discovery_logs': {'key': 'discoveryLogs', 'type': 'McasDataConnectorDataTypesDiscoveryLogs'}, + } + + def __init__( + self, + *, + alerts: Optional["AlertsDataTypeOfDataConnectorAlerts"] = None, + discovery_logs: Optional["McasDataConnectorDataTypesDiscoveryLogs"] = None, + **kwargs + ): + super(McasDataConnectorDataTypes, self).__init__(alerts=alerts, **kwargs) + self.discovery_logs = discovery_logs + + +class McasDataConnectorDataTypesDiscoveryLogs(DataConnectorDataTypeCommon): + """Discovery log data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(McasDataConnectorDataTypesDiscoveryLogs, self).__init__(state=state, **kwargs) + + +class McasDataConnectorProperties(DataConnectorTenantId): + """MCAS (Microsoft Cloud App Security) data connector properties. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.McasDataConnectorDataTypes + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': 'McasDataConnectorDataTypes'}, + } + + def __init__( + self, + *, + tenant_id: Optional[str] = None, + data_types: Optional["McasDataConnectorDataTypes"] = None, + **kwargs + ): + super(McasDataConnectorProperties, self).__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class MdatpDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "DataConnectorKindEnum"]] = None, + tenant_id: Optional[str] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + **kwargs + ): + super(MdatpDataConnector, self).__init__(kind=kind, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + + +class MdatpDataConnectorProperties(DataConnectorWithAlertsProperties): + """MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + } + + def __init__( + self, + *, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, + **kwargs + ): + super(MdatpDataConnectorProperties, self).__init__(data_types=data_types, **kwargs) + + +class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): + """Represents MicrosoftSecurityIncidentCreation rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param product_filter: The alerts' productName on which the cases will be generated. Possible + values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". + :type product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + 'kind': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + } + + def __init__( + self, + *, + kind: Union[str, "AlertRuleKindEnum"], + display_names_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRule, self).__init__(kind=kind, **kwargs) + self.display_names_filter = display_names_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(msrest.serialization.Model): + """MicrosoftSecurityIncidentCreation rule common property bag. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param product_filter: Required. The alerts' productName on which the cases will be generated. + Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT". + :type product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + 'product_filter': {'required': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + } + + def __init__( + self, + *, + product_filter: Union[str, "MicrosoftSecurityProductName"], + display_names_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "AlertSeverity"]]] = None, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties, self).__init__(**kwargs) + self.display_names_filter = display_names_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): + """MicrosoftSecurityIncidentCreation rule property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param product_filter: Required. The alerts' productName on which the cases will be generated. + Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT". + :type product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + 'product_filter': {'required': True}, + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + 'alert_rule_template_name': {'key': 'alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'lastModifiedUtc', 'type': 'iso-8601'}, + } + + def __init__( + self, + *, + product_filter: Union[str, "MicrosoftSecurityProductName"], + display_name: str, + enabled: bool, + display_names_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleProperties, self).__init__(display_names_filter=display_names_filter, product_filter=product_filter, severities_filter=severities_filter, **kwargs) + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplate(AlertRuleTemplate): + """Represents MicrosoftSecurityIncidentCreation rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param product_filter: The alerts' productName on which the cases will be generated. Possible + values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". + :type product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, + 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + } + + def __init__( + self, + *, + kind: Union[str, "AlertRuleKindEnum"], + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "TemplateStatus"]] = None, + display_names_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "AlertSeverity"]]] = None, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleTemplate, self).__init__(kind=kind, **kwargs) + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.display_names_filter = display_names_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): + """MicrosoftSecurityIncidentCreation rule template properties. + + All required parameters must be populated in order to send to Azure. + + :param display_names_filter: the alerts' displayNames on which the cases will be generated. + :type display_names_filter: list[str] + :param product_filter: Required. The alerts' productName on which the cases will be generated. + Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT". + :type product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :param severities_filter: the alerts' severities on which the cases will be generated. + :type severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + 'product_filter': {'required': True}, + } + + _attribute_map = { + 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, + 'product_filter': {'key': 'productFilter', 'type': 'str'}, + 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + } + + def __init__( + self, + *, + product_filter: Union[str, "MicrosoftSecurityProductName"], + display_names_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "AlertSeverity"]]] = None, + **kwargs + ): + super(MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties, self).