diff --git a/common/config/rush/pnpm-lock.yaml b/common/config/rush/pnpm-lock.yaml index c5add65933b1..27f525d4e9e2 100644 --- a/common/config/rush/pnpm-lock.yaml +++ b/common/config/rush/pnpm-lock.yaml @@ -3855,7 +3855,7 @@ packages: dependencies: semver: 7.3.8 shelljs: 0.8.5 - typescript: 5.0.0-dev.20230224 + typescript: 5.1.0-dev.20230227 dev: false /downlevel-dts/0.7.0: @@ -8604,8 +8604,8 @@ packages: hasBin: true dev: false - /typescript/5.0.0-dev.20230224: - resolution: {integrity: sha512-ntlbPkFF0PM1+lmvLenUGwo+3EJPq5QAvAsw+6HA6KTOHpF3IcmYE57rcgpL54NLXhqz84RNTtcmb4dttBuBsA==} + /typescript/5.1.0-dev.20230227: + resolution: {integrity: sha512-nPxrgb/3C40X3eXsCPUpiVEgQltswKoAh3Zwm7tDIVE4ldDr3flXq63odqyWUuOZFc/+NCFdm80RpTB0nz2M8w==} engines: {node: '>=4.2.0'} hasBin: true dev: false @@ -14322,15 +14322,15 @@ packages: dev: false file:projects/arm-securityinsight.tgz: - resolution: {integrity: sha512-QLgaNYlU1jCQOkeNUJC6ElUwlSfM5RGb5NqlbnlKMRKXmqmcKW1F+GvE4MT6E2RrR6F4oEjDhuPKsoi58EQm5g==, tarball: file:projects/arm-securityinsight.tgz} + resolution: {integrity: sha512-rQhiJTl5w7atrsTjMkE5GK/EBbcqmME0Xm0L/O4/lWl+hE/vXIBfggL/PRiqkQepoPUlutqxXAAcWdNu0FSijw==, tarball: file:projects/arm-securityinsight.tgz} name: '@rush-temp/arm-securityinsight' version: 0.0.0 dependencies: '@azure/identity': 2.1.0 '@microsoft/api-extractor': 7.33.7 - '@rollup/plugin-commonjs': 24.0.1_rollup@2.79.1 - '@rollup/plugin-json': 6.0.0_rollup@2.79.1 - '@rollup/plugin-multi-entry': 6.0.0_rollup@2.79.1 + '@rollup/plugin-commonjs': 21.1.0_rollup@2.79.1 + '@rollup/plugin-json': 4.1.0_rollup@2.79.1 + '@rollup/plugin-multi-entry': 4.1.0_rollup@2.79.1 '@rollup/plugin-node-resolve': 13.3.0_rollup@2.79.1 '@types/chai': 4.3.4 '@types/node': 14.18.36 diff --git a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md index 7e10d8fce8ba..7fec3c9532c1 100644 --- a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md +++ b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md @@ -1,15 +1,230 @@ # Release History + +## 1.0.0-beta.7 (2023-02-27) + +**Features** -## 1.0.0-beta.7 (Unreleased) - -### Features Added - -### Breaking Changes - -### Bugs Fixed + - Added operation group AlertRuleOperations + - Added operation group Get + - Added operation group GetRecommendations + - Added operation group GetTriggeredAnalyticsRuleRuns + - Added operation group IncidentTasks + - Added operation group TriggeredAnalyticsRuleRunOperations + - Added operation group Update + - Added Interface AddIncidentTaskActionProperties + - Added Interface AlertPropertyMapping + - Added Interface AlertRuleTriggerRuleRunHeaders + - Added Interface AlertRuleTriggerRuleRunOptionalParams + - Added Interface AnalyticsRuleRunTrigger + - Added Interface AutomationRuleAddIncidentTaskAction + - Added Interface Content + - Added Interface GetRecommendationsListOptionalParams + - Added Interface GetSingleRecommendationOptionalParams + - Added Interface GetTriggeredAnalyticsRuleRunsListNextOptionalParams + - Added Interface GetTriggeredAnalyticsRuleRunsListOptionalParams + - Added Interface IncidentTask + - Added Interface IncidentTaskList + - Added Interface IncidentTasksCreateOrUpdateOptionalParams + - Added Interface IncidentTasksDeleteOptionalParams + - Added Interface IncidentTasksGetOptionalParams + - Added Interface IncidentTasksListNextOptionalParams + - Added Interface IncidentTasksListOptionalParams + - Added Interface Instructions + - Added Interface MicrosoftPurviewInformationProtectionCheckRequirements + - Added Interface MicrosoftPurviewInformationProtectionCheckRequirementsProperties + - Added Interface MicrosoftPurviewInformationProtectionConnectorDataTypes + - Added Interface MicrosoftPurviewInformationProtectionConnectorDataTypesLogs + - Added Interface MicrosoftPurviewInformationProtectionDataConnector + - Added Interface MicrosoftPurviewInformationProtectionDataConnectorProperties + - Added Interface MTPDataConnectorDataTypesAlerts + - Added Interface MtpFilteredProviders + - Added Interface Recommendation + - Added Interface RecommendationList + - Added Interface RecommendationPatch + - Added Interface RecommendedAction + - Added Interface SentinelEntityMapping + - Added Interface TriggeredAnalyticsRuleRun + - Added Interface TriggeredAnalyticsRuleRunGetOptionalParams + - Added Interface TriggeredAnalyticsRuleRuns + - Added Interface UpdateRecommendationOptionalParams + - Added Type Alias AlertProperty + - Added Type Alias AlertRuleTriggerRuleRunResponse + - Added Type Alias Category + - Added Type Alias Context + - Added Type Alias Enum14 + - Added Type Alias GetRecommendationsListResponse + - Added Type Alias GetSingleRecommendationResponse + - Added Type Alias GetTriggeredAnalyticsRuleRunsListNextResponse + - Added Type Alias GetTriggeredAnalyticsRuleRunsListResponse + - Added Type Alias IncidentTasksCreateOrUpdateResponse + - Added Type Alias IncidentTasksGetResponse + - Added Type Alias IncidentTasksListNextResponse + - Added Type Alias IncidentTasksListResponse + - Added Type Alias IncidentTaskStatus + - Added Type Alias MtpProvider + - Added Type Alias Priority + - Added Type Alias ProvisioningState + - Added Type Alias State + - Added Type Alias TriggeredAnalyticsRuleRunGetResponse + - Added Type Alias UpdateRecommendationResponse + - Interface AlertDetailsOverride has a new optional parameter alertDynamicProperties + - Interface MTPDataConnector has a new optional parameter filteredProviders + - Interface MTPDataConnectorDataTypes has a new optional parameter alerts + - Interface MTPDataConnectorProperties has a new optional parameter filteredProviders + - Interface NrtAlertRule has a new optional parameter sentinelEntitiesMappings + - Interface NrtAlertRuleTemplate has a new optional parameter sentinelEntitiesMappings + - Interface QueryBasedAlertRuleTemplateProperties has a new optional parameter sentinelEntitiesMappings + - Interface ScheduledAlertRule has a new optional parameter sentinelEntitiesMappings + - Interface ScheduledAlertRuleCommonProperties has a new optional parameter sentinelEntitiesMappings + - Interface ScheduledAlertRuleTemplate has a new optional parameter sentinelEntitiesMappings + - Interface SecurityAlertTimelineItem has a new optional parameter intent + - Interface SecurityAlertTimelineItem has a new optional parameter techniques + - Type of parameter actionType of interface AutomationRuleAction is changed from "ModifyProperties" | "RunPlaybook" to "AddIncidentTask" | "ModifyProperties" | "RunPlaybook" + - Type of parameter kind of interface DataConnectorsCheckRequirements is changed from "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "Office365Project" | "OfficePowerBI" | "ThreatIntelligence" | "ThreatIntelligenceTaxii" | "IOT" to "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "MicrosoftPurviewInformationProtection" | "Office365Project" | "OfficePowerBI" | "ThreatIntelligence" | "ThreatIntelligenceTaxii" | "IOT" + - Added Enum KnownAlertProperty + - Added Enum KnownCategory + - Added Enum KnownContext + - Added Enum KnownEnum14 + - Added Enum KnownIncidentTaskStatus + - Added Enum KnownMtpProvider + - Added Enum KnownPriority + - Added Enum KnownProvisioningState + - Added Enum KnownState + - Enum KnownActionType has a new value AddIncidentTask + - Enum KnownDataConnectorKind has a new value MicrosoftPurviewInformationProtection -### Other Changes +**Breaking Changes** + - Operation Incidents.createTeam has a new signature + - Type of parameter additionalData of interface AccountEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface AzureResourceEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface CloudApplicationEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface DnsEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface EntityCommonProperties is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface EntityEdges is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter kind of interface EntityQueriesListOptionalParams is changed from Enum13 to Enum14 + - Type of parameter additionalData of interface FileEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface FileHashEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface HostEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface HuntingBookmark is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface IoTDeviceEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface IpEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface MailboxEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface MailClusterEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface MailMessageEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface MalwareEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface NicEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface ProcessEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface RegistryKeyEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface RegistryValueEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface SecurityAlert is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface SecurityGroupEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface SubmissionMailEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface ThreatIntelligenceIndicatorModel is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Type of parameter additionalData of interface UrlEntity is changed from { + [propertyName: string]: Record; + } to { + [propertyName: string]: any; + } + - Removed Enum KnownEnum13 + + ## 1.0.0-beta.6 (2023-02-03) **Features** diff --git a/sdk/securityinsight/arm-securityinsight/_meta.json b/sdk/securityinsight/arm-securityinsight/_meta.json index 46308dd072f2..35104c9a4975 100644 --- a/sdk/securityinsight/arm-securityinsight/_meta.json +++ b/sdk/securityinsight/arm-securityinsight/_meta.json @@ -1,8 +1,8 @@ { - "commit": "b41f929626289b59e31be8a1091c99994864b096", - "readme": "specification\\securityinsights\\resource-manager\\readme.md", - "autorest_command": "autorest --version=3.9.3 --typescript --modelerfour.lenient-model-deduplication --azure-arm --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=F:\\azure-sdk-for-js ..\\azure-rest-api-specs\\specification\\securityinsights\\resource-manager\\readme.md --use=@autorest/typescript@6.0.0-rc.7 --generate-sample=true", + "commit": "c12c1d233ec21fda4f5f960bf3d9e5519bce75ed", + "readme": "specification/securityinsights/resource-manager/readme.md", + "autorest_command": "autorest --version=3.9.3 --typescript --modelerfour.lenient-model-deduplication --azure-arm --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=/mnt/vss/_work/1/s/azure-sdk-for-js ../azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md --use=@autorest/typescript@6.0.0-rc.5", "repository_url": "https://github.com/Azure/azure-rest-api-specs.git", - "release_tool": "@azure-tools/js-sdk-release-tools@2.6.0", - "use": "@autorest/typescript@6.0.0-rc.7" + "release_tool": "@azure-tools/js-sdk-release-tools@2.6.2", + "use": "@autorest/typescript@6.0.0-rc.5" } \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/package.json b/sdk/securityinsight/arm-securityinsight/package.json index 2a397ac0f528..a10e50f899b9 100644 --- a/sdk/securityinsight/arm-securityinsight/package.json +++ b/sdk/securityinsight/arm-securityinsight/package.json @@ -29,9 +29,9 @@ "types": "./types/arm-securityinsight.d.ts", "devDependencies": { "@microsoft/api-extractor": "^7.31.1", - "@rollup/plugin-commonjs": "^24.0.0", - "@rollup/plugin-json": "^6.0.0", - "@rollup/plugin-multi-entry": "^6.0.0", + "@rollup/plugin-commonjs": "^21.0.1", + "@rollup/plugin-json": "^4.1.0", + "@rollup/plugin-multi-entry": "^4.1.0", "@rollup/plugin-node-resolve": "^13.1.3", "mkdirp": "^1.0.4", "rollup": "^2.66.1", @@ -39,7 +39,6 @@ "typescript": "~4.8.0", "uglify-js": "^3.4.9", "rimraf": "^3.0.0", - "dotenv": "^8.2.0", "@azure/identity": "^2.0.1", "@azure-tools/test-recorder": "^2.0.0", "@azure-tools/test-credential": "^1.0.0", @@ -50,6 +49,7 @@ "@types/node": "^14.0.0", "@azure/dev-tool": "^1.0.0" }, + "homepage": "https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/securityinsight/arm-securityinsight", "repository": { "type": "git", "url": "https://github.com/Azure/azure-sdk-for-js.git" @@ -110,14 +110,5 @@ } ] }, - "autoPublish": true, - "homepage": "https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/securityinsight/arm-securityinsight", - "//sampleConfiguration": { - "productName": "", - "productSlugs": [ - "azure" - ], - "disableDocsMs": true, - "apiRefLink": "https://docs.microsoft.com/javascript/api/@azure/arm-securityinsight?view=azure-node-preview" - } -} + "autoPublish": true +} \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md index 96c4b0c5595f..d6da06991d20 100644 --- a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md +++ b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md @@ -58,7 +58,7 @@ export interface AccountEntity extends Entity { readonly aadUserId?: string; readonly accountName?: string; readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly displayName?: string; readonly dnsDomain?: string; @@ -239,6 +239,12 @@ export interface ActivityTimelineItem extends EntityTimelineItem { title: string; } +// @public (undocumented) +export interface AddIncidentTaskActionProperties { + description?: string; + title: string; +} + // @public export type AlertDetail = string; @@ -246,10 +252,20 @@ export type AlertDetail = string; export interface AlertDetailsOverride { alertDescriptionFormat?: string; alertDisplayNameFormat?: string; + alertDynamicProperties?: AlertPropertyMapping[]; alertSeverityColumnName?: string; alertTacticsColumnName?: string; } +// @public +export type AlertProperty = string; + +// @public +export interface AlertPropertyMapping { + alertProperty?: AlertProperty; + value?: string; +} + // @public export interface AlertRule extends ResourceWithEtag { kind: AlertRuleKind; @@ -258,6 +274,12 @@ export interface AlertRule extends ResourceWithEtag { // @public export type AlertRuleKind = string; +// @public +export interface AlertRuleOperations { + beginTriggerRuleRun(resourceGroupName: string, workspaceName: string, ruleId: string, analyticsRuleRunTriggerParameter: AnalyticsRuleRunTrigger, options?: AlertRuleTriggerRuleRunOptionalParams): Promise, AlertRuleTriggerRuleRunResponse>>; + beginTriggerRuleRunAndWait(resourceGroupName: string, workspaceName: string, ruleId: string, analyticsRuleRunTriggerParameter: AnalyticsRuleRunTrigger, options?: AlertRuleTriggerRuleRunOptionalParams): Promise; +} + // @public export interface AlertRules { createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: AlertRuleUnion, options?: AlertRulesCreateOrUpdateOptionalParams): Promise; @@ -368,6 +390,21 @@ export interface AlertRuleTemplateWithMitreProperties extends AlertRuleTemplateP techniques?: string[]; } +// @public +export interface AlertRuleTriggerRuleRunHeaders { + // (undocumented) + location?: string; +} + +// @public +export interface AlertRuleTriggerRuleRunOptionalParams extends coreClient.OperationOptions { + resumeFrom?: string; + updateIntervalInMs?: number; +} + +// @public +export type AlertRuleTriggerRuleRunResponse = AlertRuleTriggerRuleRunHeaders; + // @public (undocumented) export type AlertRuleUnion = AlertRule | MLBehaviorAnalyticsAlertRule | FusionAlertRule | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule | NrtAlertRule; @@ -382,6 +419,12 @@ export type AlertSeverity = string; // @public export type AlertStatus = string; +// @public +export interface AnalyticsRuleRunTrigger { + // (undocumented) + executionTimeUtc: Date; +} + // @public export interface Anomalies extends Settings { readonly isEnabled?: boolean; @@ -461,13 +504,20 @@ export interface AutomationRule extends ResourceWithEtag { // @public export interface AutomationRuleAction { - actionType: "ModifyProperties" | "RunPlaybook"; + actionType: "AddIncidentTask" | "ModifyProperties" | "RunPlaybook"; // (undocumented) order: number; } // @public (undocumented) -export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction; +export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleAddIncidentTaskAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction; + +// @public +export interface AutomationRuleAddIncidentTaskAction extends AutomationRuleAction { + // (undocumented) + actionConfiguration?: AddIncidentTaskActionProperties; + actionType: "AddIncidentTask"; +} // @public (undocumented) export interface AutomationRuleBooleanCondition { @@ -687,7 +737,7 @@ export interface AzureDevOpsResourceInfo { // @public export interface AzureResourceEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly friendlyName?: string; kind: "AzureResource"; @@ -868,6 +918,9 @@ export interface BooleanConditionProperties extends AutomationRuleCondition { conditionType: "Boolean"; } +// @public +export type Category = string; + // @public export interface ClientInfo { email?: string; @@ -879,7 +932,7 @@ export interface ClientInfo { // @public export interface CloudApplicationEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly appId?: number; readonly appName?: string; @@ -1051,6 +1104,12 @@ export interface ConnectorInstructionModelBase { type: SettingType; } +// @public +export interface Content { + description: string; + title: string; +} + // @public export interface ContentPathMap { contentType?: ContentType; @@ -1060,6 +1119,9 @@ export interface ContentPathMap { // @public export type ContentType = string; +// @public +export type Context = string; + // @public export type CreatedByType = string; @@ -1143,7 +1205,7 @@ export interface DataConnectors { // @public export interface DataConnectorsCheckRequirements { - kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "Office365Project" | "OfficePowerBI" | "ThreatIntelligence" | "ThreatIntelligenceTaxii" | "IOT"; + kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "MicrosoftPurviewInformationProtection" | "Office365Project" | "OfficePowerBI" | "ThreatIntelligence" | "ThreatIntelligenceTaxii" | "IOT"; } // @public @@ -1159,7 +1221,7 @@ export interface DataConnectorsCheckRequirementsPostOptionalParams extends coreC export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; // @public (undocumented) -export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | Office365ProjectCheckRequirements | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements | IoTCheckRequirements; +export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | MicrosoftPurviewInformationProtectionCheckRequirements | Office365ProjectCheckRequirements | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements | IoTCheckRequirements; // @public export interface DataConnectorsConnectOptionalParams extends coreClient.OperationOptions { @@ -1207,7 +1269,7 @@ export interface DataConnectorTenantId { } // @public (undocumented) -export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | Office365ProjectDataConnector | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | IoTDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; +export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | MicrosoftPurviewInformationProtectionDataConnector | Office365ProjectDataConnector | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | IoTDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; // @public export interface DataConnectorWithAlertsProperties { @@ -1262,7 +1324,7 @@ export type DeviceImportance = string; // @public export interface DnsEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly dnsServerIpEntityId?: string; readonly domainName?: string; @@ -1497,7 +1559,7 @@ export interface EntityAnalytics extends Settings { // @public export interface EntityCommonProperties { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly friendlyName?: string; } @@ -1505,7 +1567,7 @@ export interface EntityCommonProperties { // @public export interface EntityEdges { additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; targetEntityId?: string; } @@ -1622,7 +1684,7 @@ export type EntityQueriesListNextResponse = EntityQueryList; // @public export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { - kind?: Enum13; + kind?: Enum14; } // @public @@ -1757,7 +1819,7 @@ export type EntityType = string; export type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity | NicEntity; // @public -export type Enum13 = string; +export type Enum14 = string; // @public export type EventGroupingAggregationKind = string; @@ -1806,7 +1868,7 @@ export interface FieldMapping { // @public export interface FileEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly directory?: string; readonly fileHashEntityIds?: string[]; @@ -1833,7 +1895,7 @@ export type FileHashAlgorithm = string; // @public export interface FileHashEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly algorithm?: FileHashAlgorithm; readonly friendlyName?: string; @@ -2029,6 +2091,11 @@ export interface GeoLocation { readonly state?: string; } +// @public +export interface Get { + singleRecommendation(resourceGroupName: string, workspaceName: string, recommendationId: string, options?: GetSingleRecommendationOptionalParams): Promise; +} + // @public export function getContinuationToken(page: unknown): string | undefined; @@ -2053,6 +2120,44 @@ export interface GetQueriesResponse { value?: EntityQueryItemUnion[]; } +// @public +export interface GetRecommendations { + list(resourceGroupName: string, workspaceName: string, options?: GetRecommendationsListOptionalParams): Promise; +} + +// @public +export interface GetRecommendationsListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type