__init__(display_names_filter=display_names_filter, product_filter=product_filter, severities_filter=severities_filter, **kwargs) + + +class OfficeConsent(Resource): + """Consent for Office365 tenant that already made. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Azure resource Id. + :vartype id: str + :ivar name: Azure resource name. + :vartype name: str + :ivar type: Azure resource type. + :vartype type: str + :param tenant_id: The tenantId of the Office365 with the consent. + :type tenant_id: str + :ivar tenant_name: The tenant name of the Office365 with the consent. + :vartype tenant_name: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'tenant_name': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'tenant_name': {'key': 'properties.tenantName', 'type': 'str'}, + } + + def __init__( + self, + *, + tenant_id: Optional[str] = None, + **kwargs + ): + super(OfficeConsent, self).__init__(**kwargs) + self.tenant_id = tenant_id + self.tenant_name = None + + +class OfficeConsentList(msrest.serialization.Model): + """List of all the office365 consents. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of office consents. + :vartype next_link: str + :param value: Required. Array of the consents. + :type value: list[~azure.mgmt.securityinsight.models.OfficeConsent] + """ + + _validation = { + 'next_link': {'readonly': True}, + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[OfficeConsent]'}, + } + + def __init__( + self, + *, + value: List["OfficeConsent"], + **kwargs + ): + super(OfficeConsentList, self).__init__(**kwargs) + self.next_link = None + self.value = value + + +class OfficeDataConnector(DataConnector): + """Represents office data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "DataConnectorKindEnum"]] = None, + tenant_id: Optional[str] = None, + data_types: Optional["OfficeDataConnectorDataTypes"] = None, + **kwargs + ): + super(OfficeDataConnector, self).__init__(kind=kind, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + + +class OfficeDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for office data connector. + + :param exchange: Exchange data type connection. + :type exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :param share_point: SharePoint data type connection. + :type share_point: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + """ + + _attribute_map = { + 'exchange': {'key': 'exchange', 'type': 'OfficeDataConnectorDataTypesExchange'}, + 'share_point': {'key': 'sharePoint', 'type': 'OfficeDataConnectorDataTypesSharePoint'}, + } + + def __init__( + self, + *, + exchange: Optional["OfficeDataConnectorDataTypesExchange"] = None, + share_point: Optional["OfficeDataConnectorDataTypesSharePoint"] = None, + **kwargs + ): + super(OfficeDataConnectorDataTypes, self).__init__(**kwargs) + self.exchange = exchange + self.share_point = share_point + + +class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): + """Exchange data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(OfficeDataConnectorDataTypesExchange, self).__init__(state=state, **kwargs) + + +class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): + """SharePoint data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(OfficeDataConnectorDataTypesSharePoint, self).__init__(state=state, **kwargs) + + +class OfficeDataConnectorProperties(DataConnectorTenantId): + """Office data connector properties. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, + } + + def __init__( + self, + *, + tenant_id: Optional[str] = None, + data_types: Optional["OfficeDataConnectorDataTypes"] = None, + **kwargs + ): + super(OfficeDataConnectorProperties, self).__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class Operation(msrest.serialization.Model): + """Operation provided by provider. + + :param display: Properties of the operation. + :type display: ~azure.mgmt.securityinsight.models.OperationDisplay + :param name: Name of the operation. + :type name: str + """ + + _attribute_map = { + 'display': {'key': 'display', 'type': 'OperationDisplay'}, + 'name': {'key': 'name', 'type': 'str'}, + } + + def __init__( + self, + *, + display: Optional["OperationDisplay"] = None, + name: Optional[str] = None, + **kwargs + ): + super(Operation, self).__init__(**kwargs) + self.display = display + self.name = name + + +class OperationDisplay(msrest.serialization.Model): + """Properties of the operation. + + :param description: Description of the operation. + :type description: str + :param operation: Operation name. + :type operation: str + :param provider: Provider name. + :type provider: str + :param resource: Resource name. + :type resource: str + """ + + _attribute_map = { + 'description': {'key': 'description', 'type': 'str'}, + 'operation': {'key': 'operation', 'type': 'str'}, + 'provider': {'key': 'provider', 'type': 'str'}, + 'resource': {'key': 'resource', 'type': 'str'}, + } + + def __init__( + self, + *, + description: Optional[str] = None, + operation: Optional[str] = None, + provider: Optional[str] = None, + resource: Optional[str] = None, + **kwargs + ): + super(OperationDisplay, self).__init__(**kwargs) + self.description = description + self.operation = operation + self.provider = provider + self.resource = resource + + +class OperationsList(msrest.serialization.Model): + """Lists the operations available in the SecurityInsights RP. + + All required parameters must be populated in order to send to Azure. + + :param next_link: URL to fetch the next set of operations. + :type next_link: str + :param value: Required. Array of operations. + :type value: list[~azure.mgmt.securityinsight.models.Operation] + """ + + _validation = { + 'value': {'required': True}, + } + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'value': {'key': 'value', 'type': '[Operation]'}, + } + + def __init__( + self, + *, + value: List["Operation"], + next_link: Optional[str] = None, + **kwargs + ): + super(OperationsList, self).