GetRecommendationsListResponse = RecommendationList; + +// @public +export interface GetSingleRecommendationOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type GetSingleRecommendationResponse = Recommendation; + +// @public +export interface GetTriggeredAnalyticsRuleRuns { + list(resourceGroupName: string, workspaceName: string, options?: GetTriggeredAnalyticsRuleRunsListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface GetTriggeredAnalyticsRuleRunsListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type GetTriggeredAnalyticsRuleRunsListNextResponse = TriggeredAnalyticsRuleRuns; + +// @public +export interface GetTriggeredAnalyticsRuleRunsListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type GetTriggeredAnalyticsRuleRunsListResponse = TriggeredAnalyticsRuleRuns; + // @public export interface GitHubResourceInfo { appInstallationId?: string; @@ -2079,7 +2184,7 @@ export interface GroupingConfiguration { // @public export interface HostEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly azureID?: string; readonly dnsDomain?: string; @@ -2110,7 +2215,7 @@ export interface HostEntityProperties extends EntityCommonProperties { // @public export interface HuntingBookmark extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; created?: Date; createdBy?: UserInfo; @@ -2142,7 +2247,7 @@ export interface HuntingBookmarkProperties extends EntityCommonProperties { updatedBy?: UserInfo; } -// @public +// @public (undocumented) export interface Incident extends ResourceWithEtag { readonly additionalData?: IncidentAdditionalData; classification?: IncidentClassification; @@ -2201,9 +2306,10 @@ export interface IncidentComment extends ResourceWithEtag { message?: string; } -// @public +// @public (undocumented) export interface IncidentCommentList { readonly nextLink?: string; + // (undocumented) value: IncidentComment[]; } @@ -2289,6 +2395,7 @@ export type IncidentLabelType = string; // @public export interface IncidentList { readonly nextLink?: string; + // (undocumented) value: Incident[]; } @@ -2359,7 +2466,7 @@ export type IncidentRelationsListResponse = RelationList; // @public export interface Incidents { createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Incident, options?: IncidentsCreateOrUpdateOptionalParams): Promise; - createTeam(resourceGroupName: string, workspaceName: string, incidentId: string, teamProperties: TeamProperties, options?: IncidentsCreateTeamOptionalParams): Promise; + createTeam(resourceGroupName: string, workspaceName: string, incidentId: string, teamProperties: TeamInformation, options?: IncidentsCreateTeamOptionalParams): Promise; delete(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsDeleteOptionalParams): Promise; get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsGetOptionalParams): Promise; list(resourceGroupName: string, workspaceName: string, options?: IncidentsListOptionalParams): PagedAsyncIterableIterator; @@ -2448,6 +2555,69 @@ export type IncidentsRunPlaybookResponse = Record; // @public export type IncidentStatus = string; +// @public (undocumented) +export interface IncidentTask extends ResourceWithEtag { + createdBy?: ClientInfo; + readonly createdTimeUtc?: Date; + description?: string; + lastModifiedBy?: ClientInfo; + readonly lastModifiedTimeUtc?: Date; + // (undocumented) + status: IncidentTaskStatus; + title: string; +} + +// @public (undocumented) +export interface IncidentTaskList { + // (undocumented) + nextLink?: string; + // (undocumented) + value?: IncidentTask[]; +} + +// @public +export interface IncidentTasks { + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incidentTaskId: string, incidentTask: IncidentTask, options?: IncidentTasksCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, incidentId: string, incidentTaskId: string, options?: IncidentTasksDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentTaskId: string, options?: IncidentTasksGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentTasksListOptionalParams): PagedAsyncIterableIterator; +} + +// @public +export interface IncidentTasksCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentTasksCreateOrUpdateResponse = IncidentTask; + +// @public +export interface IncidentTasksDeleteOptionalParams extends coreClient.OperationOptions { +} + +// @public +export interface IncidentTasksGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentTasksGetResponse = IncidentTask; + +// @public +export interface IncidentTasksListNextOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentTasksListNextResponse = IncidentTaskList; + +// @public +export interface IncidentTasksListOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type IncidentTasksListResponse = IncidentTaskList; + +// @public +export type IncidentTaskStatus = string; + // @public export type IngestionMode = string; @@ -2525,6 +2695,13 @@ export interface InsightsTableResultColumnsItem { type?: string; } +// @public +export interface Instructions { + actionsToBePerformed: string; + howToPerformActionDetails?: string; + recommendationImportance: string; +} + // @public export interface InstructionSteps { description?: string; @@ -2557,7 +2734,7 @@ export interface IoTDataConnectorProperties extends DataConnectorWithAlertsPrope // @public export interface IoTDeviceEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly deviceId?: string; readonly deviceName?: string; @@ -2626,7 +2803,7 @@ export interface IoTDeviceEntityProperties extends EntityCommonProperties { // @public export interface IpEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly address?: string; readonly friendlyName?: string; @@ -2662,6 +2839,7 @@ export type Kind = string; // @public export enum KnownActionType { + AddIncidentTask = "AddIncidentTask", ModifyProperties = "ModifyProperties", RunPlaybook = "RunPlaybook" } @@ -2672,6 +2850,19 @@ export enum KnownAlertDetail { Severity = "Severity" } +// @public +export enum KnownAlertProperty { + AlertLink = "AlertLink", + ConfidenceLevel = "ConfidenceLevel", + ConfidenceScore = "ConfidenceScore", + ExtendedLinks = "ExtendedLinks", + ProductComponentName = "ProductComponentName", + ProductName = "ProductName", + ProviderName = "ProviderName", + RemediationSteps = "RemediationSteps", + Techniques = "Techniques" +} + // @public export enum KnownAlertRuleKind { Fusion = "Fusion", @@ -2845,6 +3036,15 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { Url = "Url" } +// @public +export enum KnownCategory { + CostOptimization = "CostOptimization", + Demo = "Demo", + NewFeature = "NewFeature", + Onboarding = "Onboarding", + SocEfficiency = "SocEfficiency" +} + // @public export enum KnownConditionType { Boolean = "Boolean", @@ -2887,6 +3087,14 @@ export enum KnownContentType { Workbook = "Workbook" } +// @public +export enum KnownContext { + Analytics = "Analytics", + Incidents = "Incidents", + None = "None", + Overview = "Overview" +} + // @public export enum KnownCreatedByType { Application = "Application", @@ -2919,6 +3127,7 @@ export enum KnownDataConnectorKind { IOT = "IOT", MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection", + MicrosoftPurviewInformationProtection = "MicrosoftPurviewInformationProtection", MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence", MicrosoftThreatProtection = "MicrosoftThreatProtection", Office365 = "Office365", @@ -3086,7 +3295,7 @@ export enum KnownEntityType { } // @public -export enum KnownEnum13 { +export enum KnownEnum14 { Activity = "Activity", Expansion = "Expansion" } @@ -3173,6 +3382,12 @@ export enum KnownIncidentStatus { New = "New" } +// @public +export enum KnownIncidentTaskStatus { + Completed = "Completed", + New = "New" +} + // @public export enum KnownIngestionMode { IngestAnyValidRecords = "IngestAnyValidRecords", @@ -3237,6 +3452,12 @@ export enum KnownMicrosoftSecurityProductName { Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection" } +// @public +export enum KnownMtpProvider { + MicrosoftDefenderForCloudApps = "microsoftDefenderForCloudApps", + MicrosoftDefenderForIdentity = "microsoftDefenderForIdentity" +} + // @public export enum KnownOperator { AND = "AND", @@ -3272,6 +3493,13 @@ export enum KnownPollingFrequency { OnceAnHour = "OnceAnHour" } +// @public +export enum KnownPriority { + High = "High", + Low = "Low", + Medium = "Medium" +} + // @public export enum KnownProviderName { MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings", @@ -3282,6 +3510,15 @@ export enum KnownProviderName { MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys" } +// @public +export enum KnownProvisioningState { + Accepted = "Accepted", + Canceled = "Canceled", + Failed = "Failed", + InProgress = "InProgress", + Succeeded = "Succeeded" +} + // @public export enum KnownRegistryHive { HkeyA = "HKEY_A", @@ -3354,6 +3591,15 @@ export enum KnownSourceType { RemoteStorage = "Remote storage" } +// @public +export enum KnownState { + Active = "Active", + CompletedByAction = "CompletedByAction", + CompletedByUser = "CompletedByUser", + Disabled = "Disabled", + Hidden = "Hidden" +} + // @public export enum KnownSupportTier { Community = "Community", @@ -3415,7 +3661,7 @@ export interface LastDataReceivedDataType { // @public export interface MailboxEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly displayName?: string; readonly externalDirectoryObjectId?: string; @@ -3436,7 +3682,7 @@ export interface MailboxEntityProperties extends EntityCommonProperties { // @public export interface MailClusterEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly clusterGroup?: string; readonly clusterQueryEndTime?: Date; @@ -3479,7 +3725,7 @@ export interface MailClusterEntityProperties extends EntityCommonProperties { // @public export interface MailMessageEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; antispamDirection?: AntispamMailDirection; bodyFingerprintBin1?: number; @@ -3542,7 +3788,7 @@ export interface MailMessageEntityProperties extends EntityCommonProperties { // @public export interface MalwareEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly category?: string; readonly fileEntityIds?: string[]; @@ -3761,6 +4007,37 @@ export interface MetadataUpdateOptionalParams extends coreClient.OperationOption // @public export type MetadataUpdateResponse = MetadataModel; +// @public +export interface MicrosoftPurviewInformationProtectionCheckRequirements extends DataConnectorsCheckRequirements { + kind: "MicrosoftPurviewInformationProtection"; + tenantId?: string; +} + +// @public +export interface MicrosoftPurviewInformationProtectionCheckRequirementsProperties extends DataConnectorTenantId { +} + +// @public +export interface MicrosoftPurviewInformationProtectionConnectorDataTypes { + logs: MicrosoftPurviewInformationProtectionConnectorDataTypesLogs; +} + +// @public +export interface MicrosoftPurviewInformationProtectionConnectorDataTypesLogs extends DataConnectorDataTypeCommon { +} + +// @public +export interface MicrosoftPurviewInformationProtectionDataConnector extends DataConnector { + dataTypes?: MicrosoftPurviewInformationProtectionConnectorDataTypes; + kind: "MicrosoftPurviewInformationProtection"; + tenantId?: string; +} + +// @public +export interface MicrosoftPurviewInformationProtectionDataConnectorProperties extends DataConnectorTenantId { + dataTypes: MicrosoftPurviewInformationProtectionConnectorDataTypes; +} + // @public export interface MicrosoftSecurityIncidentCreationAlertRule extends AlertRule { alertRuleTemplateName?: string; @@ -3903,15 +4180,21 @@ export interface MTPCheckRequirementsProperties extends DataConnectorTenantId { // @public export interface MTPDataConnector extends DataConnector { dataTypes?: MTPDataConnectorDataTypes; + filteredProviders?: MtpFilteredProviders; kind: "MicrosoftThreatProtection"; tenantId?: string; } // @public export interface MTPDataConnectorDataTypes { + alerts?: MTPDataConnectorDataTypesAlerts; incidents: MTPDataConnectorDataTypesIncidents; } +// @public +export interface MTPDataConnectorDataTypesAlerts extends DataConnectorDataTypeCommon { +} + // @public export interface MTPDataConnectorDataTypesIncidents extends DataConnectorDataTypeCommon { } @@ -3919,12 +4202,21 @@ export interface MTPDataConnectorDataTypesIncidents extends DataConnectorDataTyp // @public export interface MTPDataConnectorProperties extends DataConnectorTenantId { dataTypes: MTPDataConnectorDataTypes; + filteredProviders?: MtpFilteredProviders; +} + +// @public +export interface MtpFilteredProviders { + alerts: MtpProvider[]; } +// @public +export type MtpProvider = string; + // @public export interface NicEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly friendlyName?: string; readonly ipAddressEntityId?: string; @@ -3956,6 +4248,7 @@ export interface NrtAlertRule extends AlertRule { kind: "NRT"; readonly lastModifiedUtc?: Date; query?: string; + sentinelEntitiesMappings?: SentinelEntityMapping[]; severity?: AlertSeverity; suppressionDuration?: string; suppressionEnabled?: boolean; @@ -3980,6 +4273,7 @@ export interface NrtAlertRuleTemplate extends AlertRuleTemplate { readonly lastUpdatedDateUTC?: Date; query?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; + sentinelEntitiesMappings?: SentinelEntityMapping[]; severity?: AlertSeverity; status?: TemplateStatus; tactics?: AttackTactic[]; @@ -4250,11 +4544,14 @@ export interface PlaybookActionProperties { // @public export type PollingFrequency = string; +// @public +export type Priority = string; + // @public export interface ProcessEntity extends Entity { readonly accountEntityId?: string; readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly commandLine?: string; readonly creationTimeUtc?: Date; @@ -4345,6 +4642,9 @@ export interface PropertyConditionProperties extends AutomationRuleCondition { // @public export type ProviderName = string; +// @public +export type ProvisioningState = string; + // @public export interface QueryBasedAlertRuleTemplateProperties { alertDetailsOverride?: AlertDetailsOverride; @@ -4354,17 +4654,61 @@ export interface QueryBasedAlertRuleTemplateProperties { entityMappings?: EntityMapping[]; eventGroupingSettings?: EventGroupingSettings; query?: string; + sentinelEntitiesMappings?: SentinelEntityMapping[]; severity?: AlertSeverity; version?: string; } +// @public +export interface Recommendation { + actions: RecommendedAction[]; + additionalProperties?: { + [propertyName: string]: string; + }; + category: Category; + content?: Content; + context: Context; + description: string; + displayUntilTimeUtc?: Date; + hideUntilTimeUtc?: Date; + id: string; + instructions: Instructions; + lastEvaluatedTimeUtc: Date; + priority: Priority; + recommendationTypeId: string; + recommendationTypeTitle: string; + resourceId?: string; + state: State; + title: string; + visible?: boolean; + workspaceId: string; +} + +// @public +export interface RecommendationList { + value?: Recommendation[]; +} + +// @public +export interface RecommendationPatch { + hideUntilTimeUtc?: Date; + state?: State; +} + +// @public +export interface RecommendedAction { + linkText: string; + linkUrl: string; + state?: Priority; +} + // @public export type RegistryHive = string; // @public export interface RegistryKeyEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly friendlyName?: string; readonly hive?: RegistryHive; @@ -4381,7 +4725,7 @@ export interface RegistryKeyEntityProperties extends EntityCommonProperties { // @public export interface RegistryValueEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly friendlyName?: string; readonly keyEntityId?: string; @@ -4502,6 +4846,7 @@ export interface ScheduledAlertRule extends AlertRule { query?: string; queryFrequency?: string; queryPeriod?: string; + sentinelEntitiesMappings?: SentinelEntityMapping[]; severity?: AlertSeverity; suppressionDuration?: string; suppressionEnabled?: boolean; @@ -4523,6 +4868,7 @@ export interface ScheduledAlertRuleCommonProperties { query?: string; queryFrequency?: string; queryPeriod?: string; + sentinelEntitiesMappings?: SentinelEntityMapping[]; severity?: AlertSeverity; triggerOperator?: TriggerOperator; triggerThreshold?: number; @@ -4561,6 +4907,7 @@ export interface ScheduledAlertRuleTemplate extends AlertRuleTemplate { queryFrequency?: string; queryPeriod?: string; requiredDataConnectors?: AlertRuleTemplateDataSource[]; + sentinelEntitiesMappings?: SentinelEntityMapping[]; severity?: AlertSeverity; status?: TemplateStatus; tactics?: AttackTactic[]; @@ -4573,7 +4920,7 @@ export interface ScheduledAlertRuleTemplate extends AlertRuleTemplate { // @public export interface SecurityAlert extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly alertDisplayName?: string; readonly alertLink?: string; @@ -4646,17 +4993,19 @@ export interface SecurityAlertTimelineItem extends EntityTimelineItem { description?: string; displayName: string; endTimeUtc: Date; + readonly intent?: KillChainIntent; kind: "SecurityAlert"; productName?: string; severity: AlertSeverity; startTimeUtc: Date; + techniques?: string[]; timeGenerated: Date; } // @public export interface SecurityGroupEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly distinguishedName?: string; readonly friendlyName?: string; @@ -4680,6 +5029,8 @@ export class SecurityInsights extends coreClient.ServiceClient { // (undocumented) actions: Actions; // (undocumented) + alertRuleOperations: AlertRuleOperations; + // (undocumented) alertRules: AlertRules; // (undocumented) alertRuleTemplates: AlertRuleTemplates; @@ -4714,12 +5065,20 @@ export class SecurityInsights extends coreClient.ServiceClient { // (undocumented) fileImports: FileImports; // (undocumented) + get: Get; + // (undocumented) + getRecommendations: GetRecommendations; + // (undocumented) + getTriggeredAnalyticsRuleRuns: GetTriggeredAnalyticsRuleRuns; + // (undocumented) incidentComments: IncidentComments; // (undocumented) incidentRelations: IncidentRelations; // (undocumented) incidents: Incidents; // (undocumented) + incidentTasks: IncidentTasks; + // (undocumented) iPGeodata: IPGeodata; // (undocumented) metadata: Metadata; @@ -4746,6 +5105,10 @@ export class SecurityInsights extends coreClient.ServiceClient { // (undocumented) threatIntelligenceIndicators: ThreatIntelligenceIndicators; // (undocumented) + triggeredAnalyticsRuleRunOperations: TriggeredAnalyticsRuleRunOperations; + // (undocumented) + update: Update; + // (undocumented) watchlistItems: WatchlistItems; // (undocumented) watchlists: Watchlists; @@ -4821,6 +5184,11 @@ export type SecurityMLAnalyticsSettingsListResponse = SecurityMLAnalyticsSetting // @public (undocumented) export type SecurityMLAnalyticsSettingUnion = SecurityMLAnalyticsSetting | AnomalySecurityMLAnalyticsSettings; +// @public +export interface SentinelEntityMapping { + columnName?: string; +} + // @public export interface SentinelOnboardingState extends ResourceWithEtag { customerManagedKey?: boolean; @@ -4971,10 +5339,13 @@ export type SourceKind = string; // @public export type SourceType = string; +// @public +export type State = string; + // @public export interface SubmissionMailEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly friendlyName?: string; kind: "SubmissionMail"; @@ -5175,7 +5546,7 @@ export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceM // @public export interface ThreatIntelligenceIndicatorModel extends ThreatIntelligenceInformation { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; confidence?: number; created?: string; @@ -5457,6 +5828,39 @@ export interface TiTaxiiDataConnectorProperties extends DataConnectorTenantId { workspaceId?: string; } +// @public +export interface TriggeredAnalyticsRuleRun extends ResourceWithEtag { + // (undocumented) + executionTimeUtc: Date; + provisioningState: ProvisioningState; + // (undocumented) + ruleId: string; + ruleRunAdditionalData?: { + [propertyName: string]: any; + }; + // (undocumented) + triggeredAnalyticsRuleRunId: string; +} + +// @public +export interface TriggeredAnalyticsRuleRunGetOptionalParams extends coreClient.OperationOptions { +} + +// @public +export type TriggeredAnalyticsRuleRunGetResponse = TriggeredAnalyticsRuleRun; + +// @public +export interface TriggeredAnalyticsRuleRunOperations { + get(resourceGroupName: string, workspaceName: string, ruleRunId: string, options?: TriggeredAnalyticsRuleRunGetOptionalParams): Promise; +} + +// @public +export interface TriggeredAnalyticsRuleRuns { + readonly nextLink?: string; + // (undocumented) + value: TriggeredAnalyticsRuleRun[]; +} + // @public export type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual"; @@ -5475,10 +5879,25 @@ export interface Ueba extends Settings { // @public export type UebaDataSources = string; +// @public +export interface Update { + beginRecommendation(resourceGroupName: string, workspaceName: string, recommendationId: string, recommendationPatch: RecommendationPatch[], options?: UpdateRecommendationOptionalParams): Promise, UpdateRecommendationResponse>>; + beginRecommendationAndWait(resourceGroupName: string, workspaceName: string, recommendationId: string, recommendationPatch: RecommendationPatch[], options?: UpdateRecommendationOptionalParams): Promise; +} + +// @public +export interface UpdateRecommendationOptionalParams extends coreClient.OperationOptions { + resumeFrom?: string; + updateIntervalInMs?: number; +} + +// @public +export type UpdateRecommendationResponse = Recommendation; + // @public export interface UrlEntity extends Entity { readonly additionalData?: { - [propertyName: string]: Record; + [propertyName: string]: any; }; readonly friendlyName?: string; kind: "Url"; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/index.ts b/sdk/securityinsight/arm-securityinsight/src/models/index.ts index ce2c0ea1f1ab..ca091ddd39b8 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/index.ts @@ -17,6 +17,7 @@ export type AutomationRuleConditionUnion = | PropertyConditionProperties; export type AutomationRuleActionUnion = | AutomationRuleAction + | AutomationRuleAddIncidentTaskAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction; export type EntityTimelineItemUnion = @@ -40,6 +41,7 @@ export type DataConnectorsCheckRequirementsUnion = | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements + | MicrosoftPurviewInformationProtectionCheckRequirements | Office365ProjectCheckRequirements | OfficePowerBICheckRequirements | TICheckRequirements @@ -119,6 +121,7 @@ export type DataConnectorUnion = | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector + | MicrosoftPurviewInformationProtectionDataConnector | Office365ProjectDataConnector | OfficePowerBIDataConnector | OfficeIRMDataConnector @@ -229,6 +232,18 @@ export interface AlertRuleTemplatesList { value: AlertRuleTemplateUnion[]; } +/** The triggered analytics rule run array */ +export interface TriggeredAnalyticsRuleRuns { + value: TriggeredAnalyticsRuleRun[]; + /** NOTE: This property will not be serialized. It can only be populated by the server. */ + readonly nextLink?: string; +} + +/** Analytics Rule Run Trigger request */ +export interface AnalyticsRuleRunTrigger { + executionTimeUtc: Date; +} + /** Describes automation rule triggering logic. */ export interface AutomationRuleTriggeringLogic { /** Determines whether the automation rule is enabled or disabled. */ @@ -255,7 +270,7 @@ export interface AutomationRuleCondition { /** Describes an automation rule action. */ export interface AutomationRuleAction { /** Polymorphic discriminator, which specifies the different types this object can be */ - actionType: "ModifyProperties" | "RunPlaybook"; + actionType: "AddIncidentTask" | "ModifyProperties" | "RunPlaybook"; order: number; } @@ -559,7 +574,7 @@ export interface EntityEdges { /** The target entity Id. */ targetEntityId?: string; /** A bag of custom fields that should be part of the entity and will be presented to the user. */ - additionalData?: { [propertyName: string]: Record }; + additionalData?: { [propertyName: string]: any }; } /** The parameters required to execute s timeline operation on the given entity. */ @@ -776,13 +791,37 @@ export interface ValidationError { /** List all the incidents. */ export interface IncidentList { + value: Incident[]; /** * URL to fetch the next set of incidents. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of incidents. */ - value: Incident[]; +} + +/** Information on the user an incident is assigned to */ +export interface IncidentOwnerInfo { + /** The email of the user the incident is assigned to. */ + email?: string; + /** The name of the user the incident is assigned to. */ + assignedTo?: string; + /** The object id of the user the incident is assigned to. */ + objectId?: string; + /** The user principal name of the user the incident is assigned to. */ + userPrincipalName?: string; + /** The type of the owner the incident is assigned to. */ + ownerType?: OwnerType; +} + +/** Represents an incident label */ +export interface IncidentLabel { + /** The name of the label */ + labelName: string; + /** + * The type of the label + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly labelType?: IncidentLabelType; } /** Incident additional data property bag. */ @@ -807,46 +846,21 @@ export interface IncidentAdditionalData { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly alertProductNames?: string[]; - /** - * The provider incident url to the incident in Microsoft 365 Defender portal - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly providerIncidentUrl?: string; /** * The tactics associated with incident * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; /** - * The techniques associated with incident's tactics' + * The techniques associated with incident's tactics * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly techniques?: string[]; -} - -/** Represents an incident label */ -export interface IncidentLabel { - /** The name of the label */ - labelName: string; /** - * The type of the label + * The provider incident url to the incident in Microsoft 365 Defender portal * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly labelType?: IncidentLabelType; -} - -/** Information on the user an incident is assigned to */ -export interface IncidentOwnerInfo { - /** The email of the user the incident is assigned to. */ - email?: string; - /** The name of the user the incident is assigned to. */ - assignedTo?: string; - /** The object id of the user the incident is assigned to. */ - objectId?: string; - /** The user principal name of the user the incident is assigned to. */ - userPrincipalName?: string; - /** The type of the owner the incident is assigned to. */ - ownerType?: OwnerType; + readonly providerIncidentUrl?: string; } /** Describes team information */ @@ -878,18 +892,6 @@ export interface TeamInformation { readonly description?: string; } -/** Describes team properties */ -export interface TeamProperties { - /** The name of the team */ - teamName: string; - /** The description of the team */ - teamDescription?: string; - /** List of member IDs to add to the team */ - memberIds?: string[]; - /** List of group IDs to add their members to the team */ - groupIds?: string[]; -} - /** List of incident alerts. */ export interface IncidentAlertList { /** Array of incident alerts. */ @@ -916,7 +918,7 @@ export interface EntityCommonProperties { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -930,15 +932,10 @@ export interface IncidentBookmarkList { value: HuntingBookmark[]; } -/** List of incident comments. */ export interface IncidentCommentList { - /** - * URL to fetch the next set of comments. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of comments. */ value: IncidentComment[]; + /** NOTE: This property will not be serialized. It can only be populated by the server. */ + readonly nextLink?: string; } /** The incident related entities response. */ @@ -951,10 +948,15 @@ export interface IncidentEntitiesResponse { /** Information of a specific aggregation in the incident related entities result. */ export interface IncidentEntitiesResultsMetadata { - /** Total number of aggregations of the given kind in the incident related entities result. */ - count: number; /** The kind of the aggregated entity. */ entityKind: EntityKind; + /** Total number of aggregations of the given kind in the incident related entities result. */ + count: number; +} + +export interface IncidentTaskList { + value?: IncidentTask[]; + nextLink?: string; } /** List of all the metadata. */ @@ -1041,6 +1043,90 @@ export interface SentinelOnboardingStatesList { value: SentinelOnboardingState[]; } +/** A list of recommendations */ +export interface RecommendationList { + /** An list of recommendations */ + value?: Recommendation[]; +} + +/** Recommendation object. */ +export interface Recommendation { + /** id of recommendation. */ + id: string; + /** Instructions of the recommendation. */ + instructions: Instructions; + /** Content of the recommendation. */ + content?: Content; + /** Id of the resource this recommendation refers to. */ + resourceId?: string; + /** Collection of additional properties for the recommendation. */ + additionalProperties?: { [propertyName: string]: string }; + /** Title of the recommendation. */ + title: string; + /** Description of the recommendation. */ + description: string; + /** Title of the recommendation type. */ + recommendationTypeTitle: string; + /** Id of the recommendation type. */ + recommendationTypeId: string; + /** Category of the recommendation. */ + category: Category; + /** Context of the recommendation. */ + context: Context; + /** Id of the workspace this recommendation refers to. */ + workspaceId: string; + /** List of actions to take for this recommendation. */ + actions: RecommendedAction[]; + /** State of the recommendation. */ + state: State; + /** Priority of the recommendation. */ + priority: Priority; + /** The time stamp (UTC) when the recommendation was last evaluated. */ + lastEvaluatedTimeUtc: Date; + /** The time stamp (UTC) when the recommendation should be displayed again. */ + hideUntilTimeUtc?: Date; + /** The timestamp (UTC) after which the recommendation should not be displayed anymore. */ + displayUntilTimeUtc?: Date; + /** Value indicating if the recommendation should be displayed or not. */ + visible?: boolean; +} + +/** Instructions section of a recommendation. */ +export interface Instructions { + /** What actions should be taken to complete the recommendation. */ + actionsToBePerformed: string; + /** Explains why the recommendation is important. */ + recommendationImportance: string; + /** How should the user complete the recommendation. */ + howToPerformActionDetails?: string; +} + +/** Content section of the recommendation. */ +export interface Content { + /** Title of the content. */ + title: string; + /** Description of the content. */ + description: string; +} + +/** What actions should be taken to complete the recommendation. */ +export interface RecommendedAction { + /** Text of the link to complete the action. */ + linkText: string; + /** The Link to complete the action. */ + linkUrl: string; + /** The state of the action. */ + state?: Priority; +} + +/** Recommendation Fields to update. */ +export interface RecommendationPatch { + /** State of the recommendation. */ + state?: State; + /** The time stamp (UTC) when the recommendation should be displayed again. */ + hideUntilTimeUtc?: Date; +} + /** List all the SecurityMLAnalyticsSettings */ export interface SecurityMLAnalyticsSettingsList { /** @@ -1381,6 +1467,7 @@ export interface DataConnectorsCheckRequirements { | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" + | "MicrosoftPurviewInformationProtection" | "Office365Project" | "OfficePowerBI" | "ThreatIntelligence" @@ -1479,6 +1566,8 @@ export interface QueryBasedAlertRuleTemplateProperties { alertDetailsOverride?: AlertDetailsOverride; /** The event grouping settings. */ eventGroupingSettings?: EventGroupingSettings; + /** Array of the sentinel entity mappings of the alert rule */ + sentinelEntitiesMappings?: SentinelEntityMapping[]; } /** Single entity mapping for the alert rule */ @@ -1507,6 +1596,16 @@ export interface AlertDetailsOverride { alertTacticsColumnName?: string; /** the column name to take the alert severity from */ alertSeverityColumnName?: string; + /** List of additional dynamic properties to override */ + alertDynamicProperties?: AlertPropertyMapping[]; +} + +/** A single alert property mapping to override */ +export interface AlertPropertyMapping { + /** The V3 alert property */ + alertProperty?: AlertProperty; + /** the column name to use to override this property */ + value?: string; } /** Event grouping settings property bag. */ @@ -1515,6 +1614,12 @@ export interface EventGroupingSettings { aggregationKind?: EventGroupingAggregationKind; } +/** A single sentinel entity mapping */ +export interface SentinelEntityMapping { + /** the column name to be mapped to the SentinelEntities */ + columnName?: string; +} + /** Represents a supported source signal configuration in Fusion detection. */ export interface FusionSourceSettings { /** Determines whether this source signal is enabled or disabled in Fusion detection. */ @@ -1656,6 +1761,15 @@ export interface ScheduledAlertRuleCommonProperties { entityMappings?: EntityMapping[]; /** The alert details override settings */ alertDetailsOverride?: AlertDetailsOverride; + /** Array of the sentinel entity mappings of the alert rule */ + sentinelEntitiesMappings?: SentinelEntityMapping[]; +} + +export interface AddIncidentTaskActionProperties { + /** The title of the task. */ + title: string; + /** The description of the task. */ + description?: string; } export interface AutomationRuleBooleanCondition { @@ -1806,6 +1920,18 @@ export interface DataTypeDefinitions { dataType?: string; } +/** Describes team properties */ +export interface TeamProperties { + /** The name of the team */ + teamName: string; + /** The description of the team */ + teamDescription?: string; + /** List of group IDs to add their members to the team */ + groupIds?: string[]; + /** List of member IDs to add to the team */ + memberIds?: string[]; +} + /** security ml analytics settings data sources */ export interface SecurityMLAnalyticsSettingsDataSource { /** The connector id that provides the following data types */ @@ -1848,8 +1974,16 @@ export interface MstiDataConnectorDataTypes { /** The available data types for Microsoft Threat Protection Platforms data connector. */ export interface MTPDataConnectorDataTypes { - /** Data type for Microsoft Threat Protection Platforms data connector. */ + /** Incidents data type for Microsoft Threat Protection Platforms data connector. */ incidents: MTPDataConnectorDataTypesIncidents; + /** Alerts data type for Microsoft Threat Protection Platforms data connector. */ + alerts?: MTPDataConnectorDataTypesAlerts; +} + +/** Represents the connector's Filtered providers */ +export interface MtpFilteredProviders { + /** Alerts filtered providers. When filters are not applied, all alerts will stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which are in GA state. */ + alerts: MtpProvider[]; } /** The available data types for Amazon Web Services CloudTrail data connector. */ @@ -1870,6 +2004,12 @@ export interface Dynamics365DataConnectorDataTypes { dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities; } +/** The available data types for Microsoft Purview Information Protection data connector. */ +export interface MicrosoftPurviewInformationProtectionConnectorDataTypes { + /** Logs data type. */ + logs: MicrosoftPurviewInformationProtectionConnectorDataTypesLogs; +} + /** The available data types for Office Microsoft Project data connector. */ export interface Office365ProjectConnectorDataTypes { /** Logs data type. */ @@ -2352,6 +2492,14 @@ export interface PropertyConditionProperties extends AutomationRuleCondition { conditionProperties?: AutomationRulePropertyValuesCondition; } +/** Describes an automation rule action to add a task to an incident */ +export interface AutomationRuleAddIncidentTaskAction + extends AutomationRuleAction { + /** Polymorphic discriminator, which specifies the different types this object can be */ + actionType: "AddIncidentTask"; + actionConfiguration?: AddIncidentTaskActionProperties; +} + /** Describes an automation rule action to modify an object's properties */ export interface AutomationRuleModifyPropertiesAction extends AutomationRuleAction { @@ -2459,6 +2607,13 @@ export interface SecurityAlertTimelineItem extends EntityTimelineItem { timeGenerated: Date; /** The name of the alert type. */ alertType: string; + /** + * The intent of the alert. + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly intent?: KillChainIntent; + /** The techniques of the alert. */ + techniques?: string[]; } /** Represents Insight Query. */ @@ -3563,6 +3718,15 @@ export interface OfficeIRMCheckRequirements tenantId?: string; } +/** Represents MicrosoftPurviewInformationProtection requirements check request. */ +export interface MicrosoftPurviewInformationProtectionCheckRequirements + extends DataConnectorsCheckRequirements { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "MicrosoftPurviewInformationProtection"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; +} + /** Represents Office365 Project requirements check request. */ export interface Office365ProjectCheckRequirements extends DataConnectorsCheckRequirements { @@ -3735,6 +3899,10 @@ export interface OfficeATPCheckRequirementsProperties export interface OfficeIRMCheckRequirementsProperties extends DataConnectorTenantId {} +/** MicrosoftPurviewInformationProtection requirements check properties. */ +export interface MicrosoftPurviewInformationProtectionCheckRequirementsProperties + extends DataConnectorTenantId {} + /** Office365 Project requirements check properties. */ export interface Office365ProjectCheckRequirementsProperties extends DataConnectorTenantId {} @@ -3765,6 +3933,8 @@ export interface MstiDataConnectorProperties extends DataConnectorTenantId { export interface MTPDataConnectorProperties extends DataConnectorTenantId { /** The available data types for the connector. */ dataTypes: MTPDataConnectorDataTypes; + /** The available filtered providers for the connector. */ + filteredProviders?: MtpFilteredProviders; } /** AATP (Azure Advanced Threat Protection) data connector properties. */ @@ -3790,6 +3960,13 @@ export interface OfficeATPDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {} +/** Microsoft Purview Information Protection data connector properties. */ +export interface MicrosoftPurviewInformationProtectionDataConnectorProperties + extends DataConnectorTenantId { + /** The available data types for the connector. */ + dataTypes: MicrosoftPurviewInformationProtectionConnectorDataTypes; +} + /** Office Microsoft Project data connector properties. */ export interface Office365ProjectDataConnectorProperties extends DataConnectorTenantId { @@ -3885,10 +4062,14 @@ export interface MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed lookbackPeriod: string; } -/** Data type for Microsoft Threat Protection Platforms data connector. */ +/** Incidents data type for Microsoft Threat Protection Platforms data connector. */ export interface MTPDataConnectorDataTypesIncidents extends DataConnectorDataTypeCommon {} +/** Alerts data type for Microsoft Threat Protection Platforms data connector. */ +export interface MTPDataConnectorDataTypesAlerts + extends DataConnectorDataTypeCommon {} + /** Logs data type. */ export interface AwsCloudTrailDataConnectorDataTypesLogs extends DataConnectorDataTypeCommon {} @@ -3901,6 +4082,10 @@ export interface AwsS3DataConnectorDataTypesLogs export interface Dynamics365DataConnectorDataTypesDynamics365CdsActivities extends DataConnectorDataTypeCommon {} +/** Logs data type. */ +export interface MicrosoftPurviewInformationProtectionConnectorDataTypesLogs + extends DataConnectorDataTypeCommon {} + /** Logs data type. */ export interface Office365ProjectConnectorDataTypesLogs extends DataConnectorDataTypeCommon {} @@ -3974,6 +4159,17 @@ export interface ActionRequest extends ResourceWithEtag { triggerUri?: string; } +/** The triggered analytics rule run */ +export interface TriggeredAnalyticsRuleRun extends ResourceWithEtag { + executionTimeUtc: Date; + ruleId: string; + triggeredAnalyticsRuleRunId: string; + /** The triggered analytics rule run provisioning state */ + provisioningState: ProvisioningState; + /** Dictionary of */ + ruleRunAdditionalData?: { [propertyName: string]: any }; +} + export interface AutomationRule extends ResourceWithEtag { /** The display name of the automation rule. */ displayName: string; @@ -4074,70 +4270,71 @@ export interface CustomEntityQuery extends ResourceWithEtag { kind: CustomEntityQueryKind; } -/** Represents an incident in Azure Security Insights. */ export interface Incident extends ResourceWithEtag { - /** - * Additional data on the incident - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: IncidentAdditionalData; + /** The title of the incident */ + title?: string; + /** The description of the incident */ + description?: string; + /** The severity of the incident */ + severity?: IncidentSeverity; + /** The status of the incident */ + status?: IncidentStatus; /** The reason the incident was closed */ classification?: IncidentClassification; - /** Describes the reason the incident was closed */ - classificationComment?: string; /** The classification reason the incident was closed with */ classificationReason?: IncidentClassificationReason; + /** Describes the reason the incident was closed */ + classificationComment?: string; + /** Describes a user that the incident is assigned to */ + owner?: IncidentOwnerInfo; + /** List of labels relevant to this incident */ + labels?: IncidentLabel[]; + /** The time of the first activity in the incident */ + firstActivityTimeUtc?: Date; + /** The time of the last activity in the incident */ + lastActivityTimeUtc?: Date; /** - * The time the incident was created + * The last time the incident was updated * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly createdTimeUtc?: Date; - /** The description of the incident */ - description?: string; - /** The time of the first activity in the incident */ - firstActivityTimeUtc?: Date; + readonly lastModifiedTimeUtc?: Date; /** - * The deep-link url to the incident in Azure portal + * The time the incident was created * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly incidentUrl?: string; + readonly createdTimeUtc?: Date; /** * A sequential number * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly incidentNumber?: number; - /** List of labels relevant to this incident */ - labels?: IncidentLabel[]; - /** The name of the source provider that generated the incident */ - providerName?: string; - /** The incident ID assigned by the incident provider */ - providerIncidentId?: string; - /** The time of the last activity in the incident */ - lastActivityTimeUtc?: Date; /** - * The last time the incident was updated + * Additional data on the incident * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly lastModifiedTimeUtc?: Date; - /** Describes a user that the incident is assigned to */ - owner?: IncidentOwnerInfo; + readonly additionalData?: IncidentAdditionalData; /** * List of resource ids of Analytic rules related to the incident * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly relatedAnalyticRuleIds?: string[]; - /** The severity of the incident */ - severity?: IncidentSeverity; - /** The status of the incident */ - status?: IncidentStatus; + /** + * The deep-link url to the incident in Azure portal + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly incidentUrl?: string; + /** The name of the source provider that generated the incident */ + providerName?: string; + /** The incident ID assigned by the incident provider */ + providerIncidentId?: string; /** Describes a team for the incident */ teamInformation?: TeamInformation; - /** The title of the incident */ - title?: string; } /** Represents an incident comment */ export interface IncidentComment extends ResourceWithEtag { + /** The comment message */ + message?: string; /** * The time the comment was created * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4148,8 +4345,6 @@ export interface IncidentComment extends ResourceWithEtag { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedTimeUtc?: Date; - /** The comment message */ - message?: string; /** * Describes the client that created the comment * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4157,6 +4352,28 @@ export interface IncidentComment extends ResourceWithEtag { readonly author?: ClientInfo; } +export interface IncidentTask extends ResourceWithEtag { + /** The title of the task */ + title: string; + /** The description of the task */ + description?: string; + status: IncidentTaskStatus; + /** + * The time the task was created + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly createdTimeUtc?: Date; + /** + * The last time the task was updated + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly lastModifiedTimeUtc?: Date; + /** Information on the client (user or application) that made some action */ + createdBy?: ClientInfo; + /** Information on the client (user or application) that made some action */ + lastModifiedBy?: ClientInfo; +} + /** Metadata resource definition. */ export interface MetadataModel extends ResourceWithEtag { /** Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name */ @@ -4547,6 +4764,8 @@ export interface ScheduledAlertRuleTemplate extends AlertRuleTemplate { entityMappings?: EntityMapping[]; /** The alert details override settings */ alertDetailsOverride?: AlertDetailsOverride; + /** Array of the sentinel entity mappings of the alert rule */ + sentinelEntitiesMappings?: SentinelEntityMapping[]; } /** Represents NRT alert rule template. */ @@ -4591,6 +4810,8 @@ export interface NrtAlertRuleTemplate extends AlertRuleTemplate { alertDetailsOverride?: AlertDetailsOverride; /** The event grouping settings. */ eventGroupingSettings?: EventGroupingSettings; + /** Array of the sentinel entity mappings of the alert rule */ + sentinelEntitiesMappings?: SentinelEntityMapping[]; } /** Represents a security alert entity. */ @@ -4601,7 +4822,7 @@ export interface SecurityAlert extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4739,7 +4960,7 @@ export interface HuntingBookmark extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4777,7 +4998,7 @@ export interface AccountEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4853,7 +5074,7 @@ export interface AzureResourceEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4879,7 +5100,7 @@ export interface CloudApplicationEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4910,7 +5131,7 @@ export interface DnsEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4946,7 +5167,7 @@ export interface FileEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4982,7 +5203,7 @@ export interface FileHashEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5008,7 +5229,7 @@ export interface HostEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5066,7 +5287,7 @@ export interface IoTDeviceEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5219,7 +5440,7 @@ export interface IpEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5250,7 +5471,7 @@ export interface MailboxEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5286,7 +5507,7 @@ export interface MailClusterEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5377,7 +5598,7 @@ export interface MailMessageEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5494,7 +5715,7 @@ export interface MalwareEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5530,7 +5751,7 @@ export interface ProcessEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5588,7 +5809,7 @@ export interface RegistryKeyEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5614,7 +5835,7 @@ export interface RegistryValueEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5650,7 +5871,7 @@ export interface SecurityGroupEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5681,7 +5902,7 @@ export interface SubmissionMailEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5747,7 +5968,7 @@ export interface UrlEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5768,7 +5989,7 @@ export interface NicEntity extends Entity { * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -6004,6 +6225,8 @@ export interface ScheduledAlertRule extends AlertRule { entityMappings?: EntityMapping[]; /** The alert details override settings */ alertDetailsOverride?: AlertDetailsOverride; + /** Array of the sentinel entity mappings of the alert rule */ + sentinelEntitiesMappings?: SentinelEntityMapping[]; /** The Name of the alert rule template used to create this rule. */ alertRuleTemplateName?: string; /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ @@ -6072,6 +6295,8 @@ export interface NrtAlertRule extends AlertRule { alertDetailsOverride?: AlertDetailsOverride; /** The event grouping settings. */ eventGroupingSettings?: EventGroupingSettings; + /** Array of the sentinel entity mappings of the alert rule */ + sentinelEntitiesMappings?: SentinelEntityMapping[]; } /** Represents Expansion entity query. */ @@ -6245,7 +6470,7 @@ export interface ThreatIntelligenceIndicatorModel * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly additionalData?: { [propertyName: string]: Record }; + readonly additionalData?: { [propertyName: string]: any }; /** * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -6337,6 +6562,8 @@ export interface MTPDataConnector extends DataConnector { tenantId?: string; /** The available data types for the connector. */ dataTypes?: MTPDataConnectorDataTypes; + /** The available filtered providers for the connector. */ + filteredProviders?: MtpFilteredProviders; } /** Represents AATP (Azure Advanced Threat Protection) data connector. */ @@ -6413,6 +6640,17 @@ export interface OfficeATPDataConnector extends DataConnector { dataTypes?: AlertsDataTypeOfDataConnector; } +/** Represents Microsoft Purview Information Protection data connector. */ +export interface MicrosoftPurviewInformationProtectionDataConnector + extends DataConnector { + /** Polymorphic discriminator, which specifies the different types this object can be */ + kind: "MicrosoftPurviewInformationProtection"; + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: MicrosoftPurviewInformationProtectionConnectorDataTypes; +} + /** Represents Office Microsoft Project data connector. */ export interface Office365ProjectDataConnector extends DataConnector { /** Polymorphic discriminator, which specifies the different types this object can be */ @@ -6529,6 +6767,11 @@ export interface CodelessApiPollingDataConnector extends DataConnector { pollingConfig?: CodelessConnectorPollingConfigProperties; } +/** Defines headers for AlertRule_triggerRuleRun operation. */ +export interface AlertRuleTriggerRuleRunHeaders { + location?: string; +} + /** Defines headers for Watchlists_delete operation. */ export interface WatchlistsDeleteHeaders { /** Contains the status URL on which clients are expected to poll the status of the delete operation. */ @@ -6595,6 +6838,33 @@ export enum KnownCreatedByType { */ export type CreatedByType = string; +/** Known values of {@link ProvisioningState} that the service accepts. */ +export enum KnownProvisioningState { + /** Accepted */ + Accepted = "Accepted", + /** InProgress */ + InProgress = "InProgress", + /** Succeeded */ + Succeeded = "Succeeded", + /** Failed */ + Failed = "Failed", + /** Canceled */ + Canceled = "Canceled" +} + +/** + * Defines values for ProvisioningState. \ + * {@link KnownProvisioningState} can be used interchangeably with ProvisioningState, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Accepted** \ + * **InProgress** \ + * **Succeeded** \ + * **Failed** \ + * **Canceled** + */ +export type ProvisioningState = string; + /** Known values of {@link TriggersOn} that the service accepts. */ export enum KnownTriggersOn { /** Trigger on Incidents */ @@ -6663,7 +6933,9 @@ export enum KnownActionType { /** Modify an object's properties */ ModifyProperties = "ModifyProperties", /** Run a playbook on an object */ - RunPlaybook = "RunPlaybook" + RunPlaybook = "RunPlaybook", + /** Add a task to an incident object */ + AddIncidentTask = "AddIncidentTask" } /** @@ -6672,7 +6944,8 @@ export enum KnownActionType { * this enum contains the known values that the service supports. * ### Known values supported by the service * **ModifyProperties**: Modify an object's properties \ - * **RunPlaybook**: Run a playbook on an object + * **RunPlaybook**: Run a playbook on an object \ + * **AddIncidentTask**: Add a task to an incident object */ export type ActionType = string; @@ -6916,8 +7189,8 @@ export enum KnownGetInsightsError { */ export type GetInsightsError = string; -/** Known values of {@link Enum13} that the service accepts. */ -export enum KnownEnum13 { +/** Known values of {@link Enum14} that the service accepts. */ +export enum KnownEnum14 { /** Expansion */ Expansion = "Expansion", /** Activity */ @@ -6925,14 +7198,14 @@ export enum KnownEnum13 { } /** - * Defines values for Enum13. \ - * {@link KnownEnum13} can be used interchangeably with Enum13, + * Defines values for Enum14. \ + * {@link KnownEnum14} can be used interchangeably with Enum14, * this enum contains the known values that the service supports. * ### Known values supported by the service * **Expansion** \ * **Activity** */ -export type Enum13 = string; +export type Enum14 = string; /** Known values of {@link CustomEntityQueryKind} that the service accepts. */ export enum KnownCustomEntityQueryKind { @@ -7081,6 +7354,27 @@ export enum KnownFileImportState { */ export type FileImportState = string; +/** Known values of {@link IncidentStatus} that the service accepts. */ +export enum KnownIncidentStatus { + /** An active incident which isn't being handled currently */ + New = "New", + /** An active incident which is being handled */ + Active = "Active", + /** A non-active incident */ + Closed = "Closed" +} + +/** + * Defines values for IncidentStatus. \ + * {@link KnownIncidentStatus} can be used interchangeably with IncidentStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **New**: An active incident which isn't being handled currently \ + * **Active**: An active incident which is being handled \ + * **Closed**: A non-active incident + */ +export type IncidentStatus = string; + /** Known values of {@link IncidentClassification} that the service accepts. */ export enum KnownIncidentClassification { /** Incident classification was undetermined */ @@ -7129,24 +7423,6 @@ export enum KnownIncidentClassificationReason { */ export type IncidentClassificationReason = string; -/** Known values of {@link IncidentLabelType} that the service accepts. */ -export enum KnownIncidentLabelType { - /** Label manually created by a user */ - User = "User", - /** Label automatically created by the system */ - AutoAssigned = "AutoAssigned" -} - -/** - * Defines values for IncidentLabelType. \ - * {@link KnownIncidentLabelType} can be used interchangeably with IncidentLabelType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **User**: Label manually created by a user \ - * **AutoAssigned**: Label automatically created by the system - */ -export type IncidentLabelType = string; - /** Known values of {@link OwnerType} that the service accepts. */ export enum KnownOwnerType { /** The incident owner type is unknown */ @@ -7168,26 +7444,23 @@ export enum KnownOwnerType { */ export type OwnerType = string; -/** Known values of {@link IncidentStatus} that the service accepts. */ -export enum KnownIncidentStatus { - /** An active incident which isn't being handled currently */ - New = "New", - /** An active incident which is being handled */ - Active = "Active", - /** A non-active incident */ - Closed = "Closed" +/** Known values of {@link IncidentLabelType} that the service accepts. */ +export enum KnownIncidentLabelType { + /** Label manually created by a user */ + User = "User", + /** Label automatically created by the system */ + AutoAssigned = "AutoAssigned" } /** - * Defines values for IncidentStatus. \ - * {@link KnownIncidentStatus} can be used interchangeably with IncidentStatus, + * Defines values for IncidentLabelType. \ + * {@link KnownIncidentLabelType} can be used interchangeably with IncidentLabelType, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **New**: An active incident which isn't being handled currently \ - * **Active**: An active incident which is being handled \ - * **Closed**: A non-active incident + * **User**: Label manually created by a user \ + * **AutoAssigned**: Label automatically created by the system */ -export type IncidentStatus = string; +export type IncidentLabelType = string; /** Known values of {@link ConfidenceLevel} that the service accepts. */ export enum KnownConfidenceLevel { @@ -7339,6 +7612,24 @@ export enum KnownAlertStatus { */ export type AlertStatus = string; +/** Known values of {@link IncidentTaskStatus} that the service accepts. */ +export enum KnownIncidentTaskStatus { + /** A new task */ + New = "New", + /** A completed task */ + Completed = "Completed" +} + +/** + * Defines values for IncidentTaskStatus. \ + * {@link KnownIncidentTaskStatus} can be used interchangeably with IncidentTaskStatus, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **New**: A new task \ + * **Completed**: A completed task + */ +export type IncidentTaskStatus = string; + /** Known values of {@link Kind} that the service accepts. */ export enum KnownKind { /** DataConnector */ @@ -7465,6 +7756,105 @@ export enum KnownOperator { */ export type Operator = string; +/** Known values of {@link Category} that the service accepts. */ +export enum KnownCategory { + /** Onboarding recommendation. */ + Onboarding = "Onboarding", + /** New feature recommendation. */ + NewFeature = "NewFeature", + /** Soc Efficiency recommendation. */ + SocEfficiency = "SocEfficiency", + /** Cost optimization recommendation. */ + CostOptimization = "CostOptimization", + /** Demo recommendation. */ + Demo = "Demo" +} + +/** + * Defines values for Category. \ + * {@link KnownCategory} can be used interchangeably with Category, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Onboarding**: Onboarding recommendation. \ + * **NewFeature**: New feature recommendation. \ + * **SocEfficiency**: Soc Efficiency recommendation. \ + * **CostOptimization**: Cost optimization recommendation. \ + * **Demo**: Demo recommendation. + */ +export type Category = string; + +/** Known values of {@link Context} that the service accepts. */ +export enum KnownContext { + /** Analytics context. */ + Analytics = "Analytics", + /** Incidents context. */ + Incidents = "Incidents", + /** Overview context. */ + Overview = "Overview", + /** No context. */ + None = "None" +} + +/** + * Defines values for Context. \ + * {@link KnownContext} can be used interchangeably with Context, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Analytics**: Analytics context. \ + * **Incidents**: Incidents context. \ + * **Overview**: Overview context. \ + * **None**: No context. + */ +export type Context = string; + +/** Known values of {@link Priority} that the service accepts. */ +export enum KnownPriority { + /** Low priority for recommendation. */ + Low = "Low", + /** Medium priority for recommendation. */ + Medium = "Medium", + /** High priority for recommendation. */ + High = "High" +} + +/** + * Defines values for Priority. \ + * {@link KnownPriority} can be used interchangeably with Priority, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Low**: Low priority for recommendation. \ + * **Medium**: Medium priority for recommendation. \ + * **High**: High priority for recommendation. + */ +export type Priority = string; + +/** Known values of {@link State} that the service accepts. */ +export enum KnownState { + /** Recommendation is active. */ + Active = "Active", + /** Recommendation is disabled. */ + Disabled = "Disabled", + /** Recommendation has been completed by user. */ + CompletedByUser = "CompletedByUser", + /** Recommendation has been completed by action. */ + CompletedByAction = "CompletedByAction", + /** Recommendation is hidden. */ + Hidden = "Hidden" +} + +/** + * Defines values for State. \ + * {@link KnownState} can be used interchangeably with State, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Active**: Recommendation is active. \ + * **Disabled**: Recommendation is disabled. \ + * **CompletedByUser**: Recommendation has been completed by user. \ + * **CompletedByAction**: Recommendation has been completed by action. \ + * **Hidden**: Recommendation is hidden. + */ +export type State = string; + /** Known values of {@link SecurityMLAnalyticsSettingsKind} that the service accepts. */ export enum KnownSecurityMLAnalyticsSettingsKind { /** Anomaly */ @@ -7698,6 +8088,8 @@ export enum KnownDataConnectorKind { OfficeIRM = "OfficeIRM", /** Office365Project */ Office365Project = "Office365Project", + /** MicrosoftPurviewInformationProtection */ + MicrosoftPurviewInformationProtection = "MicrosoftPurviewInformationProtection", /** OfficePowerBI */ OfficePowerBI = "OfficePowerBI", /** AmazonWebServicesCloudTrail */ @@ -7736,6 +8128,7 @@ export enum KnownDataConnectorKind { * **OfficeATP** \ * **OfficeIRM** \ * **Office365Project** \ + * **MicrosoftPurviewInformationProtection** \ * **OfficePowerBI** \ * **AmazonWebServicesCloudTrail** \ * **AmazonWebServicesS3** \ @@ -7897,6 +8290,45 @@ export enum KnownEntityMappingType { */ export type EntityMappingType = string; +/** Known values of {@link AlertProperty} that the service accepts. */ +export enum KnownAlertProperty { + /** Alert's link */ + AlertLink = "AlertLink", + /** Confidence level property */ + ConfidenceLevel = "ConfidenceLevel", + /** Confidence score */ + ConfidenceScore = "ConfidenceScore", + /** Extended links to the alert */ + ExtendedLinks = "ExtendedLinks", + /** Product name alert property */ + ProductName = "ProductName", + /** Provider name alert property */ + ProviderName = "ProviderName", + /** Product component name alert property */ + ProductComponentName = "ProductComponentName", + /** Remediation steps alert property */ + RemediationSteps = "RemediationSteps", + /** Techniques alert property */ + Techniques = "Techniques" +} + +/** + * Defines values for AlertProperty. \ + * {@link KnownAlertProperty} can be used interchangeably with AlertProperty, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **AlertLink**: Alert's link \ + * **ConfidenceLevel**: Confidence level property \ + * **ConfidenceScore**: Confidence score \ + * **ExtendedLinks**: Extended links to the alert \ + * **ProductName**: Product name alert property \ + * **ProviderName**: Provider name alert property \ + * **ProductComponentName**: Product component name alert property \ + * **RemediationSteps**: Remediation steps alert property \ + * **Techniques**: Techniques alert property + */ +export type AlertProperty = string; + /** Known values of {@link EventGroupingAggregationKind} that the service accepts. */ export enum KnownEventGroupingAggregationKind { /** SingleAlert */ @@ -8518,6 +8950,24 @@ export enum KnownDataTypeState { */ export type DataTypeState = string; +/** Known values of {@link MtpProvider} that the service accepts. */ +export enum KnownMtpProvider { + /** MicrosoftDefenderForCloudApps */ + MicrosoftDefenderForCloudApps = "microsoftDefenderForCloudApps", + /** MicrosoftDefenderForIdentity */ + MicrosoftDefenderForIdentity = "microsoftDefenderForIdentity" +} + +/** + * Defines values for MtpProvider. \ + * {@link KnownMtpProvider} can be used interchangeably with MtpProvider, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **microsoftDefenderForCloudApps** \ + * **microsoftDefenderForIdentity** + */ +export type MtpProvider = string; + /** Known values of {@link PollingFrequency} that the service accepts. */ export enum KnownPollingFrequency { /** Once a minute */ @@ -8887,6 +9337,39 @@ export interface AlertRuleTemplatesListNextOptionalParams /** Contains response data for the listNext operation. */ export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList; +/** Optional parameters. */ +export interface TriggeredAnalyticsRuleRunGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type TriggeredAnalyticsRuleRunGetResponse = TriggeredAnalyticsRuleRun; + +/** Optional parameters. */ +export interface GetTriggeredAnalyticsRuleRunsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type GetTriggeredAnalyticsRuleRunsListResponse = TriggeredAnalyticsRuleRuns; + +/** Optional parameters. */ +export interface GetTriggeredAnalyticsRuleRunsListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type GetTriggeredAnalyticsRuleRunsListNextResponse = TriggeredAnalyticsRuleRuns; + +/** Optional parameters. */ +export interface AlertRuleTriggerRuleRunOptionalParams + extends coreClient.OperationOptions { + /** Delay to wait until next poll, in milliseconds. */ + updateIntervalInMs?: number; + /** A serialized poller which can be used to resume an existing paused Long-Running-Operation. */ + resumeFrom?: string; +} + +/** Contains response data for the triggerRuleRun operation. */ +export type AlertRuleTriggerRuleRunResponse = AlertRuleTriggerRuleRunHeaders; + /** Optional parameters. */ export interface AutomationRulesGetOptionalParams extends coreClient.OperationOptions {} @@ -9042,10 +9525,10 @@ export interface BookmarkRelationsListOptionalParams filter?: string; /** Sorts the results. Optional. */ orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ skipToken?: string; + /** Returns only the first n results. Optional. */ + top?: number; } /** Contains response data for the list operation. */ @@ -9153,10 +9636,10 @@ export interface EntitiesRelationsListOptionalParams filter?: string; /** Sorts the results. Optional. */ orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ skipToken?: string; + /** Returns only the first n results. Optional. */ + top?: number; } /** Contains response data for the list operation. */ @@ -9180,7 +9663,7 @@ export type EntityRelationsGetRelationResponse = Relation; export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { /** The entity query kind we want to fetch */ - kind?: Enum13; + kind?: Enum14; } /** Contains response data for the list operation. */ @@ -9239,10 +9722,10 @@ export interface FileImportsListOptionalParams filter?: string; /** Sorts the results. Optional. */ orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ skipToken?: string; + /** Returns only the first n results. Optional. */ + top?: number; } /** Contains response data for the list operation. */ @@ -9288,10 +9771,10 @@ export interface IncidentCommentsListOptionalParams filter?: string; /** Sorts the results. Optional. */ orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ skipToken?: string; + /** Returns only the first n results. Optional. */ + top?: number; } /** Contains response data for the list operation. */ @@ -9329,10 +9812,10 @@ export interface IncidentRelationsListOptionalParams filter?: string; /** Sorts the results. Optional. */ orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ skipToken?: string; + /** Returns only the first n results. Optional. */ + top?: number; } /** Contains response data for the list operation. */ @@ -9363,6 +9846,38 @@ export interface IncidentRelationsListNextOptionalParams /** Contains response data for the listNext operation. */ export type IncidentRelationsListNextResponse = RelationList; +/** Optional parameters. */ +export interface IncidentTasksListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type IncidentTasksListResponse = IncidentTaskList; + +/** Optional parameters. */ +export interface IncidentTasksGetOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the get operation. */ +export type IncidentTasksGetResponse = IncidentTask; + +/** Optional parameters. */ +export interface IncidentTasksCreateOrUpdateOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the createOrUpdate operation. */ +export type IncidentTasksCreateOrUpdateResponse = IncidentTask; + +/** Optional parameters. */ +export interface IncidentTasksDeleteOptionalParams + extends coreClient.OperationOptions {} + +/** Optional parameters. */ +export interface IncidentTasksListNextOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the listNext operation. */ +export type IncidentTasksListNextResponse = IncidentTaskList; + /** Optional parameters. */ export interface MetadataListOptionalParams extends coreClient.OperationOptions { @@ -9464,6 +9979,32 @@ export interface SentinelOnboardingStatesListOptionalParams /** Contains response data for the list operation. */ export type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList; +/** Optional parameters. */ +export interface GetRecommendationsListOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the list operation. */ +export type GetRecommendationsListResponse = RecommendationList; + +/** Optional parameters. */ +export interface GetSingleRecommendationOptionalParams + extends coreClient.OperationOptions {} + +/** Contains response data for the singleRecommendation operation. */ +export type GetSingleRecommendationResponse = Recommendation; + +/** Optional parameters. */ +export interface UpdateRecommendationOptionalParams + extends coreClient.OperationOptions { + /** Delay to wait until next poll, in milliseconds. */ + updateIntervalInMs?: number; + /** A serialized poller which can be used to resume an existing paused Long-Running-Operation. */ + resumeFrom?: string; +} + +/** Contains response data for the recommendation operation. */ +export type UpdateRecommendationResponse = Recommendation; + /** Optional parameters. */ export interface SecurityMLAnalyticsSettingsListOptionalParams extends coreClient.OperationOptions {} @@ -9624,10 +10165,10 @@ export interface ThreatIntelligenceIndicatorsListOptionalParams filter?: string; /** Sorts the results. Optional. */ orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ skipToken?: string; + /** Returns only the first n results. Optional. */ + top?: number; } /** Contains response data for the list operation. */ diff --git a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts index 6f5b1105eada..23c348487938 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts @@ -232,6 +232,51 @@ export const AlertRuleTemplatesList: coreClient.CompositeMapper = { } }; +export const TriggeredAnalyticsRuleRuns: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TriggeredAnalyticsRuleRuns", + modelProperties: { + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "TriggeredAnalyticsRuleRun" + } + } + } + }, + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const AnalyticsRuleRunTrigger: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AnalyticsRuleRunTrigger", + modelProperties: { + executionTimeUtc: { + serializedName: "properties.executionTimeUtc", + required: true, + type: { + name: "DateTime" + } + } + } + } +}; + export const AutomationRuleTriggeringLogic: coreClient.CompositeMapper = { type: { name: "Composite", @@ -1229,9 +1274,7 @@ export const EntityEdges: coreClient.CompositeMapper = { serializedName: "additionalData", type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } } } @@ -1886,13 +1929,6 @@ export const IncidentList: coreClient.CompositeMapper = { name: "Composite", className: "IncidentList", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, value: { serializedName: "value", required: true, @@ -1905,6 +1941,75 @@ export const IncidentList: coreClient.CompositeMapper = { } } } + }, + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + } + } + } +}; + +export const IncidentOwnerInfo: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentOwnerInfo", + modelProperties: { + email: { + serializedName: "email", + type: { + name: "String" + } + }, + assignedTo: { + serializedName: "assignedTo", + type: { + name: "String" + } + }, + objectId: { + serializedName: "objectId", + type: { + name: "Uuid" + } + }, + userPrincipalName: { + serializedName: "userPrincipalName", + type: { + name: "String" + } + }, + ownerType: { + serializedName: "ownerType", + type: { + name: "String" + } + } + } + } +}; + +export const IncidentLabel: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentLabel", + modelProperties: { + labelName: { + serializedName: "labelName", + required: true, + type: { + name: "String" + } + }, + labelType: { + serializedName: "labelType", + readOnly: true, + type: { + name: "String" + } } } } @@ -1948,13 +2053,6 @@ export const IncidentAdditionalData: coreClient.CompositeMapper = { } } }, - providerIncidentUrl: { - serializedName: "providerIncidentUrl", - readOnly: true, - type: { - name: "String" - } - }, tactics: { serializedName: "tactics", readOnly: true, @@ -1978,25 +2076,9 @@ export const IncidentAdditionalData: coreClient.CompositeMapper = { } } } - } - } - } -}; - -export const IncidentLabel: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IncidentLabel", - modelProperties: { - labelName: { - serializedName: "labelName", - required: true, - type: { - name: "String" - } }, - labelType: { - serializedName: "labelType", + providerIncidentUrl: { + serializedName: "providerIncidentUrl", readOnly: true, type: { name: "String" @@ -2006,45 +2088,6 @@ export const IncidentLabel: coreClient.CompositeMapper = { } }; -export const IncidentOwnerInfo: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IncidentOwnerInfo", - modelProperties: { - email: { - serializedName: "email", - type: { - name: "String" - } - }, - assignedTo: { - serializedName: "assignedTo", - type: { - name: "String" - } - }, - objectId: { - serializedName: "objectId", - type: { - name: "Uuid" - } - }, - userPrincipalName: { - serializedName: "userPrincipalName", - type: { - name: "String" - } - }, - ownerType: { - serializedName: "ownerType", - type: { - name: "String" - } - } - } - } -}; - export const TeamInformation: coreClient.CompositeMapper = { type: { name: "Composite", @@ -2089,50 +2132,6 @@ export const TeamInformation: coreClient.CompositeMapper = { } }; -export const TeamProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TeamProperties", - modelProperties: { - teamName: { - serializedName: "teamName", - required: true, - type: { - name: "String" - } - }, - teamDescription: { - serializedName: "teamDescription", - type: { - name: "String" - } - }, - memberIds: { - serializedName: "memberIds", - type: { - name: "Sequence", - element: { - type: { - name: "Uuid" - } - } - } - }, - groupIds: { - serializedName: "groupIds", - type: { - name: "Sequence", - element: { - type: { - name: "Uuid" - } - } - } - } - } - } -}; - export const IncidentAlertList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -2188,9 +2187,7 @@ export const EntityCommonProperties: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -2231,13 +2228,6 @@ export const IncidentCommentList: coreClient.CompositeMapper = { name: "Composite", className: "IncidentCommentList", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, value: { serializedName: "value", required: true, @@ -2250,6 +2240,13 @@ export const IncidentCommentList: coreClient.CompositeMapper = { } } } + }, + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } } } } @@ -2293,18 +2290,45 @@ export const IncidentEntitiesResultsMetadata: coreClient.CompositeMapper = { name: "Composite", className: "IncidentEntitiesResultsMetadata", modelProperties: { - count: { - serializedName: "count", + entityKind: { + serializedName: "entityKind", required: true, type: { - name: "Number" + name: "String" } }, - entityKind: { - serializedName: "entityKind", + count: { + serializedName: "count", required: true, type: { - name: "String" + name: "Number" + } + } + } + } +}; + +export const IncidentTaskList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentTaskList", + modelProperties: { + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentTask" + } + } + } + }, + nextLink: { + serializedName: "nextLink", + type: { + name: "String" } } } @@ -2385,177 +2409,449 @@ export const MetadataAuthor: coreClient.CompositeMapper = { name: "String" } }, - link: { - serializedName: "link", + link: { + serializedName: "link", + type: { + name: "String" + } + } + } + } +}; + +export const MetadataSupport: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataSupport", + modelProperties: { + tier: { + serializedName: "tier", + required: true, + type: { + name: "String" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + email: { + serializedName: "email", + type: { + name: "String" + } + }, + link: { + serializedName: "link", + type: { + name: "String" + } + } + } + } +}; + +export const MetadataDependencies: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataDependencies", + modelProperties: { + contentId: { + serializedName: "contentId", + type: { + name: "String" + } + }, + kind: { + serializedName: "kind", + type: { + name: "String" + } + }, + version: { + serializedName: "version", + type: { + name: "String" + } + }, + name: { + serializedName: "name", + type: { + name: "String" + } + }, + operator: { + serializedName: "operator", + type: { + name: "String" + } + }, + criteria: { + serializedName: "criteria", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "MetadataDependencies" + } + } + } + } + } + } +}; + +export const MetadataCategories: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MetadataCategories", + modelProperties: { + domains: { + serializedName: "domains", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + verticals: { + serializedName: "verticals", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + } + } + } +}; + +export const OfficeConsentList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "OfficeConsentList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "OfficeConsent" + } + } + } + } + } + } +}; + +export const SentinelOnboardingStatesList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SentinelOnboardingStatesList", + modelProperties: { + value: { + serializedName: "value", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SentinelOnboardingState" + } + } + } + } + } + } +}; + +export const RecommendationList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "RecommendationList", + modelProperties: { + value: { + serializedName: "value", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Recommendation" + } + } + } + } + } + } +}; + +export const Recommendation: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Recommendation", + modelProperties: { + id: { + serializedName: "id", + required: true, + type: { + name: "Uuid" + } + }, + instructions: { + serializedName: "instructions", + type: { + name: "Composite", + className: "Instructions" + } + }, + content: { + serializedName: "content", + type: { + name: "Composite", + className: "Content" + } + }, + resourceId: { + serializedName: "resourceId", + nullable: true, + type: { + name: "String" + } + }, + additionalProperties: { + serializedName: "additionalProperties", + nullable: true, + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + }, + title: { + serializedName: "title", + required: true, + type: { + name: "String" + } + }, + description: { + serializedName: "description", + required: true, + type: { + name: "String" + } + }, + recommendationTypeTitle: { + serializedName: "recommendationTypeTitle", + required: true, + type: { + name: "String" + } + }, + recommendationTypeId: { + serializedName: "recommendationTypeId", + required: true, + type: { + name: "String" + } + }, + category: { + serializedName: "category", + required: true, + type: { + name: "String" + } + }, + context: { + serializedName: "context", + required: true, + type: { + name: "String" + } + }, + workspaceId: { + serializedName: "workspaceId", + required: true, + type: { + name: "Uuid" + } + }, + actions: { + serializedName: "actions", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "RecommendedAction" + } + } + } + }, + state: { + serializedName: "state", + required: true, + type: { + name: "String" + } + }, + priority: { + serializedName: "priority", + required: true, type: { name: "String" } - } - } - } -}; - -export const MetadataSupport: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MetadataSupport", - modelProperties: { - tier: { - serializedName: "tier", + }, + lastEvaluatedTimeUtc: { + serializedName: "lastEvaluatedTimeUtc", required: true, type: { - name: "String" + name: "DateTime" } }, - name: { - serializedName: "name", + hideUntilTimeUtc: { + serializedName: "hideUntilTimeUtc", + nullable: true, type: { - name: "String" + name: "DateTime" } }, - email: { - serializedName: "email", + displayUntilTimeUtc: { + serializedName: "displayUntilTimeUtc", + nullable: true, type: { - name: "String" + name: "DateTime" } }, - link: { - serializedName: "link", + visible: { + serializedName: "visible", type: { - name: "String" + name: "Boolean" } } } } }; -export const MetadataDependencies: coreClient.CompositeMapper = { +export const Instructions: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MetadataDependencies", + className: "Instructions", modelProperties: { - contentId: { - serializedName: "contentId", - type: { - name: "String" - } - }, - kind: { - serializedName: "kind", - type: { - name: "String" - } - }, - version: { - serializedName: "version", + actionsToBePerformed: { + serializedName: "actionsToBePerformed", + required: true, type: { name: "String" } }, - name: { - serializedName: "name", + recommendationImportance: { + serializedName: "recommendationImportance", + required: true, type: { name: "String" } }, - operator: { - serializedName: "operator", + howToPerformActionDetails: { + serializedName: "howToPerformActionDetails", + nullable: true, type: { name: "String" } - }, - criteria: { - serializedName: "criteria", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "MetadataDependencies" - } - } - } } } } }; -export const MetadataCategories: coreClient.CompositeMapper = { +export const Content: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MetadataCategories", + className: "Content", modelProperties: { - domains: { - serializedName: "domains", + title: { + serializedName: "title", + required: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - verticals: { - serializedName: "verticals", + description: { + serializedName: "description", + required: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } } } } }; -export const OfficeConsentList: coreClient.CompositeMapper = { +export const RecommendedAction: coreClient.CompositeMapper = { type: { name: "Composite", - className: "OfficeConsentList", + className: "RecommendedAction", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + linkText: { + serializedName: "linkText", + required: true, type: { name: "String" } }, - value: { - serializedName: "value", + linkUrl: { + serializedName: "linkUrl", required: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "OfficeConsent" - } - } + name: "String" + } + }, + state: { + serializedName: "state", + type: { + name: "String" } } } } }; -export const SentinelOnboardingStatesList: coreClient.CompositeMapper = { +export const RecommendationPatch: coreClient.CompositeMapper = { type: { name: "Composite", - className: "SentinelOnboardingStatesList", + className: "RecommendationPatch", modelProperties: { - value: { - serializedName: "value", - required: true, + state: { + serializedName: "state", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SentinelOnboardingState" - } - } + name: "String" + } + }, + hideUntilTimeUtc: { + serializedName: "hideUntilTimeUtc", + type: { + name: "DateTime" } } } @@ -3820,6 +4116,18 @@ export const QueryBasedAlertRuleTemplateProperties: coreClient.CompositeMapper = name: "Composite", className: "EventGroupingSettings" } + }, + sentinelEntitiesMappings: { + serializedName: "sentinelEntitiesMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SentinelEntityMapping" + } + } + } } } } @@ -3901,6 +4209,39 @@ export const AlertDetailsOverride: coreClient.CompositeMapper = { type: { name: "String" } + }, + alertDynamicProperties: { + serializedName: "alertDynamicProperties", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertPropertyMapping" + } + } + } + } + } + } +}; + +export const AlertPropertyMapping: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AlertPropertyMapping", + modelProperties: { + alertProperty: { + serializedName: "alertProperty", + type: { + name: "String" + } + }, + value: { + serializedName: "value", + type: { + name: "String" + } } } } @@ -3921,6 +4262,21 @@ export const EventGroupingSettings: coreClient.CompositeMapper = { } }; +export const SentinelEntityMapping: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SentinelEntityMapping", + modelProperties: { + columnName: { + serializedName: "columnName", + type: { + name: "String" + } + } + } + } +}; + export const FusionSourceSettings: coreClient.CompositeMapper = { type: { name: "Composite", @@ -4368,6 +4724,40 @@ export const ScheduledAlertRuleCommonProperties: coreClient.CompositeMapper = { name: "Composite", className: "AlertDetailsOverride" } + }, + sentinelEntitiesMappings: { + serializedName: "sentinelEntitiesMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SentinelEntityMapping" + } + } + } + } + } + } +}; + +export const AddIncidentTaskActionProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AddIncidentTaskActionProperties", + modelProperties: { + title: { + serializedName: "title", + required: true, + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } } } } @@ -4882,25 +5272,69 @@ export const ActivityEntityQueryTemplatePropertiesQueryDefinitions: coreClient.C name: "String" } }, - summarizeBy: { - serializedName: "summarizeBy", + summarizeBy: { + serializedName: "summarizeBy", + type: { + name: "String" + } + } + } + } +}; + +export const DataTypeDefinitions: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "DataTypeDefinitions", + modelProperties: { + dataType: { + serializedName: "dataType", + type: { + name: "String" + } + } + } + } +}; + +export const TeamProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TeamProperties", + modelProperties: { + teamName: { + serializedName: "teamName", + required: true, + type: { + name: "String" + } + }, + teamDescription: { + serializedName: "teamDescription", + type: { + name: "String" + } + }, + groupIds: { + serializedName: "groupIds", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Uuid" + } + } } - } - } - } -}; - -export const DataTypeDefinitions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataTypeDefinitions", - modelProperties: { - dataType: { - serializedName: "dataType", + }, + memberIds: { + serializedName: "memberIds", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Uuid" + } + } } } } @@ -5031,6 +5465,34 @@ export const MTPDataConnectorDataTypes: coreClient.CompositeMapper = { name: "Composite", className: "MTPDataConnectorDataTypesIncidents" } + }, + alerts: { + serializedName: "alerts", + type: { + name: "Composite", + className: "MTPDataConnectorDataTypesAlerts" + } + } + } + } +}; + +export const MtpFilteredProviders: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MtpFilteredProviders", + modelProperties: { + alerts: { + serializedName: "alerts", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -5084,6 +5546,23 @@ export const Dynamics365DataConnectorDataTypes: coreClient.CompositeMapper = { } }; +export const MicrosoftPurviewInformationProtectionConnectorDataTypes: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MicrosoftPurviewInformationProtectionConnectorDataTypes", + modelProperties: { + logs: { + serializedName: "logs", + type: { + name: "Composite", + className: + "MicrosoftPurviewInformationProtectionConnectorDataTypesLogs" + } + } + } + } +}; + export const Office365ProjectConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", @@ -6385,6 +6864,27 @@ export const PropertyConditionProperties: coreClient.CompositeMapper = { } }; +export const AutomationRuleAddIncidentTaskAction: coreClient.CompositeMapper = { + serializedName: "AddIncidentTask", + type: { + name: "Composite", + className: "AutomationRuleAddIncidentTaskAction", + uberParent: "AutomationRuleAction", + polymorphicDiscriminator: + AutomationRuleAction.type.polymorphicDiscriminator, + modelProperties: { + ...AutomationRuleAction.type.modelProperties, + actionConfiguration: { + serializedName: "actionConfiguration", + type: { + name: "Composite", + className: "AddIncidentTaskActionProperties" + } + } + } + } +}; + export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { serializedName: "ModifyProperties", type: { @@ -6720,6 +7220,24 @@ export const SecurityAlertTimelineItem: coreClient.CompositeMapper = { type: { name: "String" } + }, + intent: { + serializedName: "intent", + readOnly: true, + type: { + name: "String" + } + }, + techniques: { + serializedName: "techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } @@ -8816,6 +9334,26 @@ export const OfficeIRMCheckRequirements: coreClient.CompositeMapper = { } }; +export const MicrosoftPurviewInformationProtectionCheckRequirements: coreClient.CompositeMapper = { + serializedName: "MicrosoftPurviewInformationProtection", + type: { + name: "Composite", + className: "MicrosoftPurviewInformationProtectionCheckRequirements", + uberParent: "DataConnectorsCheckRequirements", + polymorphicDiscriminator: + DataConnectorsCheckRequirements.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnectorsCheckRequirements.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + } + } + } +}; + export const Office365ProjectCheckRequirements: coreClient.CompositeMapper = { serializedName: "Office365Project", type: { @@ -9297,6 +9835,17 @@ export const OfficeIRMCheckRequirementsProperties: coreClient.CompositeMapper = } }; +export const MicrosoftPurviewInformationProtectionCheckRequirementsProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: + "MicrosoftPurviewInformationProtectionCheckRequirementsProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties + } + } +}; + export const Office365ProjectCheckRequirementsProperties: coreClient.CompositeMapper = { type: { name: "Composite", @@ -9377,6 +9926,13 @@ export const MTPDataConnectorProperties: coreClient.CompositeMapper = { name: "Composite", className: "MTPDataConnectorDataTypes" } + }, + filteredProviders: { + serializedName: "filteredProviders", + type: { + name: "Composite", + className: "MtpFilteredProviders" + } } } } @@ -9438,6 +9994,23 @@ export const OfficeATPDataConnectorProperties: coreClient.CompositeMapper = { } }; +export const MicrosoftPurviewInformationProtectionDataConnectorProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MicrosoftPurviewInformationProtectionDataConnectorProperties", + modelProperties: { + ...DataConnectorTenantId.type.modelProperties, + dataTypes: { + serializedName: "dataTypes", + type: { + name: "Composite", + className: "MicrosoftPurviewInformationProtectionConnectorDataTypes" + } + } + } + } +}; + export const Office365ProjectDataConnectorProperties: coreClient.CompositeMapper = { type: { name: "Composite", @@ -9696,6 +10269,16 @@ export const MTPDataConnectorDataTypesIncidents: coreClient.CompositeMapper = { } }; +export const MTPDataConnectorDataTypesAlerts: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MTPDataConnectorDataTypesAlerts", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + export const AwsCloudTrailDataConnectorDataTypesLogs: coreClient.CompositeMapper = { type: { name: "Composite", @@ -9726,6 +10309,16 @@ export const Dynamics365DataConnectorDataTypesDynamics365CdsActivities: coreClie } }; +export const MicrosoftPurviewInformationProtectionConnectorDataTypesLogs: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MicrosoftPurviewInformationProtectionConnectorDataTypesLogs", + modelProperties: { + ...DataConnectorDataTypeCommon.type.modelProperties + } + } +}; + export const Office365ProjectConnectorDataTypesLogs: coreClient.CompositeMapper = { type: { name: "Composite", @@ -9943,6 +10536,51 @@ export const ActionRequest: coreClient.CompositeMapper = { } }; +export const TriggeredAnalyticsRuleRun: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "TriggeredAnalyticsRuleRun", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + executionTimeUtc: { + serializedName: "properties.executionTimeUtc", + required: true, + type: { + name: "DateTime" + } + }, + ruleId: { + serializedName: "properties.ruleId", + required: true, + type: { + name: "String" + } + }, + triggeredAnalyticsRuleRunId: { + serializedName: "properties.triggeredAnalyticsRuleRunId", + required: true, + type: { + name: "String" + } + }, + provisioningState: { + serializedName: "properties.provisioningState", + required: true, + type: { + name: "String" + } + }, + ruleRunAdditionalData: { + serializedName: "properties.ruleRunAdditionalData", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } + } + } +}; + export const AutomationRule: coreClient.CompositeMapper = { type: { name: "Composite", @@ -10244,62 +10882,53 @@ export const Incident: coreClient.CompositeMapper = { className: "Incident", modelProperties: { ...ResourceWithEtag.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - type: { - name: "Composite", - className: "IncidentAdditionalData" - } - }, - classification: { - serializedName: "properties.classification", + title: { + serializedName: "properties.title", type: { name: "String" } }, - classificationComment: { - serializedName: "properties.classificationComment", + description: { + serializedName: "properties.description", type: { name: "String" } }, - classificationReason: { - serializedName: "properties.classificationReason", + severity: { + serializedName: "properties.severity", type: { name: "String" } }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", - readOnly: true, + status: { + serializedName: "properties.status", type: { - name: "DateTime" + name: "String" } }, - description: { - serializedName: "properties.description", + classification: { + serializedName: "properties.classification", type: { name: "String" } }, - firstActivityTimeUtc: { - serializedName: "properties.firstActivityTimeUtc", + classificationReason: { + serializedName: "properties.classificationReason", type: { - name: "DateTime" + name: "String" } }, - incidentUrl: { - serializedName: "properties.incidentUrl", - readOnly: true, + classificationComment: { + serializedName: "properties.classificationComment", type: { name: "String" } }, - incidentNumber: { - serializedName: "properties.incidentNumber", - readOnly: true, + owner: { + serializedName: "properties.owner", type: { - name: "Number" + name: "Composite", + className: "IncidentOwnerInfo" } }, labels: { @@ -10311,19 +10940,13 @@ export const Incident: coreClient.CompositeMapper = { name: "Composite", className: "IncidentLabel" } - } - } - }, - providerName: { - serializedName: "properties.providerName", - type: { - name: "String" + } } }, - providerIncidentId: { - serializedName: "properties.providerIncidentId", + firstActivityTimeUtc: { + serializedName: "properties.firstActivityTimeUtc", type: { - name: "String" + name: "DateTime" } }, lastActivityTimeUtc: { @@ -10339,11 +10962,25 @@ export const Incident: coreClient.CompositeMapper = { name: "DateTime" } }, - owner: { - serializedName: "properties.owner", + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + incidentNumber: { + serializedName: "properties.incidentNumber", + readOnly: true, + type: { + name: "Number" + } + }, + additionalData: { + serializedName: "properties.additionalData", type: { name: "Composite", - className: "IncidentOwnerInfo" + className: "IncidentAdditionalData" } }, relatedAnalyticRuleIds: { @@ -10358,14 +10995,21 @@ export const Incident: coreClient.CompositeMapper = { } } }, - severity: { - serializedName: "properties.severity", + incidentUrl: { + serializedName: "properties.incidentUrl", + readOnly: true, type: { name: "String" } }, - status: { - serializedName: "properties.status", + providerName: { + serializedName: "properties.providerName", + type: { + name: "String" + } + }, + providerIncidentId: { + serializedName: "properties.providerIncidentId", type: { name: "String" } @@ -10376,12 +11020,6 @@ export const Incident: coreClient.CompositeMapper = { name: "Composite", className: "TeamInformation" } - }, - title: { - serializedName: "properties.title", - type: { - name: "String" - } } } } @@ -10393,6 +11031,12 @@ export const IncidentComment: coreClient.CompositeMapper = { className: "IncidentComment", modelProperties: { ...ResourceWithEtag.type.modelProperties, + message: { + serializedName: "properties.message", + type: { + name: "String" + } + }, createdTimeUtc: { serializedName: "properties.createdTimeUtc", readOnly: true, @@ -10407,14 +11051,66 @@ export const IncidentComment: coreClient.CompositeMapper = { name: "DateTime" } }, - message: { - serializedName: "properties.message", + author: { + serializedName: "properties.author", + type: { + name: "Composite", + className: "ClientInfo" + } + } + } + } +}; + +export const IncidentTask: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentTask", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + title: { + serializedName: "properties.title", + required: true, type: { name: "String" } }, - author: { - serializedName: "properties.author", + description: { + serializedName: "properties.description", + type: { + name: "String" + } + }, + status: { + serializedName: "properties.status", + required: true, + type: { + name: "String" + } + }, + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "ClientInfo" + } + }, + lastModifiedBy: { + serializedName: "properties.lastModifiedBy", type: { name: "Composite", className: "ClientInfo" @@ -11672,6 +12368,18 @@ export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { name: "Composite", className: "AlertDetailsOverride" } + }, + sentinelEntitiesMappings: { + serializedName: "properties.sentinelEntitiesMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SentinelEntityMapping" + } + } + } } } } @@ -11808,6 +12516,18 @@ export const NrtAlertRuleTemplate: coreClient.CompositeMapper = { name: "Composite", className: "EventGroupingSettings" } + }, + sentinelEntitiesMappings: { + serializedName: "properties.sentinelEntitiesMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SentinelEntityMapping" + } + } + } } } } @@ -11827,9 +12547,7 @@ export const SecurityAlert: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12053,9 +12771,7 @@ export const HuntingBookmark: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12157,9 +12873,7 @@ export const AccountEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12271,9 +12985,7 @@ export const AzureResourceEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12315,9 +13027,7 @@ export const CloudApplicationEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12366,9 +13076,7 @@ export const DnsEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12429,9 +13137,7 @@ export const FileEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12492,9 +13198,7 @@ export const FileHashEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12536,9 +13240,7 @@ export const HostEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12629,9 +13331,7 @@ export const IoTDeviceEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12875,9 +13575,7 @@ export const IpEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12932,9 +13630,7 @@ export const MailboxEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -12990,9 +13686,7 @@ export const MailClusterEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -13138,9 +13832,7 @@ export const MailMessageEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -13373,9 +14065,7 @@ export const MalwareEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -13441,9 +14131,7 @@ export const ProcessEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -13534,9 +14222,7 @@ export const RegistryKeyEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -13578,9 +14264,7 @@ export const RegistryValueEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -13636,9 +14320,7 @@ export const SecurityGroupEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -13687,9 +14369,7 @@ export const SubmissionMailEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -13787,9 +14467,7 @@ export const UrlEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -13824,9 +14502,7 @@ export const NicEntity: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -14408,6 +15084,18 @@ export const ScheduledAlertRule: coreClient.CompositeMapper = { className: "AlertDetailsOverride" } }, + sentinelEntitiesMappings: { + serializedName: "properties.sentinelEntitiesMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SentinelEntityMapping" + } + } + } + }, alertRuleTemplateName: { serializedName: "properties.alertRuleTemplateName", type: { @@ -14621,6 +15309,18 @@ export const NrtAlertRule: coreClient.CompositeMapper = { name: "Composite", className: "EventGroupingSettings" } + }, + sentinelEntitiesMappings: { + serializedName: "properties.sentinelEntitiesMappings", + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "SentinelEntityMapping" + } + } + } } } } @@ -15099,9 +15799,7 @@ export const ThreatIntelligenceIndicatorModel: coreClient.CompositeMapper = { readOnly: true, type: { name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + value: { type: { name: "any" } } } }, friendlyName: { @@ -15406,6 +16104,13 @@ export const MTPDataConnector: coreClient.CompositeMapper = { name: "Composite", className: "MTPDataConnectorDataTypes" } + }, + filteredProviders: { + serializedName: "properties.filteredProviders", + type: { + name: "Composite", + className: "MtpFilteredProviders" + } } } } @@ -15610,6 +16315,32 @@ export const OfficeATPDataConnector: coreClient.CompositeMapper = { } }; +export const MicrosoftPurviewInformationProtectionDataConnector: coreClient.CompositeMapper = { + serializedName: "MicrosoftPurviewInformationProtection", + type: { + name: "Composite", + className: "MicrosoftPurviewInformationProtectionDataConnector", + uberParent: "DataConnector", + polymorphicDiscriminator: DataConnector.type.polymorphicDiscriminator, + modelProperties: { + ...DataConnector.type.modelProperties, + tenantId: { + serializedName: "properties.tenantId", + type: { + name: "String" + } + }, + dataTypes: { + serializedName: "properties.dataTypes", + type: { + name: "Composite", + className: "MicrosoftPurviewInformationProtectionConnectorDataTypes" + } + } + } + } +}; + export const Office365ProjectDataConnector: coreClient.CompositeMapper = { serializedName: "Office365Project", type: { @@ -15922,6 +16653,21 @@ export const CodelessApiPollingDataConnector: coreClient.CompositeMapper = { } }; +export const AlertRuleTriggerRuleRunHeaders: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "AlertRuleTriggerRuleRunHeaders", + modelProperties: { + location: { + serializedName: "location", + type: { + name: "String" + } + } + } + } +}; + export const WatchlistsDeleteHeaders: coreClient.CompositeMapper = { type: { name: "Composite", @@ -15966,6 +16712,7 @@ export let discriminators = { "AutomationRuleCondition.PropertyArray": PropertyArrayConditionProperties, "AutomationRuleCondition.PropertyChanged": PropertyChangedConditionProperties, "AutomationRuleCondition.Property": PropertyConditionProperties, + "AutomationRuleAction.AddIncidentTask": AutomationRuleAddIncidentTaskAction, "AutomationRuleAction.ModifyProperties": AutomationRuleModifyPropertiesAction, "AutomationRuleAction.RunPlaybook": AutomationRuleRunPlaybookAction, "EntityTimelineItem.Activity": ActivityTimelineItem, @@ -15985,6 +16732,7 @@ export let discriminators = { "DataConnectorsCheckRequirements.MicrosoftThreatProtection": MtpCheckRequirements, "DataConnectorsCheckRequirements.OfficeATP": OfficeATPCheckRequirements, "DataConnectorsCheckRequirements.OfficeIRM": OfficeIRMCheckRequirements, + "DataConnectorsCheckRequirements.MicrosoftPurviewInformationProtection": MicrosoftPurviewInformationProtectionCheckRequirements, "DataConnectorsCheckRequirements.Office365Project": Office365ProjectCheckRequirements, "DataConnectorsCheckRequirements.OfficePowerBI": OfficePowerBICheckRequirements, "DataConnectorsCheckRequirements.ThreatIntelligence": TICheckRequirements, @@ -16051,6 +16799,7 @@ export let discriminators = { "DataConnector.MicrosoftCloudAppSecurity": McasDataConnector, "DataConnector.Dynamics365": Dynamics365DataConnector, "DataConnector.OfficeATP": OfficeATPDataConnector, + "DataConnector.MicrosoftPurviewInformationProtection": MicrosoftPurviewInformationProtectionDataConnector, "DataConnector.Office365Project": Office365ProjectDataConnector, "DataConnector.OfficePowerBI": OfficePowerBIDataConnector, "DataConnector.OfficeIRM": OfficeIRMDataConnector, diff --git a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts index dd3bcead9d0b..3125322a0065 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts @@ -14,10 +14,11 @@ import { import { AlertRule as AlertRuleMapper, ActionRequest as ActionRequestMapper, + AnalyticsRuleRunTrigger as AnalyticsRuleRunTriggerMapper, AutomationRule as AutomationRuleMapper, ManualTriggerRequestBody as ManualTriggerRequestBodyMapper, Incident as IncidentMapper, - TeamProperties as TeamPropertiesMapper, + TeamInformation as TeamInformationMapper, Bookmark as BookmarkMapper, Relation as RelationMapper, BookmarkExpandParameters as BookmarkExpandParametersMapper, @@ -27,6 +28,7 @@ import { CustomEntityQuery as CustomEntityQueryMapper, FileImport as FileImportMapper, IncidentComment as IncidentCommentMapper, + IncidentTask as IncidentTaskMapper, MetadataModel as MetadataModelMapper, MetadataPatch as MetadataPatchMapper, SentinelOnboardingState as SentinelOnboardingStateMapper, @@ -70,7 +72,7 @@ export const $host: OperationURLParameter = { export const apiVersion: OperationQueryParameter = { parameterPath: "apiVersion", mapper: { - defaultValue: "2022-09-01-preview", + defaultValue: "2023-02-01-preview", isConstant: true, serializedName: "api-version", type: { @@ -112,6 +114,7 @@ export const workspaceName: OperationURLParameter = { parameterPath: "workspaceName", mapper: { constraints: { + Pattern: new RegExp("^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$"), MaxLength: 90, MinLength: 1 }, @@ -190,6 +193,22 @@ export const alertRuleTemplateId: OperationURLParameter = { } }; +export const ruleRunId: OperationURLParameter = { + parameterPath: "ruleRunId", + mapper: { + serializedName: "ruleRunId", + required: true, + type: { + name: "String" + } + } +}; + +export const analyticsRuleRunTriggerParameter: OperationParameter = { + parameterPath: "analyticsRuleRunTriggerParameter", + mapper: AnalyticsRuleRunTriggerMapper +}; + export const automationRuleId: OperationURLParameter = { parameterPath: "automationRuleId", mapper: { @@ -245,6 +264,9 @@ export const orderby: OperationQueryParameter = { export const top: OperationQueryParameter = { parameterPath: ["options", "top"], mapper: { + constraints: { + InclusiveMaximum: 1000 + }, serializedName: "$top", type: { name: "Number" @@ -280,7 +302,7 @@ export const incident: OperationParameter = { export const teamProperties: OperationParameter = { parameterPath: "teamProperties", - mapper: TeamPropertiesMapper + mapper: TeamInformationMapper }; export const bookmarkId: OperationURLParameter = { @@ -299,6 +321,16 @@ export const bookmark: OperationParameter = { mapper: BookmarkMapper }; +export const top1: OperationQueryParameter = { + parameterPath: ["options", "top"], + mapper: { + serializedName: "$top", + type: { + name: "Number" + } + } +}; + export const relationName: OperationURLParameter = { parameterPath: "relationName", mapper: { @@ -460,6 +492,22 @@ export const incidentComment: OperationParameter = { mapper: IncidentCommentMapper }; +export const incidentTaskId: OperationURLParameter = { + parameterPath: "incidentTaskId", + mapper: { + serializedName: "incidentTaskId", + required: true, + type: { + name: "String" + } + } +}; + +export const incidentTask: OperationParameter = { + parameterPath: "incidentTask", + mapper: IncidentTaskMapper +}; + export const skip: OperationQueryParameter = { parameterPath: ["options", "skip"], mapper: { @@ -518,6 +566,34 @@ export const sentinelOnboardingStateParameter: OperationParameter = { mapper: SentinelOnboardingStateMapper }; +export const recommendationId: OperationURLParameter = { + parameterPath: "recommendationId", + mapper: { + serializedName: "recommendationId", + required: true, + type: { + name: "Uuid" + } + } +}; + +export const recommendationPatch: OperationParameter = { + parameterPath: "recommendationPatch", + mapper: { + serializedName: "recommendationPatch", + required: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "RecommendationPatch" + } + } + } + } +}; + export const settingsResourceName: OperationURLParameter = { parameterPath: "settingsResourceName", mapper: { diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleOperations.ts new file mode 100644 index 000000000000..72374b4e6912 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/alertRuleOperations.ts @@ -0,0 +1,174 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { AlertRuleOperations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { PollerLike, PollOperationState, LroEngine } from "@azure/core-lro"; +import { LroImpl } from "../lroImpl"; +import { + AnalyticsRuleRunTrigger, + AlertRuleTriggerRuleRunOptionalParams, + AlertRuleTriggerRuleRunResponse +} from "../models"; + +/** Class containing AlertRuleOperations operations. */ +export class AlertRuleOperationsImpl implements AlertRuleOperations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class AlertRuleOperations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * triggers analytics rule run + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param analyticsRuleRunTriggerParameter The Analytics Rule Run Trigger parameter + * @param options The options parameters. + */ + async beginTriggerRuleRun( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + analyticsRuleRunTriggerParameter: AnalyticsRuleRunTrigger, + options?: AlertRuleTriggerRuleRunOptionalParams + ): Promise< + PollerLike< + PollOperationState, + AlertRuleTriggerRuleRunResponse + > + > { + const directSendOperation = async ( + args: coreClient.OperationArguments, + spec: coreClient.OperationSpec + ): Promise => { + return this.client.sendOperationRequest(args, spec); + }; + const sendOperation = async ( + args: coreClient.OperationArguments, + spec: coreClient.OperationSpec + ) => { + let currentRawResponse: + | coreClient.FullOperationResponse + | undefined = undefined; + const providedCallback = args.options?.onResponse; + const callback: coreClient.RawResponseCallback = ( + rawResponse: coreClient.FullOperationResponse, + flatResponse: unknown + ) => { + currentRawResponse = rawResponse; + providedCallback?.(rawResponse, flatResponse); + }; + const updatedArgs = { + ...args, + options: { + ...args.options, + onResponse: callback + } + }; + const flatResponse = await directSendOperation(updatedArgs, spec); + return { + flatResponse, + rawResponse: { + statusCode: currentRawResponse!.status, + body: currentRawResponse!.parsedBody, + headers: currentRawResponse!.headers.toJSON() + } + }; + }; + + const lro = new LroImpl( + sendOperation, + { + resourceGroupName, + workspaceName, + ruleId, + analyticsRuleRunTriggerParameter, + options + }, + triggerRuleRunOperationSpec + ); + const poller = new LroEngine(lro, { + resumeFrom: options?.resumeFrom, + intervalInMs: options?.updateIntervalInMs, + lroResourceLocationConfig: "location" + }); + await poller.poll(); + return poller; + } + + /** + * triggers analytics rule run + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param analyticsRuleRunTriggerParameter The Analytics Rule Run Trigger parameter + * @param options The options parameters. + */ + async beginTriggerRuleRunAndWait( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + analyticsRuleRunTriggerParameter: AnalyticsRuleRunTrigger, + options?: AlertRuleTriggerRuleRunOptionalParams + ): Promise { + const poller = await this.beginTriggerRuleRun( + resourceGroupName, + workspaceName, + ruleId, + analyticsRuleRunTriggerParameter, + options + ); + return poller.pollUntilDone(); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const triggerRuleRunOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun", + httpMethod: "POST", + responses: { + 200: { + headersMapper: Mappers.AlertRuleTriggerRuleRunHeaders + }, + 201: { + headersMapper: Mappers.AlertRuleTriggerRuleRunHeaders + }, + 202: { + headersMapper: Mappers.AlertRuleTriggerRuleRunHeaders + }, + 204: { + headersMapper: Mappers.AlertRuleTriggerRuleRunHeaders + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.analyticsRuleRunTriggerParameter, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts index d9aa94d1350d..61013c63d0c7 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts @@ -263,8 +263,8 @@ const listOperationSpec: coreClient.OperationSpec = { Parameters.apiVersion, Parameters.filter, Parameters.orderby, - Parameters.top, - Parameters.skipToken + Parameters.skipToken, + Parameters.top1 ], urlParameters: [ Parameters.$host, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts index 7c7e7118b214..317a26baf9c1 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts @@ -186,8 +186,8 @@ const listOperationSpec: coreClient.OperationSpec = { Parameters.apiVersion, Parameters.filter, Parameters.orderby, - Parameters.top, - Parameters.skipToken + Parameters.skipToken, + Parameters.top1 ], urlParameters: [ Parameters.$host, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/fileImports.ts b/sdk/securityinsight/arm-securityinsight/src/operations/fileImports.ts index 2c61c29c476c..194265b34236 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/fileImports.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/fileImports.ts @@ -306,8 +306,8 @@ const listOperationSpec: coreClient.OperationSpec = { Parameters.apiVersion, Parameters.filter, Parameters.orderby, - Parameters.top, - Parameters.skipToken + Parameters.skipToken, + Parameters.top1 ], urlParameters: [ Parameters.$host, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/get.ts b/sdk/securityinsight/arm-securityinsight/src/operations/get.ts new file mode 100644 index 000000000000..3b420b7b9785 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/get.ts @@ -0,0 +1,75 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { Get } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + GetSingleRecommendationOptionalParams, + GetSingleRecommendationResponse +} from "../models"; + +/** Class containing Get operations. */ +export class GetImpl implements Get { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class Get class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets a recommendation by its id. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param recommendationId Recommendation Id. + * @param options The options parameters. + */ + singleRecommendation( + resourceGroupName: string, + workspaceName: string, + recommendationId: string, + options?: GetSingleRecommendationOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, recommendationId, options }, + singleRecommendationOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const singleRecommendationOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.Recommendation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.recommendationId + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/getRecommendations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/getRecommendations.ts new file mode 100644 index 000000000000..b354ff342f93 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/getRecommendations.ts @@ -0,0 +1,72 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { GetRecommendations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + GetRecommendationsListOptionalParams, + GetRecommendationsListResponse +} from "../models"; + +/** Class containing GetRecommendations operations. */ +export class GetRecommendationsImpl implements GetRecommendations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class GetRecommendations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets a list of all recommendations. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: GetRecommendationsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.RecommendationList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/getTriggeredAnalyticsRuleRuns.ts b/sdk/securityinsight/arm-securityinsight/src/operations/getTriggeredAnalyticsRuleRuns.ts new file mode 100644 index 000000000000..c6813493406d --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/getTriggeredAnalyticsRuleRuns.ts @@ -0,0 +1,195 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator, PageSettings } from "@azure/core-paging"; +import { setContinuationToken } from "../pagingHelper"; +import { GetTriggeredAnalyticsRuleRuns } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + TriggeredAnalyticsRuleRun, + GetTriggeredAnalyticsRuleRunsListNextOptionalParams, + GetTriggeredAnalyticsRuleRunsListOptionalParams, + GetTriggeredAnalyticsRuleRunsListResponse, + GetTriggeredAnalyticsRuleRunsListNextResponse +} from "../models"; + +/// +/** Class containing GetTriggeredAnalyticsRuleRuns operations. */ +export class GetTriggeredAnalyticsRuleRunsImpl + implements GetTriggeredAnalyticsRuleRuns { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class GetTriggeredAnalyticsRuleRuns class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets the triggered analytics rule runs. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + options?: GetTriggeredAnalyticsRuleRunsListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll(resourceGroupName, workspaceName, options); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: (settings?: PageSettings) => { + if (settings?.maxPageSize) { + throw new Error("maxPageSize is not supported by this operation."); + } + return this.listPagingPage( + resourceGroupName, + workspaceName, + options, + settings + ); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + options?: GetTriggeredAnalyticsRuleRunsListOptionalParams, + settings?: PageSettings + ): AsyncIterableIterator { + let result: GetTriggeredAnalyticsRuleRunsListResponse; + let continuationToken = settings?.continuationToken; + if (!continuationToken) { + result = await this._list(resourceGroupName, workspaceName, options); + let page = result.value || []; + continuationToken = result.nextLink; + setContinuationToken(page, continuationToken); + yield page; + } + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + continuationToken, + options + ); + continuationToken = result.nextLink; + let page = result.value || []; + setContinuationToken(page, continuationToken); + yield page; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + options?: GetTriggeredAnalyticsRuleRunsListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + options + )) { + yield* page; + } + } + + /** + * Gets the triggered analytics rule runs. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + options?: GetTriggeredAnalyticsRuleRunsListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, options }, + listOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + nextLink: string, + options?: GetTriggeredAnalyticsRuleRunsListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.TriggeredAnalyticsRuleRuns + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.TriggeredAnalyticsRuleRuns + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts index 739ad280e2d9..58233bc336fa 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts @@ -275,8 +275,8 @@ const listOperationSpec: coreClient.OperationSpec = { Parameters.apiVersion, Parameters.filter, Parameters.orderby, - Parameters.top, - Parameters.skipToken + Parameters.skipToken, + Parameters.top1 ], urlParameters: [ Parameters.$host, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts index 280b5a260cd4..dd15a7b4c184 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts @@ -263,8 +263,8 @@ const listOperationSpec: coreClient.OperationSpec = { Parameters.apiVersion, Parameters.filter, Parameters.orderby, - Parameters.top, - Parameters.skipToken + Parameters.skipToken, + Parameters.top1 ], urlParameters: [ Parameters.$host, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentTasks.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentTasks.ts new file mode 100644 index 000000000000..fa1f14f92b19 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentTasks.ts @@ -0,0 +1,370 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator, PageSettings } from "@azure/core-paging"; +import { setContinuationToken } from "../pagingHelper"; +import { IncidentTasks } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + IncidentTask, + IncidentTasksListNextOptionalParams, + IncidentTasksListOptionalParams, + IncidentTasksListResponse, + IncidentTasksGetOptionalParams, + IncidentTasksGetResponse, + IncidentTasksCreateOrUpdateOptionalParams, + IncidentTasksCreateOrUpdateResponse, + IncidentTasksDeleteOptionalParams, + IncidentTasksListNextResponse +} from "../models"; + +/// +/** Class containing IncidentTasks operations. */ +export class IncidentTasksImpl implements IncidentTasks { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class IncidentTasks class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets all incident tasks. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + public list( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentTasksListOptionalParams + ): PagedAsyncIterableIterator { + const iter = this.listPagingAll( + resourceGroupName, + workspaceName, + incidentId, + options + ); + return { + next() { + return iter.next(); + }, + [Symbol.asyncIterator]() { + return this; + }, + byPage: (settings?: PageSettings) => { + if (settings?.maxPageSize) { + throw new Error("maxPageSize is not supported by this operation."); + } + return this.listPagingPage( + resourceGroupName, + workspaceName, + incidentId, + options, + settings + ); + } + }; + } + + private async *listPagingPage( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentTasksListOptionalParams, + settings?: PageSettings + ): AsyncIterableIterator { + let result: IncidentTasksListResponse; + let continuationToken = settings?.continuationToken; + if (!continuationToken) { + result = await this._list( + resourceGroupName, + workspaceName, + incidentId, + options + ); + let page = result.value || []; + continuationToken = result.nextLink; + setContinuationToken(page, continuationToken); + yield page; + } + while (continuationToken) { + result = await this._listNext( + resourceGroupName, + workspaceName, + incidentId, + continuationToken, + options + ); + continuationToken = result.nextLink; + let page = result.value || []; + setContinuationToken(page, continuationToken); + yield page; + } + } + + private async *listPagingAll( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentTasksListOptionalParams + ): AsyncIterableIterator { + for await (const page of this.listPagingPage( + resourceGroupName, + workspaceName, + incidentId, + options + )) { + yield* page; + } + } + + /** + * Gets all incident tasks. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + private _list( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentTasksListOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, options }, + listOperationSpec + ); + } + + /** + * Gets an incident task. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentTaskId Incident task ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentTaskId: string, + options?: IncidentTasksGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, incidentTaskId, options }, + getOperationSpec + ); + } + + /** + * Creates or updates the incident task. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentTaskId Incident task ID + * @param incidentTask The incident task + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentTaskId: string, + incidentTask: IncidentTask, + options?: IncidentTasksCreateOrUpdateOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { + resourceGroupName, + workspaceName, + incidentId, + incidentTaskId, + incidentTask, + options + }, + createOrUpdateOperationSpec + ); + } + + /** + * Delete the incident task. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentTaskId Incident task ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentTaskId: string, + options?: IncidentTasksDeleteOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, incidentTaskId, options }, + deleteOperationSpec + ); + } + + /** + * ListNext + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param nextLink The nextLink from the previous successful call to the List method. + * @param options The options parameters. + */ + private _listNext( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + nextLink: string, + options?: IncidentTasksListNextOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, incidentId, nextLink, options }, + listNextOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const listOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.IncidentTaskList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.IncidentTask + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.incidentTaskId + ], + headerParameters: [Parameters.accept], + serializer +}; +const createOrUpdateOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}", + httpMethod: "PUT", + responses: { + 200: { + bodyMapper: Mappers.IncidentTask + }, + 201: { + bodyMapper: Mappers.IncidentTask + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.incidentTask, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.incidentTaskId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; +const deleteOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}", + httpMethod: "DELETE", + responses: { + 200: {}, + 204: {}, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.incidentId, + Parameters.incidentTaskId + ], + headerParameters: [Parameters.accept], + serializer +}; +const listNextOperationSpec: coreClient.OperationSpec = { + path: "{nextLink}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.IncidentTaskList + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.nextLink, + Parameters.incidentId + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts index f4ed7f0e348b..590556a9b541 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts @@ -25,7 +25,7 @@ import { IncidentsCreateOrUpdateOptionalParams, IncidentsCreateOrUpdateResponse, IncidentsDeleteOptionalParams, - TeamProperties, + TeamInformation, IncidentsCreateTeamOptionalParams, IncidentsCreateTeamResponse, IncidentsListAlertsOptionalParams, @@ -234,7 +234,7 @@ export class IncidentsImpl implements Incidents { resourceGroupName: string, workspaceName: string, incidentId: string, - teamProperties: TeamProperties, + teamProperties: TeamInformation, options?: IncidentsCreateTeamOptionalParams ): Promise { return this.client.sendOperationRequest( diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts index 6f66d834535e..0fb0c9d731c9 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts @@ -9,6 +9,9 @@ export * from "./alertRules"; export * from "./actions"; export * from "./alertRuleTemplates"; +export * from "./triggeredAnalyticsRuleRunOperations"; +export * from "./getTriggeredAnalyticsRuleRuns"; +export * from "./alertRuleOperations"; export * from "./automationRules"; export * from "./incidents"; export * from "./bookmarks"; @@ -25,9 +28,13 @@ export * from "./entityQueryTemplates"; export * from "./fileImports"; export * from "./incidentComments"; export * from "./incidentRelations"; +export * from "./incidentTasks"; export * from "./metadata"; export * from "./officeConsents"; export * from "./sentinelOnboardingStates"; +export * from "./getRecommendations"; +export * from "./get"; +export * from "./update"; export * from "./securityMLAnalyticsSettings"; export * from "./productSettings"; export * from "./sourceControlOperations"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts b/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts index 13eb2ca4e7df..2d388e54af77 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts @@ -259,7 +259,7 @@ const listOperationSpec: coreClient.OperationSpec = { Parameters.apiVersion, Parameters.filter, Parameters.orderby, - Parameters.top, + Parameters.top1, Parameters.skip ], urlParameters: [ diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts index e91f2583c13f..7d4f3ea45c1a 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/threatIntelligenceIndicators.ts @@ -166,8 +166,8 @@ const listOperationSpec: coreClient.OperationSpec = { Parameters.apiVersion, Parameters.filter, Parameters.orderby, - Parameters.top, - Parameters.skipToken + Parameters.skipToken, + Parameters.top1 ], urlParameters: [ Parameters.