__init__(**kwargs) + self.next_link = next_link + self.value = value + + +class ScheduledAlertRule(AlertRule): + """Represents scheduled alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :param suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :type suppression_duration: ~datetime.timedelta + :param suppression_enabled: Determines whether the suppression for this alert rule is enabled + or disabled. + :type suppression_enabled: bool + :param tactics: The tactics of the alert rule. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'kind': {'required': True}, + 'last_modified_utc': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'suppression_duration': {'key': 'properties.suppressionDuration', 'type': 'duration'}, + 'suppression_enabled': {'key': 'properties.suppressionEnabled', 'type': 'bool'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + kind: Union[str, "AlertRuleKindEnum"], + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + suppression_duration: Optional[datetime.timedelta] = None, + suppression_enabled: Optional[bool] = None, + tactics: Optional[List[Union[str, "AttackTactic"]]] = None, + **kwargs + ): + super(ScheduledAlertRule, self).__init__(kind=kind, **kwargs) + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + self.suppression_duration = suppression_duration + self.suppression_enabled = suppression_enabled + self.tactics = tactics + + +class ScheduledAlertRuleCommonProperties(msrest.serialization.Model): + """Schedule alert rule template property bag. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + """ + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + } + + def __init__( + self, + *, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + **kwargs + ): + super(ScheduledAlertRuleCommonProperties, self).__init__(**kwargs) + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + + +class ScheduledAlertRuleProperties(ScheduledAlertRuleCommonProperties): + """Scheduled alert rule base property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param alert_rule_template_name: The Name of the alert rule template used to create this rule. + :type alert_rule_template_name: str + :param description: The description of the alert rule. + :type description: str + :param display_name: Required. The display name for alerts created by this alert rule. + :type display_name: str + :param enabled: Required. Determines whether this alert rule is enabled or disabled. + :type enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :param suppression_duration: Required. The suppression (in ISO 8601 duration format) to wait + since last time this alert rule been triggered. + :type suppression_duration: ~datetime.timedelta + :param suppression_enabled: Required. Determines whether the suppression for this alert rule is + enabled or disabled. + :type suppression_enabled: bool + :param tactics: The tactics of the alert rule. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'display_name': {'required': True}, + 'enabled': {'required': True}, + 'last_modified_utc': {'readonly': True}, + 'suppression_duration': {'required': True}, + 'suppression_enabled': {'required': True}, + } + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + 'alert_rule_template_name': {'key': 'alertRuleTemplateName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'enabled': {'key': 'enabled', 'type': 'bool'}, + 'last_modified_utc': {'key': 'lastModifiedUtc', 'type': 'iso-8601'}, + 'suppression_duration': {'key': 'suppressionDuration', 'type': 'duration'}, + 'suppression_enabled': {'key': 'suppressionEnabled', 'type': 'bool'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + display_name: str, + enabled: bool, + suppression_duration: datetime.timedelta, + suppression_enabled: bool, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + tactics: Optional[List[Union[str, "AttackTactic"]]] = None, + **kwargs + ): + super(ScheduledAlertRuleProperties, self).__init__(query=query, query_frequency=query_frequency, query_period=query_period, severity=severity, trigger_operator=trigger_operator, trigger_threshold=trigger_threshold, **kwargs) + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + self.suppression_duration = suppression_duration + self.suppression_enabled = suppression_enabled + self.tactics = tactics + + +class ScheduledAlertRuleTemplate(AlertRuleTemplate): + """Represents scheduled alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :param kind: Required. The kind of the alert rule. Possible values include: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion". + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :type alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :param description: The description of the alert rule template. + :type description: str + :param display_name: The display name for alert rule template. + :type display_name: str + :param required_data_connectors: The required data connectors for this template. + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :param status: The alert rule template status. Possible values include: "Installed", + "Available", "NotAvailable". + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _validation = { + 'kind': {'required': True}, + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, + 'status': {'key': 'properties.status', 'type': 'str'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + kind: Union[str, "AlertRuleKindEnum"], + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "TemplateStatus"]] = None, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + tactics: Optional[List[Union[str, "AttackTactic"]]] = None, + **kwargs + ): + super(ScheduledAlertRuleTemplate, self).__init__(kind=kind, **kwargs) + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + self.tactics = tactics + + +class ScheduledAlertRuleTemplateProperties(ScheduledAlertRuleCommonProperties): + """Scheduled alert rule template properties. + + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :type query_frequency: ~datetime.timedelta + :param query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :type query_period: ~datetime.timedelta + :param severity: The severity for alerts created by this alert rule. Possible values include: + "High", "Medium", "Low", "Informational". + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param trigger_operator: The operation against the threshold that triggers alert rule. Possible + values include: "GreaterThan", "LessThan", "Equal", "NotEqual". + :type trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + :param tactics: The tactics of the alert rule template. + :type tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + """ + + _attribute_map = { + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + 'tactics': {'key': 'tactics', 'type': '[str]'}, + } + + def __init__( + self, + *, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + tactics: Optional[List[Union[str, "AttackTactic"]]] = None, + **kwargs + ): + super(ScheduledAlertRuleTemplateProperties, self).__init__(query=query, query_frequency=query_frequency, query_period=query_period, severity=severity, trigger_operator=trigger_operator, trigger_threshold=trigger_threshold, **kwargs) + self.tactics = tactics + + +class SettingsKind(msrest.serialization.Model): + """Describes an Azure resource with kind. + + :param kind: The kind of the setting. Possible values include: "UebaSettings", + "ToggleSettings". + :type kind: str or ~azure.mgmt.securityinsight.models.SettingKind + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "SettingKind"]] = None, + **kwargs + ): + super(SettingsKind, self).__init__(**kwargs) + self.kind = kind + + +class Settings(SettingsKind): + """The Setting. + + :param kind: The kind of the setting. Possible values include: "UebaSettings", + "ToggleSettings". + :type kind: str or ~azure.mgmt.securityinsight.models.SettingKind + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "SettingKind"]] = None, + **kwargs + ): + super(Settings, self).__init__(kind=kind, **kwargs) + + +class ThreatIntelligence(msrest.serialization.Model): + """ThreatIntelligence property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar confidence: Confidence (must be between 0 and 1). + :vartype confidence: float + :ivar provider_name: Name of the provider from whom this Threat Intelligence information was + received. + :vartype provider_name: str + :ivar report_link: Report link. + :vartype report_link: str + :ivar threat_description: Threat description (free text). + :vartype threat_description: str + :ivar threat_name: Threat name (e.g. "Jedobot malware"). + :vartype threat_name: str + :ivar threat_type: Threat type (e.g. "Botnet"). + :vartype threat_type: str + """ + + _validation = { + 'confidence': {'readonly': True}, + 'provider_name': {'readonly': True}, + 'report_link': {'readonly': True}, + 'threat_description': {'readonly': True}, + 'threat_name': {'readonly': True}, + 'threat_type': {'readonly': True}, + } + + _attribute_map = { + 'confidence': {'key': 'confidence', 'type': 'float'}, + 'provider_name': {'key': 'providerName', 'type': 'str'}, + 'report_link': {'key': 'reportLink', 'type': 'str'}, + 'threat_description': {'key': 'threatDescription', 'type': 'str'}, + 'threat_name': {'key': 'threatName', 'type': 'str'}, + 'threat_type': {'key': 'threatType', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(ThreatIntelligence, self).__init__(**kwargs) + self.confidence = None + self.provider_name = None + self.report_link = None + self.threat_description = None + self.threat_name = None + self.threat_type = None + + +class TiDataConnector(DataConnector): + """Represents threat intelligence data connector. + + :param kind: The kind of the data connector. Possible values include: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection". + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.TiDataConnectorDataTypes + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'TiDataConnectorDataTypes'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "DataConnectorKindEnum"]] = None, + tenant_id: Optional[str] = None, + data_types: Optional["TiDataConnectorDataTypes"] = None, + **kwargs + ): + super(TiDataConnector, self).__init__(kind=kind, **kwargs) + self.tenant_id = tenant_id + self.data_types = data_types + + +class TiDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for TI (Threat Intelligence) data connector. + + :param indicators: Data type for indicators connection. + :type indicators: ~azure.mgmt.securityinsight.models.TiDataConnectorDataTypesIndicators + """ + + _attribute_map = { + 'indicators': {'key': 'indicators', 'type': 'TiDataConnectorDataTypesIndicators'}, + } + + def __init__( + self, + *, + indicators: Optional["TiDataConnectorDataTypesIndicators"] = None, + **kwargs + ): + super(TiDataConnectorDataTypes, self).__init__(**kwargs) + self.indicators = indicators + + +class TiDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + """Data type for indicators connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(TiDataConnectorDataTypesIndicators, self).__init__(state=state, **kwargs) + + +class TiDataConnectorProperties(DataConnectorTenantId): + """TI (Threat Intelligence) data connector properties. + + :param tenant_id: The tenant id to connect to, and get the data from. + :type tenant_id: str + :param data_types: The available data types for the connector. + :type data_types: ~azure.mgmt.securityinsight.models.TiDataConnectorDataTypes + """ + + _attribute_map = { + 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': 'TiDataConnectorDataTypes'}, + } + + def __init__( + self, + *, + tenant_id: Optional[str] = None, + data_types: Optional["TiDataConnectorDataTypes"] = None, + **kwargs + ): + super(TiDataConnectorProperties, self).