$host, diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/triggeredAnalyticsRuleRunOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/triggeredAnalyticsRuleRunOperations.ts new file mode 100644 index 000000000000..2c3565718cc0 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/triggeredAnalyticsRuleRunOperations.ts @@ -0,0 +1,76 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { TriggeredAnalyticsRuleRunOperations } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { + TriggeredAnalyticsRuleRunGetOptionalParams, + TriggeredAnalyticsRuleRunGetResponse +} from "../models"; + +/** Class containing TriggeredAnalyticsRuleRunOperations operations. */ +export class TriggeredAnalyticsRuleRunOperationsImpl + implements TriggeredAnalyticsRuleRunOperations { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class TriggeredAnalyticsRuleRunOperations class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Gets the triggered analytics rule run. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleRunId the triggered rule id + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + ruleRunId: string, + options?: TriggeredAnalyticsRuleRunGetOptionalParams + ): Promise { + return this.client.sendOperationRequest( + { resourceGroupName, workspaceName, ruleRunId, options }, + getOperationSpec + ); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const getOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}", + httpMethod: "GET", + responses: { + 200: { + bodyMapper: Mappers.TriggeredAnalyticsRuleRun + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.ruleRunId + ], + headerParameters: [Parameters.accept], + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/update.ts b/sdk/securityinsight/arm-securityinsight/src/operations/update.ts new file mode 100644 index 000000000000..cb73ea25842d --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operations/update.ts @@ -0,0 +1,173 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { Update } from "../operationsInterfaces"; +import * as coreClient from "@azure/core-client"; +import * as Mappers from "../models/mappers"; +import * as Parameters from "../models/parameters"; +import { SecurityInsights } from "../securityInsights"; +import { PollerLike, PollOperationState, LroEngine } from "@azure/core-lro"; +import { LroImpl } from "../lroImpl"; +import { + RecommendationPatch, + UpdateRecommendationOptionalParams, + UpdateRecommendationResponse +} from "../models"; + +/** Class containing Update operations. */ +export class UpdateImpl implements Update { + private readonly client: SecurityInsights; + + /** + * Initialize a new instance of the class Update class. + * @param client Reference to the service client + */ + constructor(client: SecurityInsights) { + this.client = client; + } + + /** + * Patch a recommendation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param recommendationId Recommendation Id. + * @param recommendationPatch Recommendation Fields to Update. + * @param options The options parameters. + */ + async beginRecommendation( + resourceGroupName: string, + workspaceName: string, + recommendationId: string, + recommendationPatch: RecommendationPatch[], + options?: UpdateRecommendationOptionalParams + ): Promise< + PollerLike< + PollOperationState, + UpdateRecommendationResponse + > + > { + const directSendOperation = async ( + args: coreClient.OperationArguments, + spec: coreClient.OperationSpec + ): Promise => { + return this.client.sendOperationRequest(args, spec); + }; + const sendOperation = async ( + args: coreClient.OperationArguments, + spec: coreClient.OperationSpec + ) => { + let currentRawResponse: + | coreClient.FullOperationResponse + | undefined = undefined; + const providedCallback = args.options?.onResponse; + const callback: coreClient.RawResponseCallback = ( + rawResponse: coreClient.FullOperationResponse, + flatResponse: unknown + ) => { + currentRawResponse = rawResponse; + providedCallback?.(rawResponse, flatResponse); + }; + const updatedArgs = { + ...args, + options: { + ...args.options, + onResponse: callback + } + }; + const flatResponse = await directSendOperation(updatedArgs, spec); + return { + flatResponse, + rawResponse: { + statusCode: currentRawResponse!.status, + body: currentRawResponse!.parsedBody, + headers: currentRawResponse!.headers.toJSON() + } + }; + }; + + const lro = new LroImpl( + sendOperation, + { + resourceGroupName, + workspaceName, + recommendationId, + recommendationPatch, + options + }, + recommendationOperationSpec + ); + const poller = new LroEngine(lro, { + resumeFrom: options?.resumeFrom, + intervalInMs: options?.updateIntervalInMs + }); + await poller.poll(); + return poller; + } + + /** + * Patch a recommendation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param recommendationId Recommendation Id. + * @param recommendationPatch Recommendation Fields to Update. + * @param options The options parameters. + */ + async beginRecommendationAndWait( + resourceGroupName: string, + workspaceName: string, + recommendationId: string, + recommendationPatch: RecommendationPatch[], + options?: UpdateRecommendationOptionalParams + ): Promise { + const poller = await this.beginRecommendation( + resourceGroupName, + workspaceName, + recommendationId, + recommendationPatch, + options + ); + return poller.pollUntilDone(); + } +} +// Operation Specifications +const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); + +const recommendationOperationSpec: coreClient.OperationSpec = { + path: + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}", + httpMethod: "PATCH", + responses: { + 200: { + bodyMapper: Mappers.Recommendation + }, + 201: { + bodyMapper: Mappers.Recommendation + }, + 202: { + bodyMapper: Mappers.Recommendation + }, + 204: { + bodyMapper: Mappers.Recommendation + }, + default: { + bodyMapper: Mappers.CloudError + } + }, + requestBody: Parameters.recommendationPatch, + queryParameters: [Parameters.apiVersion], + urlParameters: [ + Parameters.$host, + Parameters.subscriptionId, + Parameters.resourceGroupName, + Parameters.workspaceName, + Parameters.recommendationId + ], + headerParameters: [Parameters.accept, Parameters.contentType], + mediaType: "json", + serializer +}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRuleOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRuleOperations.ts new file mode 100644 index 000000000000..5b13b7aa8cb5 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/alertRuleOperations.ts @@ -0,0 +1,53 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PollerLike, PollOperationState } from "@azure/core-lro"; +import { + AnalyticsRuleRunTrigger, + AlertRuleTriggerRuleRunOptionalParams, + AlertRuleTriggerRuleRunResponse +} from "../models"; + +/** Interface representing a AlertRuleOperations. */ +export interface AlertRuleOperations { + /** + * triggers analytics rule run + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param analyticsRuleRunTriggerParameter The Analytics Rule Run Trigger parameter + * @param options The options parameters. + */ + beginTriggerRuleRun( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + analyticsRuleRunTriggerParameter: AnalyticsRuleRunTrigger, + options?: AlertRuleTriggerRuleRunOptionalParams + ): Promise< + PollerLike< + PollOperationState, + AlertRuleTriggerRuleRunResponse + > + >; + /** + * triggers analytics rule run + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleId Alert rule ID + * @param analyticsRuleRunTriggerParameter The Analytics Rule Run Trigger parameter + * @param options The options parameters. + */ + beginTriggerRuleRunAndWait( + resourceGroupName: string, + workspaceName: string, + ruleId: string, + analyticsRuleRunTriggerParameter: AnalyticsRuleRunTrigger, + options?: AlertRuleTriggerRuleRunOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/get.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/get.ts new file mode 100644 index 000000000000..8384596c454c --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/get.ts @@ -0,0 +1,29 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + GetSingleRecommendationOptionalParams, + GetSingleRecommendationResponse +} from "../models"; + +/** Interface representing a Get. */ +export interface Get { + /** + * Gets a recommendation by its id. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param recommendationId Recommendation Id. + * @param options The options parameters. + */ + singleRecommendation( + resourceGroupName: string, + workspaceName: string, + recommendationId: string, + options?: GetSingleRecommendationOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/getRecommendations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/getRecommendations.ts new file mode 100644 index 000000000000..3c68d7feb9c2 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/getRecommendations.ts @@ -0,0 +1,27 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + GetRecommendationsListOptionalParams, + GetRecommendationsListResponse +} from "../models"; + +/** Interface representing a GetRecommendations. */ +export interface GetRecommendations { + /** + * Gets a list of all recommendations. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: GetRecommendationsListOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/getTriggeredAnalyticsRuleRuns.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/getTriggeredAnalyticsRuleRuns.ts new file mode 100644 index 000000000000..f1c077beeeaa --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/getTriggeredAnalyticsRuleRuns.ts @@ -0,0 +1,29 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + TriggeredAnalyticsRuleRun, + GetTriggeredAnalyticsRuleRunsListOptionalParams +} from "../models"; + +/// +/** Interface representing a GetTriggeredAnalyticsRuleRuns. */ +export interface GetTriggeredAnalyticsRuleRuns { + /** + * Gets the triggered analytics rule runs. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + options?: GetTriggeredAnalyticsRuleRunsListOptionalParams + ): PagedAsyncIterableIterator; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentTasks.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentTasks.ts new file mode 100644 index 000000000000..68e3fc281f99 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentTasks.ts @@ -0,0 +1,83 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PagedAsyncIterableIterator } from "@azure/core-paging"; +import { + IncidentTask, + IncidentTasksListOptionalParams, + IncidentTasksGetOptionalParams, + IncidentTasksGetResponse, + IncidentTasksCreateOrUpdateOptionalParams, + IncidentTasksCreateOrUpdateResponse, + IncidentTasksDeleteOptionalParams +} from "../models"; + +/// +/** Interface representing a IncidentTasks. */ +export interface IncidentTasks { + /** + * Gets all incident tasks. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param options The options parameters. + */ + list( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + options?: IncidentTasksListOptionalParams + ): PagedAsyncIterableIterator; + /** + * Gets an incident task. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentTaskId Incident task ID + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentTaskId: string, + options?: IncidentTasksGetOptionalParams + ): Promise; + /** + * Creates or updates the incident task. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentTaskId Incident task ID + * @param incidentTask The incident task + * @param options The options parameters. + */ + createOrUpdate( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentTaskId: string, + incidentTask: IncidentTask, + options?: IncidentTasksCreateOrUpdateOptionalParams + ): Promise; + /** + * Delete the incident task. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param incidentId Incident ID + * @param incidentTaskId Incident task ID + * @param options The options parameters. + */ + delete( + resourceGroupName: string, + workspaceName: string, + incidentId: string, + incidentTaskId: string, + options?: IncidentTasksDeleteOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts index 18695a4f8cc7..300c8af1bbdc 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts @@ -17,7 +17,7 @@ import { IncidentsCreateOrUpdateOptionalParams, IncidentsCreateOrUpdateResponse, IncidentsDeleteOptionalParams, - TeamProperties, + TeamInformation, IncidentsCreateTeamOptionalParams, IncidentsCreateTeamResponse, IncidentsListAlertsOptionalParams, @@ -109,7 +109,7 @@ export interface Incidents { resourceGroupName: string, workspaceName: string, incidentId: string, - teamProperties: TeamProperties, + teamProperties: TeamInformation, options?: IncidentsCreateTeamOptionalParams ): Promise; /** diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts index 6f66d834535e..0fb0c9d731c9 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts @@ -9,6 +9,9 @@ export * from "./alertRules"; export * from "./actions"; export * from "./alertRuleTemplates"; +export * from "./triggeredAnalyticsRuleRunOperations"; +export * from "./getTriggeredAnalyticsRuleRuns"; +export * from "./alertRuleOperations"; export * from "./automationRules"; export * from "./incidents"; export * from "./bookmarks"; @@ -25,9 +28,13 @@ export * from "./entityQueryTemplates"; export * from "./fileImports"; export * from "./incidentComments"; export * from "./incidentRelations"; +export * from "./incidentTasks"; export * from "./metadata"; export * from "./officeConsents"; export * from "./sentinelOnboardingStates"; +export * from "./getRecommendations"; +export * from "./get"; +export * from "./update"; export * from "./securityMLAnalyticsSettings"; export * from "./productSettings"; export * from "./sourceControlOperations"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/triggeredAnalyticsRuleRunOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/triggeredAnalyticsRuleRunOperations.ts new file mode 100644 index 000000000000..5447cc5462a3 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/triggeredAnalyticsRuleRunOperations.ts @@ -0,0 +1,29 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + TriggeredAnalyticsRuleRunGetOptionalParams, + TriggeredAnalyticsRuleRunGetResponse +} from "../models"; + +/** Interface representing a TriggeredAnalyticsRuleRunOperations. */ +export interface TriggeredAnalyticsRuleRunOperations { + /** + * Gets the triggered analytics rule run. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param ruleRunId the triggered rule id + * @param options The options parameters. + */ + get( + resourceGroupName: string, + workspaceName: string, + ruleRunId: string, + options?: TriggeredAnalyticsRuleRunGetOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/update.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/update.ts new file mode 100644 index 000000000000..af860bcdf8e5 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/update.ts @@ -0,0 +1,53 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { PollerLike, PollOperationState } from "@azure/core-lro"; +import { + RecommendationPatch, + UpdateRecommendationOptionalParams, + UpdateRecommendationResponse +} from "../models"; + +/** Interface representing a Update. */ +export interface Update { + /** + * Patch a recommendation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param recommendationId Recommendation Id. + * @param recommendationPatch Recommendation Fields to Update. + * @param options The options parameters. + */ + beginRecommendation( + resourceGroupName: string, + workspaceName: string, + recommendationId: string, + recommendationPatch: RecommendationPatch[], + options?: UpdateRecommendationOptionalParams + ): Promise< + PollerLike< + PollOperationState, + UpdateRecommendationResponse + > + >; + /** + * Patch a recommendation. + * @param resourceGroupName The name of the resource group. The name is case insensitive. + * @param workspaceName The name of the workspace. + * @param recommendationId Recommendation Id. + * @param recommendationPatch Recommendation Fields to Update. + * @param options The options parameters. + */ + beginRecommendationAndWait( + resourceGroupName: string, + workspaceName: string, + recommendationId: string, + recommendationPatch: RecommendationPatch[], + options?: UpdateRecommendationOptionalParams + ): Promise; +} diff --git a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts index 20a358af6b03..33c2c3119fcd 100644 --- a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts +++ b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts @@ -18,6 +18,9 @@ import { AlertRulesImpl, ActionsImpl, AlertRuleTemplatesImpl, + TriggeredAnalyticsRuleRunOperationsImpl, + GetTriggeredAnalyticsRuleRunsImpl, + AlertRuleOperationsImpl, AutomationRulesImpl, IncidentsImpl, BookmarksImpl, @@ -34,9 +37,13 @@ import { FileImportsImpl, IncidentCommentsImpl, IncidentRelationsImpl, + IncidentTasksImpl, MetadataImpl, OfficeConsentsImpl, SentinelOnboardingStatesImpl, + GetRecommendationsImpl, + GetImpl, + UpdateImpl, SecurityMLAnalyticsSettingsImpl, ProductSettingsImpl, SourceControlOperationsImpl, @@ -54,6 +61,9 @@ import { AlertRules, Actions, AlertRuleTemplates, + TriggeredAnalyticsRuleRunOperations, + GetTriggeredAnalyticsRuleRuns, + AlertRuleOperations, AutomationRules, Incidents, Bookmarks, @@ -70,9 +80,13 @@ import { FileImports, IncidentComments, IncidentRelations, + IncidentTasks, Metadata, OfficeConsents, SentinelOnboardingStates, + GetRecommendations, + Get, + Update, SecurityMLAnalyticsSettings, ProductSettings, SourceControlOperations, @@ -173,10 +187,17 @@ export class SecurityInsights extends coreClient.ServiceClient { // Assigning values to Constant parameters this.$host = options.$host || "https://management.azure.com"; - this.apiVersion = options.apiVersion || "2022-09-01-preview"; + this.apiVersion = options.apiVersion || "2023-02-01-preview"; this.alertRules = new AlertRulesImpl(this); this.actions = new ActionsImpl(this); this.alertRuleTemplates = new AlertRuleTemplatesImpl(this); + this.triggeredAnalyticsRuleRunOperations = new TriggeredAnalyticsRuleRunOperationsImpl( + this + ); + this.getTriggeredAnalyticsRuleRuns = new GetTriggeredAnalyticsRuleRunsImpl( + this + ); + this.alertRuleOperations = new AlertRuleOperationsImpl(this); this.automationRules = new AutomationRulesImpl(this); this.incidents = new IncidentsImpl(this); this.bookmarks = new BookmarksImpl(this); @@ -193,9 +214,13 @@ export class SecurityInsights extends coreClient.ServiceClient { this.fileImports = new FileImportsImpl(this); this.incidentComments = new IncidentCommentsImpl(this); this.incidentRelations = new IncidentRelationsImpl(this); + this.incidentTasks = new IncidentTasksImpl(this); this.metadata = new MetadataImpl(this); this.officeConsents = new OfficeConsentsImpl(this); this.sentinelOnboardingStates = new SentinelOnboardingStatesImpl(this); + this.getRecommendations = new GetRecommendationsImpl(this); + this.get = new GetImpl(this); + this.update = new UpdateImpl(this); this.securityMLAnalyticsSettings = new SecurityMLAnalyticsSettingsImpl( this ); @@ -252,6 +277,9 @@ export class SecurityInsights extends coreClient.ServiceClient { alertRules: AlertRules; actions: Actions; alertRuleTemplates: AlertRuleTemplates; + triggeredAnalyticsRuleRunOperations: TriggeredAnalyticsRuleRunOperations; + getTriggeredAnalyticsRuleRuns: GetTriggeredAnalyticsRuleRuns; + alertRuleOperations: AlertRuleOperations; automationRules: AutomationRules; incidents: Incidents; bookmarks: Bookmarks; @@ -268,9 +296,13 @@ export class SecurityInsights extends coreClient.ServiceClient { fileImports: FileImports; incidentComments: IncidentComments; incidentRelations: IncidentRelations; + incidentTasks: IncidentTasks; metadata: Metadata; officeConsents: OfficeConsents; sentinelOnboardingStates: SentinelOnboardingStates; + getRecommendations: GetRecommendations; + get: Get; + update: Update; securityMLAnalyticsSettings: SecurityMLAnalyticsSettings; productSettings: ProductSettings; sourceControlOperations: SourceControlOperations; diff --git a/sdk/securityinsight/arm-securityinsight/test/sampleTest.ts b/sdk/securityinsight/arm-securityinsight/test/sampleTest.ts new file mode 100644 index 000000000000..25aeb3ebcc36 --- /dev/null +++ b/sdk/securityinsight/arm-securityinsight/test/sampleTest.ts @@ -0,0 +1,43 @@ +/* + * Copyright (c) Microsoft Corporation. + * Licensed under the MIT License. + * + * Code generated by Microsoft (R) AutoRest Code Generator. + * Changes may cause incorrect behavior and will be lost if the code is regenerated. + */ + +import { + Recorder, + RecorderStartOptions, + env +} from "@azure-tools/test-recorder"; +import { assert } from "chai"; +import { Context } from "mocha"; + +const replaceableVariables: Record = { + AZURE_CLIENT_ID: "azure_client_id", + AZURE_CLIENT_SECRET: "azure_client_secret", + AZURE_TENANT_ID: "88888888-8888-8888-8888-888888888888", + SUBSCRIPTION_ID: "azure_subscription_id" +}; + +const recorderOptions: RecorderStartOptions = { + envSetupForPlayback: replaceableVariables +}; + +describe("My test", () => { + let recorder: Recorder; + + beforeEach(async function(this: Context) { + recorder = new Recorder(this.currentTest); + await recorder.start(recorderOptions); + }); + + afterEach(async function() { + await recorder.stop(); + }); + + it("sample test", async function() { + console.log("Hi, I'm a test!"); + }); +}); diff --git a/sdk/securityinsight/arm-securityinsight/tsconfig.json b/sdk/securityinsight/arm-securityinsight/tsconfig.json index 6c7875caddba..3e6ae96443f3 100644 --- a/sdk/securityinsight/arm-securityinsight/tsconfig.json +++ b/sdk/securityinsight/arm-securityinsight/tsconfig.json @@ -15,17 +15,11 @@ ], "declaration": true, "outDir": "./dist-esm", - "importHelpers": true, - "paths": { - "@azure/arm-securityinsight": [ - "./src/index" - ] - } + "importHelpers": true }, "include": [ "./src/**/*.ts", - "./test/**/*.ts", - "samples-dev/**/*.ts" + "./test/**/*.ts" ], "exclude": [ "node_modules"