__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class ToggleSettings(Settings): + """Settings with single toggle. + + :param kind: The kind of the setting. Possible values include: "UebaSettings", + "ToggleSettings". + :type kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :param is_enabled: Determines whether the setting is enable or disabled. + :type is_enabled: bool + """ + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "SettingKind"]] = None, + is_enabled: Optional[bool] = None, + **kwargs + ): + super(ToggleSettings, self).__init__(kind=kind, **kwargs) + self.is_enabled = is_enabled + + +class UebaSettings(Settings): + """Represents settings for User and Entity Behavior Analytics enablement. + + Variables are only populated by the server, and will be ignored when sending a request. + + :param kind: The kind of the setting. Possible values include: "UebaSettings", + "ToggleSettings". + :type kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar atp_license_status: Determines whether the tenant has ATP (Advanced Threat Protection) + license. Possible values include: "Enabled", "Disabled". + :vartype atp_license_status: str or ~azure.mgmt.securityinsight.models.LicenseStatus + :param is_enabled: Determines whether User and Entity Behavior Analytics is enabled for this + workspace. + :type is_enabled: bool + :ivar status_in_mcas: Determines whether User and Entity Behavior Analytics is enabled from + MCAS (Microsoft Cloud App Security). Possible values include: "Enabled", "Disabled". + :vartype status_in_mcas: str or ~azure.mgmt.securityinsight.models.StatusInMcas + """ + + _validation = { + 'atp_license_status': {'readonly': True}, + 'status_in_mcas': {'readonly': True}, + } + + _attribute_map = { + 'kind': {'key': 'kind', 'type': 'str'}, + 'atp_license_status': {'key': 'properties.atpLicenseStatus', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + 'status_in_mcas': {'key': 'properties.statusInMcas', 'type': 'str'}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "SettingKind"]] = None, + is_enabled: Optional[bool] = None, + **kwargs + ): + super(UebaSettings, self).__init__(kind=kind, **kwargs) + self.atp_license_status = None + self.is_enabled = is_enabled + self.status_in_mcas = None + + +class UserInfo(msrest.serialization.Model): + """User information that made some action. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str + :param object_id: Required. The object id of the user. + :type object_id: str + """ + + _validation = { + 'email': {'readonly': True}, + 'name': {'readonly': True}, + 'object_id': {'required': True}, + } + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + } + + def __init__( + self, + *, + object_id: str, + **kwargs + ): + super(UserInfo, self).__init__(**kwargs) + self.email = None + self.name = None + self.object_id = object_id diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py new file mode 100644 index 00000000000..bf1438e28e5 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py @@ -0,0 +1,122 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from enum import Enum + +class AlertRuleKindEnum(str, Enum): + """The kind of the alert rule + """ + + scheduled = "Scheduled" + microsoft_security_incident_creation = "MicrosoftSecurityIncidentCreation" + fusion = "Fusion" + +class AlertSeverity(str, Enum): + """The severity of the alert + """ + + high = "High" #: High severity. + medium = "Medium" #: Medium severity. + low = "Low" #: Low severity. + informational = "Informational" #: Informational severity. + +class AttackTactic(str, Enum): + """The severity for alerts created by this alert rule. + """ + + initial_access = "InitialAccess" + execution = "Execution" + persistence = "Persistence" + privilege_escalation = "PrivilegeEscalation" + defense_evasion = "DefenseEvasion" + credential_access = "CredentialAccess" + discovery = "Discovery" + lateral_movement = "LateralMovement" + collection = "Collection" + exfiltration = "Exfiltration" + command_and_control = "CommandAndControl" + impact = "Impact" + +class DataConnectorKindEnum(str, Enum): + """The kind of the data connector + """ + + azure_active_directory = "AzureActiveDirectory" + azure_security_center = "AzureSecurityCenter" + microsoft_cloud_app_security = "MicrosoftCloudAppSecurity" + threat_intelligence = "ThreatIntelligence" + office365 = "Office365" + amazon_web_services_cloud_trail = "AmazonWebServicesCloudTrail" + azure_advanced_threat_protection = "AzureAdvancedThreatProtection" + microsoft_defender_advanced_threat_protection = "MicrosoftDefenderAdvancedThreatProtection" + +class DataTypeState(str, Enum): + """Describe whether this data type connection is enabled or not. + """ + + enabled = "Enabled" + disabled = "Disabled" + +class IncidentSeverity(str, Enum): + """The severity of the incident + """ + + critical = "Critical" #: Critical severity. + high = "High" #: High severity. + medium = "Medium" #: Medium severity. + low = "Low" #: Low severity. + informational = "Informational" #: Informational severity. + +class LicenseStatus(str, Enum): + """Determines whether the tenant has ATP (Advanced Threat Protection) license. + """ + + enabled = "Enabled" + disabled = "Disabled" + +class MicrosoftSecurityProductName(str, Enum): + """The alerts' productName on which the cases will be generated + """ + + microsoft_cloud_app_security = "Microsoft Cloud App Security" + azure_security_center = "Azure Security Center" + azure_advanced_threat_protection = "Azure Advanced Threat Protection" + azure_active_directory_identity_protection = "Azure Active Directory Identity Protection" + azure_security_center_for_io_t = "Azure Security Center for IoT" + +class SettingKind(str, Enum): + """The kind of the setting + """ + + ueba_settings = "UebaSettings" + toggle_settings = "ToggleSettings" + +class StatusInMcas(str, Enum): + """Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App + Security). + """ + + enabled = "Enabled" + disabled = "Disabled" + +class TemplateStatus(str, Enum): + """The alert rule template status. + """ + + installed = "Installed" #: Alert rule template installed. and can not use more then once. + available = "Available" #: Alert rule template is available. + not_available = "NotAvailable" #: Alert rule template is not available. + +class TriggerOperator(str, Enum): + """The operation against the threshold that triggers alert rule. + """ + + greater_than = "GreaterThan" + less_than = "LessThan" + equal = "Equal" + not_equal = "NotEqual" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py new file mode 100644 index 00000000000..a99ec2ca26d --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py @@ -0,0 +1,19 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from ._operation_operations import OperationOperations +from ._alert_rule_operations import AlertRuleOperations +from ._action_operations import ActionOperations +from ._data_connector_operations import DataConnectorOperations + +__all__ = [ + 'OperationOperations', + 'AlertRuleOperations', + 'ActionOperations', + 'DataConnectorOperations', +] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py new file mode 100644 index 00000000000..b444742d4d5 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py @@ -0,0 +1,122 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Optional, TypeVar + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class ActionOperations(object): + """ActionOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~azure.mgmt.securityinsight.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list_by_alert_rule( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.ActionsList" + """Gets all actions of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionsList or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ActionsList + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionsList"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_alert_rule.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + else: + url = next_link + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('ActionsList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py new file mode 100644 index 00000000000..ed661c6500d --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py @@ -0,0 +1,530 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Optional, TypeVar, Union + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class AlertRuleOperations(object): + """AlertRuleOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~azure.mgmt.securityinsight.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name, # type: str + workspace_name, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.AlertRulesList" + """Gets all alert rules. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRulesList or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AlertRulesList + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRulesList"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + else: + url = next_link + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('AlertRulesList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} + + def get( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.AlertRule" + """Gets the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} + + def create_or_update( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + kind, # type: Union[str, "models.AlertRuleKindEnum"] + etag=None, # type: Optional[str] + **kwargs # type: Any + ): + # type: (...) -> "models.AlertRule" + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param kind: The kind of the alert rule. + :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKindEnum + :param etag: Etag of the azure resource. + :type etag: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AlertRule or ~azure.mgmt.securityinsight.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + + _alert_rule = models.AlertRule(etag=etag, kind=kind) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = 'application/json' + + # Construct and send request + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(_alert_rule, 'AlertRule') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} + + def delete( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + """Delete the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} + + def get_action( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + action_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.ActionResponse" + """Gets the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.get_action.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} + + def create_or_update_action( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + action_id, # type: str + etag=None, # type: Optional[str] + logic_app_resource_id=None, # type: Optional[str] + trigger_uri=None, # type: Optional[str] + **kwargs # type: Any + ): + # type: (...) -> "models.ActionResponse" + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :param etag: Etag of the azure resource. + :type etag: str + :param logic_app_resource_id: Logic App Resource Id, + providers/Microsoft.Logic/workflows/{WorkflowID}. + :type logic_app_resource_id: str + :param trigger_uri: Logic App Callback URL for this specific workflow. + :type trigger_uri: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ActionResponse or ~azure.mgmt.securityinsight.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + + _action = models.ActionRequest(etag=etag, logic_app_resource_id=logic_app_resource_id, trigger_uri=trigger_uri) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + + # Construct URL + url = self.create_or_update_action.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = 'application/json' + + # Construct and send request + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(_action, 'ActionRequest') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} + + def delete_action( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + action_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + """Delete the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.delete_action.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py new file mode 100644 index 00000000000..0b9c9be3b66 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py @@ -0,0 +1,316 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Optional, TypeVar, Union + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class DataConnectorOperations(object): + """DataConnectorOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~azure.mgmt.securityinsight.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name, # type: str + workspace_name, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.DataConnectorList" + """Gets all data connectors. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorList or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorList + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnectorList"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + else: + url = next_link + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('DataConnectorList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors'} + + def get( + self, + resource_group_name, # type: str + workspace_name, # type: str + data_connector_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.DataConnector" + """Gets a data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnector + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('DataConnector', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} + + def create_or_update( + self, + resource_group_name, # type: str + workspace_name, # type: str + data_connector_id, # type: str + etag=None, # type: Optional[str] + kind=None, # type: Optional[Union[str, "models.DataConnectorKindEnum"]] + **kwargs # type: Any + ): + # type: (...) -> "models.DataConnector" + """Creates or updates the data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :param etag: Etag of the azure resource. + :type etag: str + :param kind: The kind of the data connector. + :type kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKindEnum + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnector or ~azure.mgmt.securityinsight.models.DataConnector + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + + _data_connector = models.DataConnector(etag=etag, kind=kind) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = 'application/json' + + # Construct and send request + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(_data_connector, 'DataConnector') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DataConnector', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('DataConnector', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} + + def delete( + self, + resource_group_name, # type: str + workspace_name, # type: str + data_connector_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + """Delete the data connector. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param data_connector_id: Connector ID. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py new file mode 100644 index 00000000000..74578bcddda --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py @@ -0,0 +1,105 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Optional, TypeVar + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class OperationOperations(object): + """OperationOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~azure.mgmt.securityinsight.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + **kwargs # type: Any + ): + # type: (...) -> "models.OperationsList" + """Lists all operations available Azure Security Insights Resource Provider. + + :keyword callable cls: A custom type or function that will be passed the direct response + :return: OperationsList or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.OperationsList + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.OperationsList"] + error_map = kwargs.pop('error_map', {404: ResourceNotFoundError, 409: ResourceExistsError}) + api_version = "2020-01-01" + + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + else: + url = next_link + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = 'application/json' + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('OperationsList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/providers/Microsoft.SecurityInsights/operations'} diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/py.typed b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/py.typed new file mode 100644 index 00000000000..e5aff4f83af --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/py.typed @@ -0,0 +1 @@ +# Marker file for PEP 561. \ No newline at end of file diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/setup.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/setup.py new file mode 100644 index 00000000000..bea0f79ea86 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/setup.py @@ -0,0 +1,37 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +# coding: utf-8 + +from setuptools import setup, find_packages + +NAME = "securityinsights" +VERSION = "0.1.0" + +# To install the library, run the following +# +# python setup.py install +# +# prerequisite: setuptools +# http://pypi.python.org/pypi/setuptools + +REQUIRES = ["msrest>=0.6.0", "azure-core<2.0.0,>=1.2.0"] + +setup( + name=NAME, + version=VERSION, + description="SecurityInsights", + author_email="", + url="", + keywords=["Swagger", "SecurityInsights"], + install_requires=REQUIRES, + packages=find_packages(), + include_package_data=True, + long_description="""\ + API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. + """ +) diff --git a/src/securityinsight/report.md b/src/securityinsight/report.md new file mode 100644 index 00000000000..4b2207a9880 --- /dev/null +++ b/src/securityinsight/report.md @@ -0,0 +1,101 @@ +# Azure CLI Module Creation Report + +### sentinel action list + +list a sentinel action. + +|Option|Type|Description|Path (SDK)|Path (swagger)| +|------|----|-----------|----------|--------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name| +|**--workspace-name**|string|The name of the workspace.|workspace_name| +|**--rule-id**|string|Alert rule ID|rule_id| +### sentinel alert-rule create + +create a sentinel alert-rule. + +|Option|Type|Description|Path (SDK)|Path (swagger)| +|------|----|-----------|----------|--------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name| +|**--workspace-name**|string|The name of the workspace.|workspace_name| +|**--rule-id**|string|Alert rule ID|rule_id| +|**--action-id**|string|Action ID|action_id| +|**--kind**|choice|The kind of the alert rule|kind| +|**--etag**|string|Etag of the azure resource|etag| +|**--logic-app-resource-id**|string|Logic App Resource Id, providers/Microsoft.Logic/workflows/{WorkflowID}.|logic_app_resource_id| +|**--trigger-uri**|string|Logic App Callback URL for this specific workflow.|trigger_uri| +### sentinel alert-rule delete + +delete a sentinel alert-rule. + +|Option|Type|Description|Path (SDK)|Path (swagger)| +|------|----|-----------|----------|--------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name| +|**--workspace-name**|string|The name of the workspace.|workspace_name| +|**--rule-id**|string|Alert rule ID|rule_id| +|**--action-id**|string|Action ID|action_id| +### sentinel alert-rule list + +list a sentinel alert-rule. + +|Option|Type|Description|Path (SDK)|Path (swagger)| +|------|----|-----------|----------|--------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name| +|**--workspace-name**|string|The name of the workspace.|workspace_name| +### sentinel alert-rule show + +show a sentinel alert-rule. + +|Option|Type|Description|Path (SDK)|Path (swagger)| +|------|----|-----------|----------|--------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name| +|**--workspace-name**|string|The name of the workspace.|workspace_name| +|**--rule-id**|string|Alert rule ID|rule_id| +|**--action-id**|string|Action ID|action_id| +### sentinel data-connector create + +create a sentinel data-connector. + +|Option|Type|Description|Path (SDK)|Path (swagger)| +|------|----|-----------|----------|--------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name| +|**--workspace-name**|string|The name of the workspace.|workspace_name| +|**--data-connector-id**|string|Connector ID|data_connector_id| +|**--etag**|string|Etag of the azure resource|etag| +|**--kind**|choice|The kind of the data connector|kind| +### sentinel data-connector delete + +delete a sentinel data-connector. + +|Option|Type|Description|Path (SDK)|Path (swagger)| +|------|----|-----------|----------|--------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name| +|**--workspace-name**|string|The name of the workspace.|workspace_name| +|**--data-connector-id**|string|Connector ID|data_connector_id| +### sentinel data-connector list + +list a sentinel data-connector. + +|Option|Type|Description|Path (SDK)|Path (swagger)| +|------|----|-----------|----------|--------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name| +|**--workspace-name**|string|The name of the workspace.|workspace_name| +### sentinel data-connector show + +show a sentinel data-connector. + +|Option|Type|Description|Path (SDK)|Path (swagger)| +|------|----|-----------|----------|--------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name| +|**--workspace-name**|string|The name of the workspace.|workspace_name| +|**--data-connector-id**|string|Connector ID|data_connector_id| +### sentinel data-connector update + +create a sentinel data-connector. + +|Option|Type|Description|Path (SDK)|Path (swagger)| +|------|----|-----------|----------|--------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name| +|**--workspace-name**|string|The name of the workspace.|workspace_name| +|**--data-connector-id**|string|Connector ID|data_connector_id| +|**--etag**|string|Etag of the azure resource|etag| +|**--kind**|choice|The kind of the data connector|kind| \ No newline at end of file diff --git a/src/securityinsight/setup.cfg b/src/securityinsight/setup.cfg new file mode 100644 index 00000000000..2fdd96e5d39 --- /dev/null +++ b/src/securityinsight/setup.cfg @@ -0,0 +1 @@ +#setup.cfg \ No newline at end of file diff --git a/src/securityinsight/setup.py b/src/securityinsight/setup.py new file mode 100644 index 00000000000..9ef732ad40e --- /dev/null +++ b/src/securityinsight/setup.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python + +# -------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# -------------------------------------------------------------------------------------------- + + +from codecs import open +from setuptools import setup, find_packages + +# TODO: Confirm this is the right version number you want and it matches your +# HISTORY.rst entry. +VERSION = '0.1.0' + +# The full list of classifiers is available at +# https://pypi.python.org/pypi?%3Aaction=list_classifiers +CLASSIFIERS = [ + 'Development Status :: 4 - Beta', + 'Intended Audience :: Developers', + 'Intended Audience :: System Administrators', + 'Programming Language :: Python', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.6', + 'Programming Language :: Python :: 3.7', + 'Programming Language :: Python :: 3.8', + 'License :: OSI Approved :: MIT License', +] + +# TODO: Add any additional SDK dependencies here +DEPENDENCIES = [] + +with open('README.md', 'r', encoding='utf-8') as f: + README = f.read() +with open('HISTORY.rst', 'r', encoding='utf-8') as f: + HISTORY = f.read() + +setup( + name='sentinel', + version=VERSION, + description='Microsoft Azure Command-Line Tools SecurityInsights Extension', + # TODO: Update author and email, if applicable + author='Microsoft Corporation', + author_email='azpycli@microsoft.com', + # TODO: consider pointing directly to your source code instead of the generic repo + url='https://github.com/Azure/azure-cli-extensions', + long_description=README + '\n\n' + HISTORY, + license='MIT', + classifiers=CLASSIFIERS, + packages=find_packages(), + install_requires=DEPENDENCIES, + package_data={'azext_sentinel': ['azext_metadata.json']}, +)